Solved

To Trunk or Not to Trunk

Posted on 2012-12-21
24
319 Views
Last Modified: 2013-02-21
I have a lab network with 7 different networks.  The current configuration has each network switch (CISCO 3750G) connect to a core switch (CISCO 3750G) which in turn is connected to an Engineering Router, a test router, and a home router.  Information currently flows properly over all links.  

We use vlans 10 from the networks to the core.  From there, the links to the routers are trunked and new vlans are assigned to each network within the trunk.  For example, one network uses vlan 10 to get to the switch, then uses vlan 6 to travel to its router interface through the trunk.  The router interface is using dot1q 6 on interface fa0/0.6.

My question is, should we, or can we use trunking from the network switch.  If so, can we use a native vlan of 7 and achieve the same result?
0
Comment
Question by:airborne1128
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 6
  • 5
  • +1
24 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713299
Sure. Picture that your network switches each had faculty, staff, and student networks on them. You'd obviously trunk them then to get to the core switch. At that point, unless you need to keep the traffic segregated VLAN-wise, you're already trunking them anyway.
That's how I read your question - if I've misunderstood, my apologies.
As long as your native VLAN definitions match on either end of the trunk links, you should be good.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713332
Ok.  I will try it out.  I am assuming that they cannot all use native vlan 7.  They all have to have there own seperate vlan.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713347
Agreed. Only one native is allowed per trunk, and you can use the native for each of the trunks coming from the network switches. Think of the native vlan as the entity responsible for all untagged traffic on that trunk.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Author Comment

by:airborne1128
ID: 38713380
Ok.  But if I have traffic on my network on vlan 10, how then will it go through native vlan 7?
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713471
you don't want it to be tagged on the way out to the core, do you?
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713581
We have multiple subnets on the networks.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713604
Currently, each 'network' switch hosts multiple subnets, right?
And you use VLAN 10 to send this traffic to the core, correct?
Once on the core switch you then use vlan 6 to traverse to the correct router, from the sound of it.
What would be the difference, then, in replacing VLAN 10 with native VLAN 7?
You can also trunk without native VLANs, you know.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713651
We are trying to duplicate as best as possible the setup in the field.  In the field, they have a single switch using vlan 10, vlan 3, vlan 4 and vlan 99.  The connection to the next hop, port 24 is using trunked native vlan 7 (per instructions from higher).  I do not have any control of the field environment except for what is internal to the switch.  I guess I answered my own question.  But how is outbound Vlan 10 traffic utilizing the native vlan 7 port?
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 38713659
If it's untagged, it proceeds over the trunk like any other traffic.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38713663
And how do I know if it untagged?
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38715786
if you are doing dot1q tagging...just remove it...simply make a trunk and allow vlan through it.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38715867
In the Cisco world they confuse people by using terms like Trunk and Access.  Other switch manufactures like in my case use basic terms 'Tag' (equivilant to Trunk) or 'Untag' (Access).  Thus, you can only have one Access/Untag VLAN on an interface, while you can have multiple Tagged VLANs/Trunks on interface.  Native VLAN are typically untagged packets with no VLAN ID within the packet/frame header.  However, you can still tag packets/frames with Native VLAN IDs.  Native VLAN as you know need to the same on both sides of the uplink trunk port.  Note, all tagged VLAN IDs are applied and removed as a packet/frame enters and leaves an interface.  Meaning the VLAN ID is only valid for a brief period as the packet transverse the interfaces between two switches/devices.  Also when trunking/tagging VLAN IDs both sides need to be tagged with the same VLAN ID, as well.

You can't have a packet tagged with VLAN 10 talk or redirect traffic to native 7.   Other traffic may use Native VLAN 7 to communicate, but that's independent of other VLANs.  All L2/3 networks need to line up with there respective VLANs IDs to affectively communicate.  Layer 2/3 VLAN 10 traffic will not transverse over Native VLAN 7 untagged or tagged interface.  It would still require VLAN 10 to be tagged/trunked on the uplink interface between the switches and then tagged or Untagged (Access) VLAN 10 to other switch interface(s) to pass traffic through to endpoint device(s).   Otherwise, the packets/frames will be dropped given the lack of having a destination.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38715880
Ok.  So let me lay it out like this...

LAN switch uses vlan 3 traffic for internal network traffic.  Vlan 10 for traffic destined for another network.  Switch port 24 is currently tagged as vlan 10 which is connected to the core 3750g.  Once there, the vlan for that traffic is changed to a trunked port.  It is using dot1q 6 trunked port to the 2811 router where it accesses port fa0/0.6 trunked port dot1q 6.  

Is this the best way to do this?  From what I am hearing from one side, yes.  But another side says it has to be this way?

I'm getting confused.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38715882
Personally, other than out right confusion, I don't see the point of using different Native VLAN IDs for internal traffic.  The exception for me would be Internet based traffic, where you are connecting to multiple internet service provider (ISP) routers and have a different Native VLAN for each network connecting to a WAN aggregator, Firewall, Load Balancer, or other L3 routing device; which I use in my environment.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38715888
We use vlan 3 for internal traffic as it is traffic that we do not and cannot allow of the internal network.  As for the other vlans, well...each of the 6 LAN's utilizes the same vlan structure.  This is a lab and we have 3 field networks  on the engineering side and 3 duplicate networks on the test side.  The engineering side mirrors the engineering side where there are LAN a, LAN B, and LAN C on each.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38716226
A network diagram would help better depict your network topology.  Can you please provide one?
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38721517
Here is a basic network diagram...
FOR-HELP.vsd
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38721728
If you don't please post the diagram as a image file .jpg vs. Visio.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38721788
As a jpg...
FOR-HELP.jpg
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38727864
Any thoughts?
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 38727882
reviewing...
0
 
LVL 8

Accepted Solution

by:
gsmartin earned 500 total points
ID: 38729073
As you know, a Native VLAN is not tagged. Packets egressing a port with a Native VLAN of 7 will be untagged.  Incoming untagged packets on a port with a Native VLAN of 7 will be handled as part of VLAN 7.  Meaning if the packets needed to be forwarded out another trunk with a different native VLAN, they would need to be tagged with VLAN 7 at that point.  This would be the same for your other Native VLAN IDs.  Note both end points will need to have the same Native VLAN configured per trunk.  

Also, you need to make sure all of the respective VLANs for each trunk our allowed for each of the VLAN (X,Y,Z) networks including the Native VLAN.


To change a Native VLAN on a port, you would use the "switchport trunk native vlan x" and each trunk can have a different native VLAN, it is not a global configuration.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38741459
Ok...I tried to set up a trunk from one LAN through to the router...I failed appearently.  This is what I tried.

On the local LAN...(This is a 2960 BTW...)

int gi0/7
description FRC_ENG
Switchport trunk native vlan 3
switchport mode trunk

vlan 3
no ip address

On the Core Switch...(3750G)

int gi1/0/1
description FRC_ENG
switchport encapsulation dot1q
switchport mode trunk
(I also tried with switchport trunk native vlan 3)


vlan 3
no ip address



On the ENG Router (2811)

int fa0/0.3
description FRC_ENG_INTERFACE
encapsulation dot1q 3
ip address 192.168.100.3 255.255.255.192





This did not work.  What am I missing?
0
 
LVL 6

Author Closing Comment

by:airborne1128
ID: 38914698
It turns out that I am unable to do this.  We have 6 different networks with the same vlan scheme and running port security.  We cannot trunk to a single switch using the same vlans.

I am awarding the points for the effort.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question