Tagged and Untagged ports

Discussion in 'Cisco' started by sowmyatv, Jan 4, 2008.

  1. sowmyatv

    sowmyatv Guest

    Hi,
    I have the following setup - Cisco 2950 switch, 4 of its ports
    (fa20, 21, 22, 23) are bundled as a port-channel (po1). The po1 is a
    trunk that carries multiple VLANs 3,4,5,6 and is connected to another
    non-cisco switch's port-channel. Another port (fa17) on cisco is an
    access port whose default VLAN is 3. This is the uplink port that goes
    out to the internet.

    Problem : Does not work. Looks like the access port does not know how
    to send the traffic to the po1 and vice versa. Note: If I change the
    port fa17 to be a trunk port and tag it with 3 and pump tagged
    traffic, it works. If I untag both po1 and fa17 and make 3 to be
    default, it works. The problem is only when I have tagging on one side
    and default vlan untagged on the other. Am I missing something here?

    configuration:
    Building configuration...

    Current configuration : 2890 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Switch
    !
    !
    no aaa new-model
    ip subnet-zero
    !
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    interface Port-channel1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 3-6
    switchport mode trunk
    switchport nonegotiate
    !
    interface FastEthernet0/1
    switchport mode dynamic desirable
    !
    interface FastEthernet0/2
    switchport mode dynamic desirable
    !
    interface FastEthernet0/3
    switchport mode dynamic desirable
    !
    interface FastEthernet0/4
    switchport mode dynamic desirable
    !
    interface FastEthernet0/5
    switchport mode dynamic desirable
    !
    interface FastEthernet0/6
    switchport mode dynamic desirable
    !
    interface FastEthernet0/7
    switchport mode dynamic desirable
    !
    interface FastEthernet0/8
    switchport mode dynamic desirable
    !
    interface FastEthernet0/9
    switchport mode dynamic desirable
    !
    interface FastEthernet0/10
    switchport mode dynamic desirable
    !
    interface FastEthernet0/11
    switchport mode dynamic desirable
    !
    interface FastEthernet0/12
    switchport mode dynamic desirable
    !
    interface FastEthernet0/13
    switchport mode dynamic desirable
    !
    interface FastEthernet0/14
    switchport mode dynamic desirable
    !
    interface FastEthernet0/15
    switchport mode dynamic desirable
    !
    interface FastEthernet0/16
    switchport mode dynamic desirable
    !
    interface FastEthernet0/17
    switchport access vlan 3
    switchport mode access
    !
    interface FastEthernet0/18
    switchport mode dynamic desirable
    !
    interface FastEthernet0/19
    switchport mode dynamic desirable
    !
    interface FastEthernet0/20
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 3-6
    switchport mode trunk
    switchport nonegotiate
    channel-protocol lacp
    channel-group 1 mode active
    !
    interface FastEthernet0/21
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 3-6
    switchport mode trunk
    switchport nonegotiate
    channel-protocol lacp
    channel-group 1 mode active
    !
    interface FastEthernet0/22
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 3-6
    switchport mode trunk
    switchport nonegotiate
    channel-protocol lacp
    channel-group 1 mode active
    !
    interface FastEthernet0/23
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 3-6
    switchport mode trunk
    switchport nonegotiate
    channel-protocol lacp
    channel-group 1 mode active
    !
    interface FastEthernet0/24
    switchport mode dynamic desirable
    !
    interface GigabitEthernet0/1
    switchport mode dynamic desirable
    !
    interface GigabitEthernet0/2
    switchport mode dynamic desirable
    !
    interface Vlan1
    no ip address
    !
    interface Vlan4
    no ip address
    !
    interface Vlan5
    no ip address
    !
    interface Vlan6
    no ip address
    !
    ip classless
    ip http server
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 5 15
    !
    !
    end


    Any help is appreciated.

    Thanks
    Sowmya
     
    sowmyatv, Jan 4, 2008
    #1
    1. Advertisements

  2. sowmyatv

    Sam Wilson Guest

    The configuration looks OK for what you describe, though I'd be more
    confident if I knew the LACP was connecting properly, but I'm wondering
    if the non-Cisco switch is doing what you think it is. Here's my guess:

    The fact that the setup works when both ports are untagged means that
    the traffic is arriving *untagged* from the non-Cisco. That means it's
    not arriving as tagged on VLAN 3, it's arriving on the default (native)
    VLAN, VLAN 1 unless you specify otherwise, and you haven't. It works
    when both ports are tagged, but that will be because both ports are
    carrying VLAN 1 untagged.

    I think you need to check the setup of the non-Cisco switch and see what
    VLANs are tagged and untagged on its connection.

    Sam
     
    Sam Wilson, Jan 8, 2008
    #2
    1. Advertisements

  3. sowmyatv

    sowmyatv Guest

    Hi Sam,
    Thanks a lot for the reply. I am trying to isolate the problem. I
    removed the Port-channel from the Cisco, removed the other non-cisco
    switch too.
    I made 1 port on Cisco to be access port and another port to be trunk
    port.

    For eg. fa0/17 - access port - access vlan 101
    fa0/18 - trunk port - allowed vlan 101, dot1q encapsulated,
    trunk mode

    Connect 17 to Host 1 (mimics uplink here)
    Connect 18 to Host 2 (mimics the portchannel in the previous scenario)

    Host 2 has an interface thats tagged on 101 and has an IP say
    192.168.101.100
    Host 1 has an untagged interface that has an IP say 192.168.101.101

    Now I ping from 192.168.101.101 to 192.168.101.100 and vice versa.

    My configuration is

    interface FastEthernet0/17
    switchport access vlan 101
    switchport mode access
    !

    interface FastEthernet0/18
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 101
    switchport mode trunk
    !

    Anything wrong with this config? Why is my ping not working.
    Note: it works if both 17 and 18 are tagged(trunk), or ports 17 and 18
    are untagged(access with default VLAN 101). But not if one tagged and
    one untagged.

    My understanding was that when 17 receives untagged packets from Host
    1, since its default vlan is 101, its supposed to tag it when it sends
    to 18 which is tagged.
    Correct me if wrong. I appreciate ur help.

    thanks
    Sowmya
     
    sowmyatv, Jan 8, 2008
    #3
  4. sowmyatv

    Sam Wilson Guest

    wrote:

    [[ reply also sent by email]]

    Hi Sowmya,
    The problem is that on port 18 with the config above any frame that the
    switch receives untagged is treated as being on VLAN 1, not VLAN 101,
    and any frame that the switch sends out on VLAN 101 is tagged 101 and
    the host (almost certainly) isn't configured to receive (or send) tagged
    frames. So when you try to ping what happens is this

    a) from host 1 (.101) to host 2 (.100):
    - host 1 sends out an untagged frame;
    - switch receives frame on port 17 and marks it internally for VLAN
    101;
    - switch probably doesn't know the MAC address of the target so floods
    it on all other VLAN 101 ports
    - that means port 18, a trunk port, with VLAN 101 tagged, so the
    frame is tagged;
    - host 2 sees a tagged frame for a VLAN that it doesn't recognise and
    discards it

    b) from host 2 (.100) to host 1 (.101)
    - host 2 sends out an untagged frame;
    - switch receives untagged frame on trunk port so assumes it's on the
    native VLAN for that port - since you haven't specified the native
    VLAN that defaults to VLAN 1;
    - since it probably doesn't know the MAC address of the target the
    switch forwards frame to any other port in VLAN 1 - that *doesn't*
    include port 17 which is in VLAN 101

    Does that make sense? If you make both ports access ports in the same
    VLAN all traffic is untagged and everything works OK. If you make both
    ports trunk ports with the same native VLAN (VLAN 1 by default) then
    everything works.

    If you understand that then perhaps we can explore what was going on
    with the link to the other switch.

    Sam
     
    Sam Wilson, Jan 9, 2008
    #4
  5. sowmyatv

    svijay.mail Guest

    Hi Sowmya,

    In the above config can you vlan id 3 is missing can u config the same
    and check it again......

    Regards
    Vijay.S
     
    svijay.mail, Mar 1, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.