802.1Q Trunk and Native Vlan

In this topic i assume that you know the basics of Vlan. In this diagram

i have two switches connected to PCs. I also have created two vlans( vlan 10 and vlan 20). There is a third vlan (vlan 1) which i didn’t create but it comes with the switch by default.

Now i am going to give you a test question. If PC2 wants to send a frame to PC4. How SW1 and SW2 will handle the frame as it passes the link between the switches ?

If there is no configuration on the ports that connect SW1 and SW2. Those ports will be considered as part of vlan 1 and therefore can only pass vlan 1 traffic. In order to have multiple vlan traffic over the link between SW1 and SW2 we have to configure those ports as Trunk ports.

So a port that can carry multiple vlan traffic is called a Trunk Port.

A Trunk link is a link between two trunk ports or to be exact a point-to-point link between two switches, between a switch and a router or between a switch and a server.

Now we have the trunk port configured on SW1 and SW2. If PC2 send a frame to PC4. The frame will arrive to SW1 and SW1 will send the frame over the trunk link to SW2. We know that the frame belong to vlan 10 because PC2 send it, but how the SW2 will know that the frame belong to vlan 10. The answer to this question is SW2 knows which vlan the frame belong because SW1 has added the Vlan number to the frame. Now the question we can ask is what mecanism is used by SW1 to add vlan number to the frame. The answer is, there are two protocols that can be configured when we create the trunk port. The first protocol is called ISL(Inter-Switch Link). The second protocol is called 802.1Q.

Both protocols help the switch add a vlan number to the frame. But there are some difference between the two protocols. First ISL is developped by cisco (work only on cisco switches), however 802.1Q is a standard protocol (work on all the switches).

ISL protocol encaspsulate the frame by adding a 26 bytes header and the FCS(Frame Sequence

Check) like you see below.

ISL header 26 bytes (contain Vlan ID)

Frame

FCS

802.1Q protocol doesn’t encapsulate the frame. It just insert a 4 bytes tag right after the source mac address. As you see below

Below is the command you need to tell a switch port to use ISL or 802.1Q.

Switch(config)# interface fastethernet 0/1

Switch(config-if)# switchport trunk encapsulation isl //using ISL

Switch(config-if)# switchport trunk encapsulation dot1q // using 802.1Q

This two protocols are only used by the switches on their trunk port.

For example if PC2 send a frame to PC4, Since the frame is destined to a device not connected to SW1. So when the frame arrive to SW1, it will add the vlan number depending on the protocol used(ISL or 802.1Q). Then SW1 will send the frame over the trunk link to SW2. When SW2 receives the frame, it will examine it and see that the frame is for vlan 10. But right before SW2 send the frame to the intended device it will remove the ISL or 802.1Q information. Because devices connected to the switch usually don’t understand ISL nor 802.1Q.

Now let’s talk about Native Vlan.

Note : This concept of Native vlan is only used by 802.1Q protocol.

The Native vlan is a vlan that the switch doesn ‘t add vlan information on the frame. By default Vlan 1 is the Native vlan on a switch, but if you want you can change it. So with 802.1Q, a frame sent over the trunk link without vlan information is considered as part of the native vlan.

Where this concept of native vlan comes from ?

As you see in this figure

i have a Hub between the two switches(SW1 and SW2). You may be wondering what the Hub is doing there? You’re right, we don’t use hubs anymore. What i show you in this figure used to be a good pratice back in a days. Because Switches when they first came used to cost lot of money. So to avoid spending to much lot of companies used to put hub between switches.

So let’s take a look at this scenario. If PC1 send a frame to PC7. When the frame arrives to SW1, it will see that the frame belong to vlan 1 which is the Native vlan. So SW1 will not add vlan information, it will just send the frame over the trunk link. When the frame arrives to the Hub, it will just foward it out all its ports and PC7 finally gets it.

Now if PC3 send a frame to PC6. When SW1 receives the frame, it will add the 802.1q tag and send it over the trunk link. The hub receives the frame with the 802.1q tag and send it out all its ports. So PC7 will get the frame but will drop it because PC7 doesn’t understand the 802.1q tag. So to resolve this problem we have to put all PCs connected to the hub to the native vlan which is vlan1.

This is the reason why the native vlan has to be the same on to the connected trunk ports.

If you mismatch the native vlan on the trunk link. For example if i configure the trunk port of SW1 to native vlan 10 and i configure the trunk port of SW2 to native vlan 20. I will have a native vlan mismatch on the trunk link. So what is going to happen is if i send a vlan 10 frame to SW1, it will send that frame to SW2 without the vlan information, and when SW2 receives the frame and see that this frame doesn’t have 802.1q tag, SW2 will assume that this frame belong to the native vlan. Guess what, the native for SW2 is not vlan 10 but Vlan 20. So SW2 will forward the frame to vlan 20 and therefore this frame never gets to the intended device. So just be careful when configuring the native vlan .

Now let’s configure the Switches(SW1 and SW2).

SW1 configuration

SW1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

!Create the vlan

SW1(config)#vlan 10

SW1(config-vlan)#exit

SW1(config)#vlan 20

SW1(config-vlan)#exit

!Assign ports to the vlans

SW1(config)#interface fa0/12

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 10

SW1(config-if)#exit

SW1(config)#interface fa0/13

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 20

SW1(config-if)#exit

!Configure the Trunk port using 802.1Q protocol

SW1(config)#interface fa0/1

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW2 configuration

SW2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

!Create the vlan

SW2(config)#vlan 10

SW2(config-vlan)#exit

SW2(config)#vlan 20

SW2(config-vlan)#exit

!Assign ports to the vlans

SW2(config)#interface fa0/14

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 10

SW2(config-if)#exit

SW2(config)#interface fa0/15

SW2(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 20

SW2(config-if)#exit

!Configure the Trunk port using 802.1Q protocol

SW2(config)#interface fa0/1

SW2(config-if)#switchport trunk encapsulation dot1q

SW2(config-if)#switchport mode trunk

Let’s verify the trunk configuration on the switches

SW1#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-1005

Port Vlans allowed and active in management domain

Fa0/1 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10,20

SW2#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-1005

Port Vlans allowed and active in management domain

Fa0/1 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10,20

As you see on both switches, it says Encapsulation 802.1Q. That mean we are using 802.1Q protocol, Status is trunking and the native vlan is vlan 1.

Now let’s play with the native vlan configuration.

From SW1

SW1(config)#interface fa0/1

SW1(config)#switchport trunk native vlan 10

SW1(config-if)#

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (10), with SW2 FastEthernet0/1 (1).

From SW2

SW2(config)#interface fa0/1

SW2(config-if)#switchport trunk native vlan 20

SW2(config-if)#

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (20), with SW1 FastEthernet0/1 (10).

As you see both Switches are telling us that there is a native vlan mismatch discovered on their trunk port by CDP(Cisco Discovery Protocol). So now if you are seeing this kind of message on your switches, you should know what to do. Just configure the same native vlan number on both end of the trunk link.

Where the native vlan is used in today networking ?

The native vlan is used by some protocols like CDP (Cisco Discovery Protocol), STP (Spanning Tree Protocol) etc… The native is also used in Voice over IP.

Force the Switch to tag the Native Vlan frame

On some switches you can tell them to tag the Native Vlan frame by using the command below from the global configuration.

Switch(config)#vlan dot1q tag native

Page updated

Google Sites

Report abuse