Link to home
Create AccountLog in
Avatar of Glen Krinsky
Glen KrinskyFlag for United States of America

asked on

To Trunk or Not to Trunk

I have a lab network with 7 different networks.  The current configuration has each network switch (CISCO 3750G) connect to a core switch (CISCO 3750G) which in turn is connected to an Engineering Router, a test router, and a home router.  Information currently flows properly over all links.  

We use vlans 10 from the networks to the core.  From there, the links to the routers are trunked and new vlans are assigned to each network within the trunk.  For example, one network uses vlan 10 to get to the switch, then uses vlan 6 to travel to its router interface through the trunk.  The router interface is using dot1q 6 on interface fa0/0.6.

My question is, should we, or can we use trunking from the network switch.  If so, can we use a native vlan of 7 and achieve the same result?
Avatar of rharland2009

Sure. Picture that your network switches each had faculty, staff, and student networks on them. You'd obviously trunk them then to get to the core switch. At that point, unless you need to keep the traffic segregated VLAN-wise, you're already trunking them anyway.
That's how I read your question - if I've misunderstood, my apologies.
As long as your native VLAN definitions match on either end of the trunk links, you should be good.
Avatar of Glen Krinsky


Ok.  I will try it out.  I am assuming that they cannot all use native vlan 7.  They all have to have there own seperate vlan.
Agreed. Only one native is allowed per trunk, and you can use the native for each of the trunks coming from the network switches. Think of the native vlan as the entity responsible for all untagged traffic on that trunk.
Ok.  But if I have traffic on my network on vlan 10, how then will it go through native vlan 7?
you don't want it to be tagged on the way out to the core, do you?
We have multiple subnets on the networks.
Currently, each 'network' switch hosts multiple subnets, right?
And you use VLAN 10 to send this traffic to the core, correct?
Once on the core switch you then use vlan 6 to traverse to the correct router, from the sound of it.
What would be the difference, then, in replacing VLAN 10 with native VLAN 7?
You can also trunk without native VLANs, you know.
We are trying to duplicate as best as possible the setup in the field.  In the field, they have a single switch using vlan 10, vlan 3, vlan 4 and vlan 99.  The connection to the next hop, port 24 is using trunked native vlan 7 (per instructions from higher).  I do not have any control of the field environment except for what is internal to the switch.  I guess I answered my own question.  But how is outbound Vlan 10 traffic utilizing the native vlan 7 port?
If it's untagged, it proceeds over the trunk like any other traffic.
And how do I know if it untagged?
Avatar of Sandeep Gupta
if you are doing dot1q tagging...just remove it...simply make a trunk and allow vlan through it.
In the Cisco world they confuse people by using terms like Trunk and Access.  Other switch manufactures like in my case use basic terms 'Tag' (equivilant to Trunk) or 'Untag' (Access).  Thus, you can only have one Access/Untag VLAN on an interface, while you can have multiple Tagged VLANs/Trunks on interface.  Native VLAN are typically untagged packets with no VLAN ID within the packet/frame header.  However, you can still tag packets/frames with Native VLAN IDs.  Native VLAN as you know need to the same on both sides of the uplink trunk port.  Note, all tagged VLAN IDs are applied and removed as a packet/frame enters and leaves an interface.  Meaning the VLAN ID is only valid for a brief period as the packet transverse the interfaces between two switches/devices.  Also when trunking/tagging VLAN IDs both sides need to be tagged with the same VLAN ID, as well.

You can't have a packet tagged with VLAN 10 talk or redirect traffic to native 7.   Other traffic may use Native VLAN 7 to communicate, but that's independent of other VLANs.  All L2/3 networks need to line up with there respective VLANs IDs to affectively communicate.  Layer 2/3 VLAN 10 traffic will not transverse over Native VLAN 7 untagged or tagged interface.  It would still require VLAN 10 to be tagged/trunked on the uplink interface between the switches and then tagged or Untagged (Access) VLAN 10 to other switch interface(s) to pass traffic through to endpoint device(s).   Otherwise, the packets/frames will be dropped given the lack of having a destination.
Ok.  So let me lay it out like this...

LAN switch uses vlan 3 traffic for internal network traffic.  Vlan 10 for traffic destined for another network.  Switch port 24 is currently tagged as vlan 10 which is connected to the core 3750g.  Once there, the vlan for that traffic is changed to a trunked port.  It is using dot1q 6 trunked port to the 2811 router where it accesses port fa0/0.6 trunked port dot1q 6.  

Is this the best way to do this?  From what I am hearing from one side, yes.  But another side says it has to be this way?

I'm getting confused.
Personally, other than out right confusion, I don't see the point of using different Native VLAN IDs for internal traffic.  The exception for me would be Internet based traffic, where you are connecting to multiple internet service provider (ISP) routers and have a different Native VLAN for each network connecting to a WAN aggregator, Firewall, Load Balancer, or other L3 routing device; which I use in my environment.
We use vlan 3 for internal traffic as it is traffic that we do not and cannot allow of the internal network.  As for the other vlans, well...each of the 6 LAN's utilizes the same vlan structure.  This is a lab and we have 3 field networks  on the engineering side and 3 duplicate networks on the test side.  The engineering side mirrors the engineering side where there are LAN a, LAN B, and LAN C on each.
A network diagram would help better depict your network topology.  Can you please provide one?
Here is a basic network diagram...
If you don't please post the diagram as a image file .jpg vs. Visio.
As a jpg...
Any thoughts?
Avatar of gsmartin
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Ok...I tried to set up a trunk from one LAN through to the router...I failed appearently.  This is what I tried.

On the local LAN...(This is a 2960 BTW...)

int gi0/7
description FRC_ENG
Switchport trunk native vlan 3
switchport mode trunk

vlan 3
no ip address

On the Core Switch...(3750G)

int gi1/0/1
description FRC_ENG
switchport encapsulation dot1q
switchport mode trunk
(I also tried with switchport trunk native vlan 3)

vlan 3
no ip address

On the ENG Router (2811)

int fa0/0.3
encapsulation dot1q 3
ip address

This did not work.  What am I missing?
It turns out that I am unable to do this.  We have 6 different networks with the same vlan scheme and running port security.  We cannot trunk to a single switch using the same vlans.

I am awarding the points for the effort.