Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

To Trunk or Not to Trunk

Posted on 2012-12-21
24
Medium Priority
?
322 Views
Last Modified: 2013-02-21
I have a lab network with 7 different networks.  The current configuration has each network switch (CISCO 3750G) connect to a core switch (CISCO 3750G) which in turn is connected to an Engineering Router, a test router, and a home router.  Information currently flows properly over all links.  

We use vlans 10 from the networks to the core.  From there, the links to the routers are trunked and new vlans are assigned to each network within the trunk.  For example, one network uses vlan 10 to get to the switch, then uses vlan 6 to travel to its router interface through the trunk.  The router interface is using dot1q 6 on interface fa0/0.6.

My question is, should we, or can we use trunking from the network switch.  If so, can we use a native vlan of 7 and achieve the same result?
0
Comment
Question by:airborne1128
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 6
  • 5
  • +1
24 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713299
Sure. Picture that your network switches each had faculty, staff, and student networks on them. You'd obviously trunk them then to get to the core switch. At that point, unless you need to keep the traffic segregated VLAN-wise, you're already trunking them anyway.
That's how I read your question - if I've misunderstood, my apologies.
As long as your native VLAN definitions match on either end of the trunk links, you should be good.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713332
Ok.  I will try it out.  I am assuming that they cannot all use native vlan 7.  They all have to have there own seperate vlan.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713347
Agreed. Only one native is allowed per trunk, and you can use the native for each of the trunks coming from the network switches. Think of the native vlan as the entity responsible for all untagged traffic on that trunk.
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 
LVL 6

Author Comment

by:airborne1128
ID: 38713380
Ok.  But if I have traffic on my network on vlan 10, how then will it go through native vlan 7?
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713471
you don't want it to be tagged on the way out to the core, do you?
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713581
We have multiple subnets on the networks.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713604
Currently, each 'network' switch hosts multiple subnets, right?
And you use VLAN 10 to send this traffic to the core, correct?
Once on the core switch you then use vlan 6 to traverse to the correct router, from the sound of it.
What would be the difference, then, in replacing VLAN 10 with native VLAN 7?
You can also trunk without native VLANs, you know.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713651
We are trying to duplicate as best as possible the setup in the field.  In the field, they have a single switch using vlan 10, vlan 3, vlan 4 and vlan 99.  The connection to the next hop, port 24 is using trunked native vlan 7 (per instructions from higher).  I do not have any control of the field environment except for what is internal to the switch.  I guess I answered my own question.  But how is outbound Vlan 10 traffic utilizing the native vlan 7 port?
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713659
If it's untagged, it proceeds over the trunk like any other traffic.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713663
And how do I know if it untagged?
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38715786
if you are doing dot1q tagging...just remove it...simply make a trunk and allow vlan through it.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38715867
In the Cisco world they confuse people by using terms like Trunk and Access.  Other switch manufactures like in my case use basic terms 'Tag' (equivilant to Trunk) or 'Untag' (Access).  Thus, you can only have one Access/Untag VLAN on an interface, while you can have multiple Tagged VLANs/Trunks on interface.  Native VLAN are typically untagged packets with no VLAN ID within the packet/frame header.  However, you can still tag packets/frames with Native VLAN IDs.  Native VLAN as you know need to the same on both sides of the uplink trunk port.  Note, all tagged VLAN IDs are applied and removed as a packet/frame enters and leaves an interface.  Meaning the VLAN ID is only valid for a brief period as the packet transverse the interfaces between two switches/devices.  Also when trunking/tagging VLAN IDs both sides need to be tagged with the same VLAN ID, as well.

You can't have a packet tagged with VLAN 10 talk or redirect traffic to native 7.   Other traffic may use Native VLAN 7 to communicate, but that's independent of other VLANs.  All L2/3 networks need to line up with there respective VLANs IDs to affectively communicate.  Layer 2/3 VLAN 10 traffic will not transverse over Native VLAN 7 untagged or tagged interface.  It would still require VLAN 10 to be tagged/trunked on the uplink interface between the switches and then tagged or Untagged (Access) VLAN 10 to other switch interface(s) to pass traffic through to endpoint device(s).   Otherwise, the packets/frames will be dropped given the lack of having a destination.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38715880
Ok.  So let me lay it out like this...

LAN switch uses vlan 3 traffic for internal network traffic.  Vlan 10 for traffic destined for another network.  Switch port 24 is currently tagged as vlan 10 which is connected to the core 3750g.  Once there, the vlan for that traffic is changed to a trunked port.  It is using dot1q 6 trunked port to the 2811 router where it accesses port fa0/0.6 trunked port dot1q 6.  

Is this the best way to do this?  From what I am hearing from one side, yes.  But another side says it has to be this way?

I'm getting confused.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38715882
Personally, other than out right confusion, I don't see the point of using different Native VLAN IDs for internal traffic.  The exception for me would be Internet based traffic, where you are connecting to multiple internet service provider (ISP) routers and have a different Native VLAN for each network connecting to a WAN aggregator, Firewall, Load Balancer, or other L3 routing device; which I use in my environment.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38715888
We use vlan 3 for internal traffic as it is traffic that we do not and cannot allow of the internal network.  As for the other vlans, well...each of the 6 LAN's utilizes the same vlan structure.  This is a lab and we have 3 field networks  on the engineering side and 3 duplicate networks on the test side.  The engineering side mirrors the engineering side where there are LAN a, LAN B, and LAN C on each.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38716226
A network diagram would help better depict your network topology.  Can you please provide one?
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38721517
Here is a basic network diagram...
FOR-HELP.vsd
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38721728
If you don't please post the diagram as a image file .jpg vs. Visio.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38721788
As a jpg...
FOR-HELP.jpg
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38727864
Any thoughts?
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38727882
reviewing...
0
 
LVL 8

Accepted Solution

by:
gsmartin earned 1000 total points
ID: 38729073
As you know, a Native VLAN is not tagged. Packets egressing a port with a Native VLAN of 7 will be untagged.  Incoming untagged packets on a port with a Native VLAN of 7 will be handled as part of VLAN 7.  Meaning if the packets needed to be forwarded out another trunk with a different native VLAN, they would need to be tagged with VLAN 7 at that point.  This would be the same for your other Native VLAN IDs.  Note both end points will need to have the same Native VLAN configured per trunk.  

Also, you need to make sure all of the respective VLANs for each trunk our allowed for each of the VLAN (X,Y,Z) networks including the Native VLAN.


To change a Native VLAN on a port, you would use the "switchport trunk native vlan x" and each trunk can have a different native VLAN, it is not a global configuration.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38741459
Ok...I tried to set up a trunk from one LAN through to the router...I failed appearently.  This is what I tried.

On the local LAN...(This is a 2960 BTW...)

int gi0/7
description FRC_ENG
Switchport trunk native vlan 3
switchport mode trunk

vlan 3
no ip address

On the Core Switch...(3750G)

int gi1/0/1
description FRC_ENG
switchport encapsulation dot1q
switchport mode trunk
(I also tried with switchport trunk native vlan 3)


vlan 3
no ip address



On the ENG Router (2811)

int fa0/0.3
description FRC_ENG_INTERFACE
encapsulation dot1q 3
ip address 192.168.100.3 255.255.255.192





This did not work.  What am I missing?
0
 
LVL 6

Author Closing Comment

by:airborne1128
ID: 38914698
It turns out that I am unable to do this.  We have 6 different networks with the same vlan scheme and running port security.  We cannot trunk to a single switch using the same vlans.

I am awarding the points for the effort.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question