Solved

To Trunk or Not to Trunk

Posted on 2012-12-21
24
313 Views
Last Modified: 2013-02-21
I have a lab network with 7 different networks.  The current configuration has each network switch (CISCO 3750G) connect to a core switch (CISCO 3750G) which in turn is connected to an Engineering Router, a test router, and a home router.  Information currently flows properly over all links.  

We use vlans 10 from the networks to the core.  From there, the links to the routers are trunked and new vlans are assigned to each network within the trunk.  For example, one network uses vlan 10 to get to the switch, then uses vlan 6 to travel to its router interface through the trunk.  The router interface is using dot1q 6 on interface fa0/0.6.

My question is, should we, or can we use trunking from the network switch.  If so, can we use a native vlan of 7 and achieve the same result?
0
Comment
Question by:airborne1128
  • 12
  • 6
  • 5
  • +1
24 Comments
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
Sure. Picture that your network switches each had faculty, staff, and student networks on them. You'd obviously trunk them then to get to the core switch. At that point, unless you need to keep the traffic segregated VLAN-wise, you're already trunking them anyway.
That's how I read your question - if I've misunderstood, my apologies.
As long as your native VLAN definitions match on either end of the trunk links, you should be good.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Ok.  I will try it out.  I am assuming that they cannot all use native vlan 7.  They all have to have there own seperate vlan.
0
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
Agreed. Only one native is allowed per trunk, and you can use the native for each of the trunks coming from the network switches. Think of the native vlan as the entity responsible for all untagged traffic on that trunk.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Ok.  But if I have traffic on my network on vlan 10, how then will it go through native vlan 7?
0
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
you don't want it to be tagged on the way out to the core, do you?
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
We have multiple subnets on the networks.
0
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
Currently, each 'network' switch hosts multiple subnets, right?
And you use VLAN 10 to send this traffic to the core, correct?
Once on the core switch you then use vlan 6 to traverse to the correct router, from the sound of it.
What would be the difference, then, in replacing VLAN 10 with native VLAN 7?
You can also trunk without native VLANs, you know.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
We are trying to duplicate as best as possible the setup in the field.  In the field, they have a single switch using vlan 10, vlan 3, vlan 4 and vlan 99.  The connection to the next hop, port 24 is using trunked native vlan 7 (per instructions from higher).  I do not have any control of the field environment except for what is internal to the switch.  I guess I answered my own question.  But how is outbound Vlan 10 traffic utilizing the native vlan 7 port?
0
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
If it's untagged, it proceeds over the trunk like any other traffic.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
And how do I know if it untagged?
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
Comment Utility
if you are doing dot1q tagging...just remove it...simply make a trunk and allow vlan through it.
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
In the Cisco world they confuse people by using terms like Trunk and Access.  Other switch manufactures like in my case use basic terms 'Tag' (equivilant to Trunk) or 'Untag' (Access).  Thus, you can only have one Access/Untag VLAN on an interface, while you can have multiple Tagged VLANs/Trunks on interface.  Native VLAN are typically untagged packets with no VLAN ID within the packet/frame header.  However, you can still tag packets/frames with Native VLAN IDs.  Native VLAN as you know need to the same on both sides of the uplink trunk port.  Note, all tagged VLAN IDs are applied and removed as a packet/frame enters and leaves an interface.  Meaning the VLAN ID is only valid for a brief period as the packet transverse the interfaces between two switches/devices.  Also when trunking/tagging VLAN IDs both sides need to be tagged with the same VLAN ID, as well.

You can't have a packet tagged with VLAN 10 talk or redirect traffic to native 7.   Other traffic may use Native VLAN 7 to communicate, but that's independent of other VLANs.  All L2/3 networks need to line up with there respective VLANs IDs to affectively communicate.  Layer 2/3 VLAN 10 traffic will not transverse over Native VLAN 7 untagged or tagged interface.  It would still require VLAN 10 to be tagged/trunked on the uplink interface between the switches and then tagged or Untagged (Access) VLAN 10 to other switch interface(s) to pass traffic through to endpoint device(s).   Otherwise, the packets/frames will be dropped given the lack of having a destination.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Ok.  So let me lay it out like this...

LAN switch uses vlan 3 traffic for internal network traffic.  Vlan 10 for traffic destined for another network.  Switch port 24 is currently tagged as vlan 10 which is connected to the core 3750g.  Once there, the vlan for that traffic is changed to a trunked port.  It is using dot1q 6 trunked port to the 2811 router where it accesses port fa0/0.6 trunked port dot1q 6.  

Is this the best way to do this?  From what I am hearing from one side, yes.  But another side says it has to be this way?

I'm getting confused.
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
Personally, other than out right confusion, I don't see the point of using different Native VLAN IDs for internal traffic.  The exception for me would be Internet based traffic, where you are connecting to multiple internet service provider (ISP) routers and have a different Native VLAN for each network connecting to a WAN aggregator, Firewall, Load Balancer, or other L3 routing device; which I use in my environment.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
We use vlan 3 for internal traffic as it is traffic that we do not and cannot allow of the internal network.  As for the other vlans, well...each of the 6 LAN's utilizes the same vlan structure.  This is a lab and we have 3 field networks  on the engineering side and 3 duplicate networks on the test side.  The engineering side mirrors the engineering side where there are LAN a, LAN B, and LAN C on each.
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
A network diagram would help better depict your network topology.  Can you please provide one?
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Here is a basic network diagram...
FOR-HELP.vsd
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
If you don't please post the diagram as a image file .jpg vs. Visio.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
As a jpg...
FOR-HELP.jpg
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Any thoughts?
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
reviewing...
0
 
LVL 8

Accepted Solution

by:
gsmartin earned 500 total points
Comment Utility
As you know, a Native VLAN is not tagged. Packets egressing a port with a Native VLAN of 7 will be untagged.  Incoming untagged packets on a port with a Native VLAN of 7 will be handled as part of VLAN 7.  Meaning if the packets needed to be forwarded out another trunk with a different native VLAN, they would need to be tagged with VLAN 7 at that point.  This would be the same for your other Native VLAN IDs.  Note both end points will need to have the same Native VLAN configured per trunk.  

Also, you need to make sure all of the respective VLANs for each trunk our allowed for each of the VLAN (X,Y,Z) networks including the Native VLAN.


To change a Native VLAN on a port, you would use the "switchport trunk native vlan x" and each trunk can have a different native VLAN, it is not a global configuration.
0
 
LVL 6

Author Comment

by:airborne1128
Comment Utility
Ok...I tried to set up a trunk from one LAN through to the router...I failed appearently.  This is what I tried.

On the local LAN...(This is a 2960 BTW...)

int gi0/7
description FRC_ENG
Switchport trunk native vlan 3
switchport mode trunk

vlan 3
no ip address

On the Core Switch...(3750G)

int gi1/0/1
description FRC_ENG
switchport encapsulation dot1q
switchport mode trunk
(I also tried with switchport trunk native vlan 3)


vlan 3
no ip address



On the ENG Router (2811)

int fa0/0.3
description FRC_ENG_INTERFACE
encapsulation dot1q 3
ip address 192.168.100.3 255.255.255.192





This did not work.  What am I missing?
0
 
LVL 6

Author Closing Comment

by:airborne1128
Comment Utility
It turns out that I am unable to do this.  We have 6 different networks with the same vlan scheme and running port security.  We cannot trunk to a single switch using the same vlans.

I am awarding the points for the effort.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Internet Speed Test 5 65
How to Design STP Loop Free Network 7 56
Cisco layer 3 ring topology 1 51
cisco switch stacking 6 29
There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now