Solved

NATIVE VLAN ISSUE

Posted on 2013-11-13
3
339 Views
Last Modified: 2013-11-18
IF  a Trunk link connected to a server is using native Vlan 500 however the uplink to the Core for this switch is using native Vlan 90 would traffic originating as untagged pass thru to the uplink Trunk and be routed in the Core.

Effectively the traffic enters the ToR switch as untagged and it needs to be routed hence it is directed out the uplink trunk to the core.  Since the uplink tags Vlan 500 and the traffic originated as untagged will the traffic get tagged as it passed out the uplink  trunk??
0
Comment
Question by:sectel
3 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 39646981
Is this server hosting other servers eg hyperv or vmware. If so, there should already be tagging done on the NIC of the server.

The switch may forward or drop the packet (default action) depending on if "vlan dot1q tag native" is configured or not. Vlan prunning or allowed vlan configuration also may have inpact.

It is safer to have the switch drop untagged packets to prevent double-encapsulation attacks.

http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l2/vlan_dot1Q_tag_native.html

https://supportforums.cisco.com/thread/2217944

I hope I understood your question correctly and if so, I hope this helps
0
 
LVL 4

Expert Comment

by:askincakir
ID: 39647468
Hi,
Native Vlan config is in trunk port base. In one trunk port may be 500 in another it may be 100. When data of vlan 500 is passing from the port where the native vlan is 500 it will not be tagged. When the same data is passing from the port here native vlan is 100 , that data will be tagged. There is no any problem in this situation and we are using this in many situation, i mean it is regular issue.

PS: Just please try to do the same native vlan config in both ends of the link. Otherwise you will be faced with VLAN HOPPING issue. Data will still be passed trough the ports but you may have an unexpected problems.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39649185
If traffic isn't tagged on egress from the NIC in the server it will be placed in VLAN 500.  That traffic would still be on VLAN 500 when it goes up to the core.

The native VLAN will only be applied to any traffic which comes IN to the port if it isn't tagged in a specific VLAN.  When that traffic goes out of a port the switch can only encapsulate it in an 802.1q header for the VLAN it was on when it passed through the switch.  It won't put the traffic into a different VLAN.  That would be a massive security issue!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question