1. Home
  2. Cisco Systems
  3. Tagged and Untagged ports

Tagged and Untagged ports

Hi, I have the following setup - Cisco 2950 switch, 4 of its ports (fa20, 21, 22, 23) are bundled as a port-channel (po1). The po1 is a trunk that carries multiple VLANs 3,4,5,6 and is connected to another non-cisco switch's port-channel. Another port (fa17) on cisco is an access port whose default VLAN is 3. This is the uplink port that goes out to the internet.

Problem : Does not work. Looks like the access port does not know how to send the traffic to the po1 and vice versa. Note: If I change the port fa17 to be a trunk port and tag it with 3 and pump tagged traffic, it works. If I untag both po1 and fa17 and make 3 to be default, it works. The problem is only when I have tagging on one side and default vlan untagged on the other. Am I missing something here?

configuration: Building configuration...

Current configuration : 2890 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3-6 switchport mode trunk switchport nonegotiate ! interface FastEthernet0/1 switchport mode dynamic desirable ! interface FastEthernet0/2 switchport mode dynamic desirable ! interface FastEthernet0/3 switchport mode dynamic desirable ! interface FastEthernet0/4 switchport mode dynamic desirable ! interface FastEthernet0/5 switchport mode dynamic desirable ! interface FastEthernet0/6 switchport mode dynamic desirable ! interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 switchport mode dynamic desirable ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable ! interface FastEthernet0/15 switchport mode dynamic desirable ! interface FastEthernet0/16 switchport mode dynamic desirable ! interface FastEthernet0/17 switchport access vlan 3 switchport mode access ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! interface FastEthernet0/20 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3-6 switchport mode trunk switchport nonegotiate channel-protocol lacp channel-group 1 mode active ! interface FastEthernet0/21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3-6 switchport mode trunk switchport nonegotiate channel-protocol lacp channel-group 1 mode active ! interface FastEthernet0/22 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3-6 switchport mode trunk switchport nonegotiate channel-protocol lacp channel-group 1 mode active ! interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3-6 switchport mode trunk switchport nonegotiate channel-protocol lacp channel-group 1 mode active ! interface FastEthernet0/24 switchport mode dynamic desirable ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address ! interface Vlan4 no ip address ! interface Vlan5 no ip address ! interface Vlan6 no ip address ! ip classless ip http server ! ! control-plane ! ! line con 0 line vty 5 15 ! ! end

Any help is appreciated.

Thanks Sowmya

Reply to
sowmyatv
Loading thread data ...

The configuration looks OK for what you describe, though I'd be more confident if I knew the LACP was connecting properly, but I'm wondering if the non-Cisco switch is doing what you think it is. Here's my guess:

The fact that the setup works when both ports are untagged means that the traffic is arriving *untagged* from the non-Cisco. That means it's not arriving as tagged on VLAN 3, it's arriving on the default (native) VLAN, VLAN 1 unless you specify otherwise, and you haven't. It works when both ports are tagged, but that will be because both ports are carrying VLAN 1 untagged.

I think you need to check the setup of the non-Cisco switch and see what VLANs are tagged and untagged on its connection.

Sam

Reply to
Sam Wilson

Hi Sam, Thanks a lot for the reply. I am trying to isolate the problem. I removed the Port-channel from the Cisco, removed the other non-cisco switch too. I made 1 port on Cisco to be access port and another port to be trunk port.

For eg. fa0/17 - access port - access vlan 101 fa0/18 - trunk port - allowed vlan 101, dot1q encapsulated, trunk mode

Connect 17 to Host 1 (mimics uplink here) Connect 18 to Host 2 (mimics the portchannel in the previous scenario)

Host 2 has an interface thats tagged on 101 and has an IP say

192.168.101.100 Host 1 has an untagged interface that has an IP say 192.168.101.101

Now I ping from 192.168.101.101 to 192.168.101.100 and vice versa.

My configuration is

interface FastEthernet0/17 switchport access vlan 101 switchport mode access !

interface FastEthernet0/18 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk !

Anything wrong with this config? Why is my ping not working. Note: it works if both 17 and 18 are tagged(trunk), or ports 17 and 18 are untagged(access with default VLAN 101). But not if one tagged and one untagged.

My understanding was that when 17 receives untagged packets from Host

1, since its default vlan is 101, its supposed to tag it when it sends to 18 which is tagged. Correct me if wrong. I appreciate ur help.

thanks Sowmya

Reply to
sowmyatv
[[ reply also sent by email]]

Hi Sowmya,

The problem is that on port 18 with the config above any frame that the switch receives untagged is treated as being on VLAN 1, not VLAN 101, and any frame that the switch sends out on VLAN 101 is tagged 101 and the host (almost certainly) isn't configured to receive (or send) tagged frames. So when you try to ping what happens is this

a) from host 1 (.101) to host 2 (.100): - host 1 sends out an untagged frame; - switch receives frame on port 17 and marks it internally for VLAN 101; - switch probably doesn't know the MAC address of the target so floods it on all other VLAN 101 ports - that means port 18, a trunk port, with VLAN 101 tagged, so the frame is tagged; - host 2 sees a tagged frame for a VLAN that it doesn't recognise and discards it

b) from host 2 (.100) to host 1 (.101) - host 2 sends out an untagged frame; - switch receives untagged frame on trunk port so assumes it's on the native VLAN for that port - since you haven't specified the native VLAN that defaults to VLAN 1; - since it probably doesn't know the MAC address of the target the switch forwards frame to any other port in VLAN 1 - that *doesn't* include port 17 which is in VLAN 101

Does that make sense? If you make both ports access ports in the same VLAN all traffic is untagged and everything works OK. If you make both ports trunk ports with the same native VLAN (VLAN 1 by default) then everything works.

If you understand that then perhaps we can explore what was going on with the link to the other switch.

Sam

Reply to
Sam Wilson

Hi Sowmya,

In the above config can you vlan id 3 is missing can u config the same and check it again......

Regards Vijay.S

Reply to
svijay.mail

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.