Avatar of Glen Krinsky
Glen Krinsky
Flag for United States of America asked on

To Trunk or Not to Trunk

I have a lab network with 7 different networks.  The current configuration has each network switch (CISCO 3750G) connect to a core switch (CISCO 3750G) which in turn is connected to an Engineering Router, a test router, and a home router.  Information currently flows properly over all links.  

We use vlans 10 from the networks to the core.  From there, the links to the routers are trunked and new vlans are assigned to each network within the trunk.  For example, one network uses vlan 10 to get to the switch, then uses vlan 6 to travel to its router interface through the trunk.  The router interface is using dot1q 6 on interface fa0/0.6.

My question is, should we, or can we use trunking from the network switch.  If so, can we use a native vlan of 7 and achieve the same result?
Network ArchitectureNetwork AnalysisNetwork Operations

Avatar of undefined
Last Comment
Glen Krinsky

8/22/2022 - Mon
rharland2009

Sure. Picture that your network switches each had faculty, staff, and student networks on them. You'd obviously trunk them then to get to the core switch. At that point, unless you need to keep the traffic segregated VLAN-wise, you're already trunking them anyway.
That's how I read your question - if I've misunderstood, my apologies.
As long as your native VLAN definitions match on either end of the trunk links, you should be good.
Glen Krinsky

ASKER
Ok.  I will try it out.  I am assuming that they cannot all use native vlan 7.  They all have to have there own seperate vlan.
rharland2009

Agreed. Only one native is allowed per trunk, and you can use the native for each of the trunks coming from the network switches. Think of the native vlan as the entity responsible for all untagged traffic on that trunk.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Glen Krinsky

ASKER
Ok.  But if I have traffic on my network on vlan 10, how then will it go through native vlan 7?
rharland2009

you don't want it to be tagged on the way out to the core, do you?
Glen Krinsky

ASKER
We have multiple subnets on the networks.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
rharland2009

Currently, each 'network' switch hosts multiple subnets, right?
And you use VLAN 10 to send this traffic to the core, correct?
Once on the core switch you then use vlan 6 to traverse to the correct router, from the sound of it.
What would be the difference, then, in replacing VLAN 10 with native VLAN 7?
You can also trunk without native VLANs, you know.
Glen Krinsky

ASKER
We are trying to duplicate as best as possible the setup in the field.  In the field, they have a single switch using vlan 10, vlan 3, vlan 4 and vlan 99.  The connection to the next hop, port 24 is using trunked native vlan 7 (per instructions from higher).  I do not have any control of the field environment except for what is internal to the switch.  I guess I answered my own question.  But how is outbound Vlan 10 traffic utilizing the native vlan 7 port?
rharland2009

If it's untagged, it proceeds over the trunk like any other traffic.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Glen Krinsky

ASKER
And how do I know if it untagged?
Sandeep Gupta

if you are doing dot1q tagging...just remove it...simply make a trunk and allow vlan through it.
gsmartin

In the Cisco world they confuse people by using terms like Trunk and Access.  Other switch manufactures like in my case use basic terms 'Tag' (equivilant to Trunk) or 'Untag' (Access).  Thus, you can only have one Access/Untag VLAN on an interface, while you can have multiple Tagged VLANs/Trunks on interface.  Native VLAN are typically untagged packets with no VLAN ID within the packet/frame header.  However, you can still tag packets/frames with Native VLAN IDs.  Native VLAN as you know need to the same on both sides of the uplink trunk port.  Note, all tagged VLAN IDs are applied and removed as a packet/frame enters and leaves an interface.  Meaning the VLAN ID is only valid for a brief period as the packet transverse the interfaces between two switches/devices.  Also when trunking/tagging VLAN IDs both sides need to be tagged with the same VLAN ID, as well.

You can't have a packet tagged with VLAN 10 talk or redirect traffic to native 7.   Other traffic may use Native VLAN 7 to communicate, but that's independent of other VLANs.  All L2/3 networks need to line up with there respective VLANs IDs to affectively communicate.  Layer 2/3 VLAN 10 traffic will not transverse over Native VLAN 7 untagged or tagged interface.  It would still require VLAN 10 to be tagged/trunked on the uplink interface between the switches and then tagged or Untagged (Access) VLAN 10 to other switch interface(s) to pass traffic through to endpoint device(s).   Otherwise, the packets/frames will be dropped given the lack of having a destination.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Glen Krinsky

ASKER
Ok.  So let me lay it out like this...

LAN switch uses vlan 3 traffic for internal network traffic.  Vlan 10 for traffic destined for another network.  Switch port 24 is currently tagged as vlan 10 which is connected to the core 3750g.  Once there, the vlan for that traffic is changed to a trunked port.  It is using dot1q 6 trunked port to the 2811 router where it accesses port fa0/0.6 trunked port dot1q 6.  

Is this the best way to do this?  From what I am hearing from one side, yes.  But another side says it has to be this way?

I'm getting confused.
gsmartin

Personally, other than out right confusion, I don't see the point of using different Native VLAN IDs for internal traffic.  The exception for me would be Internet based traffic, where you are connecting to multiple internet service provider (ISP) routers and have a different Native VLAN for each network connecting to a WAN aggregator, Firewall, Load Balancer, or other L3 routing device; which I use in my environment.
Glen Krinsky

ASKER
We use vlan 3 for internal traffic as it is traffic that we do not and cannot allow of the internal network.  As for the other vlans, well...each of the 6 LAN's utilizes the same vlan structure.  This is a lab and we have 3 field networks  on the engineering side and 3 duplicate networks on the test side.  The engineering side mirrors the engineering side where there are LAN a, LAN B, and LAN C on each.
Your help has saved me hundreds of hours of internet surfing.
fblack61
gsmartin

A network diagram would help better depict your network topology.  Can you please provide one?
Glen Krinsky

ASKER
Here is a basic network diagram...
FOR-HELP.vsd
gsmartin

If you don't please post the diagram as a image file .jpg vs. Visio.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Glen Krinsky

ASKER
As a jpg...
FOR-HELP.jpg
Glen Krinsky

ASKER
Any thoughts?
gsmartin

reviewing...
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
gsmartin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Glen Krinsky

ASKER
Ok...I tried to set up a trunk from one LAN through to the router...I failed appearently.  This is what I tried.

On the local LAN...(This is a 2960 BTW...)

int gi0/7
description FRC_ENG
Switchport trunk native vlan 3
switchport mode trunk

vlan 3
no ip address

On the Core Switch...(3750G)

int gi1/0/1
description FRC_ENG
switchport encapsulation dot1q
switchport mode trunk
(I also tried with switchport trunk native vlan 3)


vlan 3
no ip address



On the ENG Router (2811)

int fa0/0.3
description FRC_ENG_INTERFACE
encapsulation dot1q 3
ip address 192.168.100.3 255.255.255.192





This did not work.  What am I missing?
Glen Krinsky

ASKER
It turns out that I am unable to do this.  We have 6 different networks with the same vlan scheme and running port security.  We cannot trunk to a single switch using the same vlans.

I am awarding the points for the effort.