Networking
--
Questions
--
Followers
Top Experts
how a router handles untagged traffic
let's say I have a router on a stick topology with 2 sub-interfaces, representing 2 vlans. Â let's say one of these is untagged. Â When my router receives traffic from the untagged vlan it's going to be expecting a vlan tag per the command encapsulation dot1q. Â I know i can use the command encapsulation dot1q vlan 10 native or whatever. Â My question is that if i didn't tell my router to specifically accept un-tagged traffic would routing work between the 2 vlans? Â If i just set up my sub interfaces to include the subnet of the un-tagged traffic?
One a similar note, at my current job i've been configuring all of our waps as flex-connect where I trunk the ports between the wap and the switch but tell the switch to untag the traffic on the wap subnet (native vlan 200).  On my router i have  a sub-interface that corrensponds to the subnet of my wap (with the command encapsulation dot1q 200).  Routing works fine.  i can ping the waps etc. . I guess my question is why.  The traffic coming from my wap isn't tagged with the vlan id 200 and my router is expecting that vlan tag.  I think i'm confusing myself here.  :)  a little enlightenment would be appreciated.
One a similar note, at my current job i've been configuring all of our waps as flex-connect where I trunk the ports between the wap and the switch but tell the switch to untag the traffic on the wap subnet (native vlan 200).  On my router i have  a sub-interface that corrensponds to the subnet of my wap (with the command encapsulation dot1q 200).  Routing works fine.  i can ping the waps etc. . I guess my question is why.  The traffic coming from my wap isn't tagged with the vlan id 200 and my router is expecting that vlan tag.  I think i'm confusing myself here.  :)  a little enlightenment would be appreciated.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
If the "encap dot1q vlan # native" is not used, then untagged frames are processed by the physical interface. Â If no IP address is assigned to the physical interface, then the packet is dropped.
Let's say that you plug the AP straight into the router. Â If you set the management VLAN to 200 on the AP you would have to set the encapsulation dot1q 200 native command on the router's subinterface.
Now, if you connect the AP to a switch, the switch tags the traffic coming from the AP into VLAN 200 even though you want it untagged. Â The reason it tags the 'untagged' traffic is because the switch needs to know which VLAN the packet is on. Â You could have one port using VLAN 100 as the native VLAN while another port uses VLAN 200 as native. Â Therefore the native (or untagged) parameter merely tells the switchport to accept packets with no VLAN tag coming into that port and put them into the native VLAN, and to strip the VLAN tag for traffic going out of the port on the native VLAN.
This all means that you can use a trunk link between the switch and router with no native VLAN set (in that case VLAN1 would be native) and everything will work.
Make sense?
Now, if you connect the AP to a switch, the switch tags the traffic coming from the AP into VLAN 200 even though you want it untagged. Â The reason it tags the 'untagged' traffic is because the switch needs to know which VLAN the packet is on. Â You could have one port using VLAN 100 as the native VLAN while another port uses VLAN 200 as native. Â Therefore the native (or untagged) parameter merely tells the switchport to accept packets with no VLAN tag coming into that port and put them into the native VLAN, and to strip the VLAN tag for traffic going out of the port on the native VLAN.
This all means that you can use a trunk link between the switch and router with no native VLAN set (in that case VLAN1 would be native) and everything will work.
Make sense?
That's what i was wondering.....if the switch tags the traffic leaving the switch en route to the router.  Makes sense.  However, how does the switch know that the traffic belongs to vlan 200?    I've trunked the port between switch and ap.  so i don't think it could use the vlan.dat files since the port isn't an access port on vlan 200.  does it look at the native vlan 200 command  and know that that un-tagged traffic needs to be tagged as vlan 200 leaving the switch?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
ok. Â i think i understand. Â Thanks so much
Networking
--
Questions
--
Followers
Top Experts
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.