understanding native VLAN

Discussion in 'Cisco' started by spork.sporkman, Sep 24, 2005.

  1. Hi all,

    Before I approach our carrier with this, I want to make sure I've got
    everything straight here...

    The scenario is as follows. We have a 100Mb FE link to ConEdison
    Communications in NYC. This is what they call a "hubbed" connection
    (carryover from telco ds3 "hubbing" I guess). In this case it means
    that on that connection we can order multiple metro ethernet circuits
    to other locations and have them all appear as distinct VLANs. Pretty
    straightforward, right? Our "hub" connection should send/receive
    tagged ethernet frames. ConEd specifies what VLAN ID each remote
    ethernet circuit will have.

    So we brought up our first circuit (to our office). This circuit is
    untagged. They told me it would appear on the other end as VLAN 3264.
    So I put something similar to this in the router at the "hub" end:

    in fa5/0
    no ip address
    duplex full

    in fa5/0.3264
    encapsulation dot1Q 3264
    ip address 10.0.0.1 255.255.255.252

    Then put my laptop at 10.0.0.2/30 and tried pinging 10.0.0.1. Link on
    both sides was up. No ping response, no arp entries on the router.

    After some head-scratching I added "native" to the subinterface above
    and everything worked.

    After reading a bit in the archives here, it sounds like I do need a
    native vlan, no matter whether I want one or not. But the fact that it
    works with the "native" tag really isn't making sense to me. If ConEd
    is expecting tagged packets (with ID 3264) on their side of the 100Mb
    connection and is adding tags on the other end (with ID 3264) why would
    this work?

    Of course now we're up and running on the link, so I'm a little
    hesitant to add a "dummy" subinterface/vlan at the 100Mb end, make it
    native and then remove the "native" directive from subif 3264.

    Any ideas? I'm thinking that perhaps our order got screwed up and our
    100Mb end is not really vlan-enabled. But I'm also a bit stumped on
    what exactly happens with a config such as I've posted above. Am I
    actually sending ANY tagged frames? If tagged frames come in, would I
    see them?

    Thanks,

    Charles
     
    spork.sporkman, Sep 24, 2005
    #1
    1. Advertisements

  2. Hi Charles,

    Using only a native vlan is like using no trunking/tagging at all. You can
    put the ip address on the physical interface and things would work as well.
    What I think they did is configure a trunk on their side of the remote end
    and issue vlan 3264 as their first and native vlan. Adding a second
    "circuit" to the already existing hub connection now only means adding a
    second sub-interface. This is when they actually start tagging frames.
    If tagged frames do come in (with unknown tags, for unknown subinterfaces),
    I guess you'll see them as input errors on your interface.
    If they promised a 802.1q trunk I would leave the config as you have it
    right now. It's a correct configuration and allows for easy additions of new
    vlans.

    Erik
     
    Erik Tamminga, Sep 24, 2005
    #2
    1. Advertisements

  3. Excellent, thanks. I wish I had a better idea of how things work on
    their side. It seems fairly simple - they have about 6 buildings per
    ring with a tiny little Cisco 35xx in each building. They pull the
    fiber to the switch in each building and the GigE (or 10GigE?) loop
    actually goes into then out of each switch. But I'm not sure what gear
    they use to aggregate everything. They do allow me to get a vlan out
    to any port in any building, so I guess we'll just see what happens
    when the next vlan gets turned up.
     
    spork.sporkman, Sep 25, 2005
    #3
  4. spork.sporkman

    peart

    Joined:
    May 29, 2008
    Messages:
    4
    Likes Received:
    0
    peart, May 29, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.