Solved

how a router handles untagged traffic

Posted on 2014-07-27
5
812 Views
Last Modified: 2014-07-28
let's say I have a router on a stick topology with 2 sub-interfaces, representing 2 vlans.  let's say one of these is untagged.  When my router receives traffic from the untagged vlan it's going to be expecting a vlan tag per the command encapsulation dot1q.   I know i can use the command encapsulation dot1q vlan 10 native or whatever.  My question is that if i didn't tell my router to specifically accept un-tagged traffic would routing work between the 2 vlans?  If i just set up my sub interfaces to include the subnet of the un-tagged traffic?

One a similar note, at my current job i've been configuring all of our waps as flex-connect where I trunk the ports between the wap and the switch but tell the switch to untag the traffic on the wap subnet (native vlan 200).   On my router i have  a sub-interface that corrensponds to the subnet of my wap (with the command encapsulation dot1q 200).  Routing works fine.  i can ping the waps etc. . I guess my question is why.  The traffic coming from my wap isn't tagged with the vlan id 200 and my router is expecting that vlan tag.   I think i'm confusing myself here.  :)  a little enlightenment would be appreciated.
0
Comment
Question by:techlinden
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40223189
If the "encap dot1q vlan # native" is not used, then untagged frames are processed by the physical interface.  If no IP address is assigned to the physical interface, then the packet is dropped.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40223592
Let's say that you plug the AP straight into the router.  If you set the management VLAN to 200 on the AP you would have to set the encapsulation dot1q 200 native command on the router's subinterface.

Now, if you connect the AP to a switch, the switch tags the traffic coming from the AP into VLAN 200 even though you want it untagged.  The reason it tags the 'untagged' traffic is because the switch needs to know which VLAN the packet is on.  You could have one port using VLAN 100 as the native VLAN while another port uses VLAN 200 as native.  Therefore the native (or untagged) parameter merely tells the switchport to accept packets with no VLAN tag coming into that port and put them into the native VLAN, and to strip the VLAN tag for traffic going out of the port on the native VLAN.

This all means that you can use a trunk link between the switch and router with no native VLAN set (in that case VLAN1 would be native) and everything will work.

Make sense?
0
 

Author Comment

by:techlinden
ID: 40224301
That's what i was wondering.....if the switch tags the traffic leaving the switch en route to the router.  Makes sense.  However, how does the switch know that the traffic belongs to vlan 200?      I've trunked the port between switch and ap.  so i don't think it could use the vlan.dat files since the port isn't an access port on vlan 200.   does it look at the native vlan 200 command  and know that that un-tagged traffic needs to be tagged as vlan 200 leaving the switch?
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40224665
When a packet with no VLAN tag enters a switchport it is wrapped in 802.1q.  This puts the packet on whichever VLAN is specified as native on that port.  While the packet is in the switch it keeps within that VLAN.  When the packet leaves the switch via a trunk port the packet maintains its VLAN tag if not on the native VLAN as per the trunk port config.  If the packet is on the native VLAN the 802.1q wrapper is stripped and re-applied when the packet enters the receiving switchport.
1
 

Author Comment

by:techlinden
ID: 40224857
ok.  i think i understand.  Thanks so much
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question