WS-C3750X-48T-L and tag native vlan

Similar Messages

• Why dot1Q doesn't tag native vlan?

  Why dot1Q doesn't tag native vlan?
  Is there any reason? Or Is there any advantage with this ?
  Regards,
  Chandu

  Chandu
  The native vlan is there to support connectivity to switches that do not support vlan tagging so that if the switch on the other end of the link cannot interpret frames with vlan tags added it can still process the non tagged native vlan packets.
  Nowadays most, if not all, switches do understand vlan tagging so it is very rare you need it for it's original purpose and you can in fact on a lot of Cisco switches actually tell the switch to tag the native vlan as well.
  Jon

• "vlan dot1q tag native" end-to-end QoS switched network

  Guys,
  Can I use this in my switched network design, (without using 802.1q tunneling as documentation always seems to mention this vlan in a vlan scenario???)
  I have native vlans and I want to act upon the 802.1p CoS field from end-to-end in my switched network. If the packet happens to be in a native vlan, I cannot do this.
  ie
  pc------accessswitch--------distswitch/rtr
  between access and distribution, there is a dot1q trunk, and the native vlan is the vlan what the pc is in
  Choices.
  run this comand vlan dot1q tag native
  dont have a native vlan, ie have vlan 1 (default as native) on the dot1q up to the dist
  or act only upon L3 dscp
  Can anyone help?
  Many thx,
  Ken

  Hi there,
  Many thx for that. This I understand and the question was really, if I wanted to use a dot1p tag in the dot1q header, but the vlan that the PC was on was the same vlan as the native vlan on the dot1q trunk, what is the best option to ensure I can action qos.
  Just trust dscp on the trunks always
  tag the native,
  or just dont run a native vlan
  I hope this makes sense. Sorry if I was a little confusing b4.
  Thx
  Ken

• SG-300 52p POE and the case of Native vlan forgotten on a Port-channel

  Hi
  We have recently changed our access switched to Cisco Small Business SG-300 52p on which is working firmware
  SW version    1.3.5.58
  We found out a very annoying problem on Port-channel and default vlan topic.
  Our switch have a default vlan diffrent to the vlan 1 that depends on the floor they are, and this native vlan is at first defined on the portchannel of our central switch, a Cisco 3750
  Example of a central switch port-channel with a define native vlan:
  interface Port-channel2
  description TO 1F
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 6
  switchport trunk allowed vlan 4-6,11,13
  switchport mode trunk
  on the SG300 side the configuration is this:
  interface Port-channel2
  description 1F
  switchport trunk allowed vlan add 4-5,11,13
  !next command is internal.
  macro auto smartport dynamic_type switch
  As you can see there is no "switchport trunk native vlan 6" simply because the SG300 once i write it on the command line, it accepts the command but the command sentence is not written on the conf (why?!)
  the result is that everytime the SG300 is restarted on the port-channel i got two AUTO CREATED commands on the configuration "
  switchport trunk native vlan 1
  switchport default-vlan tagged
  that let not work the network on that floor until i manually write on the SG300
  no switchport default-vlan tagged
  switchport trunk native vlan 6
  These command, as said, works once i write them but are not viewed on a "sh run" and so saved on the conf so every time SG 300 is restarted i need to re-write them.
  Is this a bug?
  have i made some mistake?
  Please let me know
  regards
  Pietro

  Figure out!
  the problem was on macro i have to write this:
  macro auto processing type switch disabled
  and then everything starts going as it should be
  Regards
  Pietro

• FIP and Native VLAN

  Hello,
  according to documentation, FIP uses native vlan for FCoE VLAN discovery. Is it necessary to trunk native VLAN on the CNA port of a switch facing a server? For example if e1/1 is connected to a host and I'm using VLAN10 for data and VLAN100 for storage, and my native vlan is VLAN1, should the configuration be:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1,10,100
    spanning-tree port type edge trunk
  OR is it sufficient to have:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk allowed vlan 10,100
    spanning-tree port type edge trunk
  Another alternative, which takes into account that host may not tag it's data traffic:
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 10
    switchport trunk allowed vlan 10,100
    spanning-tree port type edge trunk
  Is it really a must to trunk native VLAN? In my lab it works either way.

  FIP VLAN Discovery
  FIP VLAN discovery discovers the FCoE VLAN that will be used by all other FIP protocols as well as by the FCoE encapsulation for Fibre Channel payloads on the established virtual link. One of the goals of FC-BB-5 was to be as nonintrusive as possible on initiators and targets, and therefore FIP VLAN discovery occurs in the native VLAN used by the initiator or target to exchange Ethernet traffic. The FIP VLAN discovery protocol is the only FIP protocol running on the native VLAN; all other FIP protocols run on the discovered FCoE VLANs.
  The ENode sends a FIP VLAN discovery request to a multicast MAC address called All-FCF-MACs, which is a multicast MAC address to which all FCFs listen. All FCFs that can be reached in the native VLAN of the ENode are expected to respond on the same VLAN with a response that lists one or more FCoE VLANs that are available for the ENode's VN_Port login. This protocol has the sole purpose of allowing the ENode to discover all the available FCoE VLANs, and it does not cause the ENode to select an FCF.

• Q-in-Q w/o Native VLAN tag question

  Let's assume that we have Q-in-Q setup between 2 service provider switches.  To run Q-in-Q we want to terminate a trunk into each tunnel port and enable native VLAN tagging to ensure that all customer VLAN's are tagged.  In some cases we may have a customer that wants to connect their own equipment into the tunnel port on our switch, so it wouldn't actually be a trunk - it would be an access port.  If this occurs then there is no inner VLAN tag, only an outer VLAN tag.  Will tunnelling still function properly in this scenario?

  actually this is not true... sorry Kishore 
  Tunneling still works and traffic within the SP core will be singled tagged (with the SP tag only).
  However when you do this you need to be extremely careful specially if you use dot1q trunks in the core with native vlan within the customer range. You might end up in unexpected result in this case.
  See an exmple of a possible issue you might see in this case:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_58_se/configuration/guide/swtunnel.html#wp1008635
  The solution would be to tag native vlan in the SP core or use ISL trunks or use native vlans outside customer range or (logically) use trunk ports on CE device (still paying attention to native vlan though).
  Riccardo

• Trunk Native VLAN

  Don't configure a native VLAN unless you have to. You're increasing you attack surface with the potential of VLAN hopping (Dot1q hopping some call it).
  http://packetlife.net/blog/2010/feb/22/experimenting-vlan-hopping/
  https://en.wikipedia.org/wiki/VLAN_hopping
  Edit:Spelling

  Hello,
  I'm trying to understand better native vlan trunking. Maybe someone can please help explain? I understand trunking and vlans and I know that on the trunked port I can allow whatever vlans I want to and I know that the native vlan carries non tagged frames.
  So for example, if I have say 3 vlans and a native vlan
  vlan 10, vlan 20, vlan 30 and I have the command on the trunked port "switchport trunk allowed vlan 10,20,30"
  so all those vlans will pass on the trunk correct? And native vlan 1 will pass all the telnet, cdp, traffic etc, correct?
  Also how do I change the native vlan?
  Thanks.
  This topic first appeared in the Spiceworks Community

• SG300-28 poor performance other than native vlan.

  We have a single SG300-28 in L2 mode with 1.1.1.8
  3 vlans
  3 virtual interfaces and 1 parent interface configured on the sonic firewall
  Switch(trunk allow all)-->sonic( 1 parent interface and 3 virtual IP's)
  vlan 10  192.168.10.1
  vlan 20  192.168.20.1
  vlan 30  192.168.30.1
  vlan 1   192.168.99.1 (parent interface)
  Cisco switch mgmt IP 192.168.99.2
  When PC connected to access port of switch with pvid ( 10 or 20 or 30) performance to internet is slow.
  When PC connected to access port of switch with pvid ( 1) performance is as expected.
  PC is able to connect to firewall and get DHCP configuration automatically based on the port which vlan is configured.
  We connected PC directtly to firewall and performance is good irrespective whcih vlan tag was set by PC using realtek utilitiy. Based on the tag set
  PC automatically got DHCP IP for that vlan from firewall. This tells us that the performance problem is isolated to Switch.
  Please advise what could be done.
  I will update to 1.1.2 and test out. So far this switch has been  PITA.

  Hi Dave,
                  As per your email I did  within switchperformance for clients in vlan 10 and also native vlan. There is no perfromance difference.
  As per setup couple of ports in access vlan 10,20,30 etc and rest in native. Port 24 which is trunked to allow all vlan is connected to Sonic FW. Please see attached ttcp results and show tech.
  When I say performance to WAN is poor through firewall it means that webpage from speedtest.net is slow and other webistes like gmail load very slowly (almost unusable)
  Thank you,
  Sreenath.

• What is the effect of the command switchport trunk native vlan x

  Hello all,
  I have a SG500 switch. The port Gi0/19 is directly connected to a machine. When i show the running config file i find the following config in the interface gi0/19:
  switchport trunk native vlan 70
  I need to understand this command because i'm a bit confused that i know that only if we have a link between two switch that we put an interface in a trunk mode.
  Please Help :)

  Trunks can carry all the traffic(vlan 70,80,........Including vlan1)
  Access port can only be in one vlan (Say vlan 70)
  So if you configured as trunk and connect the server,  and since native vlan is 70, when traffic is of vlan 70, it will not be tagged so your server can understand it.(Assuming that server do not have the capacity to understand the tagged frames). Traffic in other vlan will also be received by this interface (say vlan 80,....vlan1....) but will be dropped.
  If you configure it as only access and in vlan 70, only untagged vlan 70 traffic will be received on the interface.
  Thanks

• What is AP H-REAP Native Vlan used for?

  We have a few APs - CAP3502 and LAP1242s for the most part - whose H-REAP "Native Vlan" doesn't match the switchport's native vlan.  It appears that the switchport native vlan is what gets used for the AP for DHCP (it gets an AP IP address from that network).  If so, does anyone know what the purpose of specifying the native vlan on the H-REAP config is?  I can think of no useful purpose, but if there is one I'd appreciate anyone who could say.
  Thanks.
  BTW this is on a 5508 controller running 7.0.240.0 code.

  Thanks Scott - further info:  the Vlan Mappings are filled in with the appropriate Vlans, which are separate from the AP native vlan.  In this case vlans 202, 203, 204 and 206 are assigned to various SSIDs and the Native Vlan for the AP is set to 201.  The switchport is set to trunk all vlans and has native vlan 221, and it is from vlan 221 that the AP get's its own IP.
  So on the one hand, if specifying the 'native' vlan were to avoid cases where the wrong vlan was native on the switch (and so, to tell the AP which vlan to use for itself and control traffic), I would expect the AP to have a vlan201 address.
  If on the other hand this is merely a 'documentary' setting to say what the 'native vlan' *should* be, then I would expect the AP to have a vlan221 IP, which it does.
  Just trying to find out if this setting does anything more than document.

• Native vlan

  can anybody told me in detail
  1) what is tagged traffic
  2) what is untagged traffic
  Kindly explain me in term of native vlan... funda

  Over a dot1q trunk, traffic in VLANs other than Native VLAN is tagged with a 4 byte header which has the following fields
  http://www.cisco.com/warp/public/473/741_4.html#topic2
  Native VLAN does not have this tag. Newer switches/IOS does have an option to tag native VLAN as well. The above page has additional info which you will find useful.
  PS:Rate useful posts

• Changing native vlan on running network

  I want to change the native vlan on running network. a network include 30 switches . there is loop free topology .
  unfortunately native vlan is vlan 1 and also management network .
  in my test environment :
   if I go to a switch and change native vlan from 1 to 100  the stp will Block the link for vlan 1 and i lose my access to the switch and then i should go to other side and change the native vlan to 100.
  i just want to know the best practice for this situation.
  Thanks !

  Correct. As soon as you change it to 100, you will lose access to the devices since vlan 1 is used for management.  To shorten the down time, you can create vlan 100 and all the SVIs on all switches ahead of time and than change it form 1 to 100 in a maintenance window.
  HTH

• 3750-x and vlan dot1q tag native command

  Hello,
  I have a 3750-X stack with the following HW & SW revisions:
  Cisco-3750-x-stack>show version
  Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9NPE-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  sCopyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Wed 26-Jun-13 01:47 by prod_rel_team
  ROM: Bootstrap program is C3750E boot loader
  BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
  Cisco-3750-x-stack uptime is 1 day, 6 hours, 56 minutes
  System returned to ROM by power-on
  System restarted at 20:27:32 UTC Tue Mar 29 2011
  System image file is "flash:/c3750e-universalk9npe-mz.150-2.SE4/c3750e-universalk9npe-mz.150-2.SE4.bin"
  License Level: lanbase
  License Type: Permanent
  Next reload license Level: lanbase
  cisco WS-C3750X-48P (PowerPC405) processor (revision A0) with 262144K bytes of memory.
  Processor board ID FDO1524K1J2
  Last reset from power-on
  2 Virtual Ethernet interfaces
  1 FastEthernet interface
  104 Gigabit Ethernet interfaces
  4 Ten Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address       :
  Motherboard assembly number     : 73-12553-05
  Motherboard serial number       : 
  Model revision number           : A0
  Motherboard revision number     : C0
  Model number                    : WS-C3750X-48P-L
  Daughterboard assembly number   : 800-32727-01
  Daughterboard serial number     : 
  System serial number            : 
  Top Assembly Part Number        : 800-31324-02
  Top Assembly Revision Number    : C0
  Version ID                      : V02
  CLEI Code Number                : 
  Hardware Board Revision Number  : 0x03
  Switch Ports Model              SW Version            SW Image
  *    1 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M
       2 54    WS-C3750X-48P      15.0(2)SE4            C3750E-UNIVERSALK9NPE-M
  Switch 02
  Switch Uptime                   : 1 day, 6 hours, 56 minutes
  Base ethernet MAC Address       : 
  Motherboard assembly number     : 73-12553-06
  Motherboard serial number       : 
  Model revision number           : A0
  Motherboard revision number     : A0
  Model number                    : WS-C3750X-48P-L
  Daughterboard assembly number   : 800-32727-03
  Daughterboard serial number     : 
  System serial number            : 
  Top assembly part number        : 800-31324-03
  Top assembly revision number    : B0
  Version ID                      : V03
  CLEI Code Number                : 
  License Level                   : lanbase
  License Type                    : Permanent
  Next reboot licensing Level     : lanbase
  Configuration register is 0xF
  I am trying to setup native vlan tagging using the command "vlan dot1q tag native".   I am entering this when I am in privileged exec mode, and then config mode.   When enter vlan ? it does not show dot1q as an option.   Any thoughts on what I might be missing?   What I am trying to achieve is all ingress untagged traffic (from my Meru controller) will be tagged with VLAN tag 101 as it progresses through my network, and any tagged traffic on vlan 101 which is destined for the port where my Meru controller is located will be delivered to the Meru controller untagged.   I can set this up in this manner on a SG300 Cisco switch, and I believe this is what "vlan dot1q tag native" will achieve if I am understanding correctly.
  I welcome suggestions on both why the "vlan dot1q tag native" won't work, and on what I am trying to accomplish.
  Thx
  Bryan

  Hi Aaron,
  Thank you for the quick reply.  
  The Meru controller uses untagged traffic to talk between the controller and the APs.   It also uses tagged traffic to talk between the controller and the VLANs which I have associated with each of the SSIDs.   I am trying to find a way to do what is normally done with an access port, but do that with an LACP group (801.Q trunk).   Where the untagged traffic entering the network from the controller gets tagged as VLAN 101 as it transits the network, and then traffic which is delivered to that 801.Q trunk on VLAN 101 has the tag removed, but all other traffic entering that port will be appropriately tagged, and the tagged traffic along with the tags well egress from that port to the Meru controller.    I have done this before on a Cisco SG300 switch, but not on the 3750-X core in my home.   If I can't make this work I can front end the Meru controller with an SG300 but now I will be introducing another potential point of failure.
  Also, do you have any idea why the "vlan dot1q tag native" would not be accepted by the IOS version on this switch stack?
  Thx
  Bryan

• Native Vlan and tagging

  Hi!
  I have a particular installation on a customer site.
  The management vlan is the number 1 (which is the native vlan) for the whole network and all the switches tag the native vlan.
  So when I plug my AP on a port of a switch configured in trunk mode, it doesn't work.
  How can I resolve this issue?
  Thanks

  Yes, you can specify the native VLAN, though I am not sure if that will enable tagging of that VLAN or not. You might have to try it yourself to see. See the following link for pictures of the pages in question.
  http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#t12
  Because I think it will require a reboot after enabling HREAP but before setting up VLAN support, you might need to set it as an access port while making the changes.
  1. Do not use VLANs for your H-REAP deployment and set the access point switch ports as Access ports in the VLAN you want your users to be in. The AP will need an IP in the user VLAN, but that is not usually a problem. If you do not need multiple user VLANs from different SSIDs, this will be the easiest option.
  2. Disable native VLAN tagging for the ports with APs with the command I listed above.

• Native vlans and tagging

  Hi all, I know i have mentioned this in the other forum, but i need a bit more clarity.
  If I say have a pc plugged into vlan 2, pvid of 2, i gather this means that if ant frame comes in untagged it gets put into vlan 2 right ? ok, well my confusion is what happens to this when it goes over a trunk port, it I put the trunk as member of vlan 1,2,3,etc, will my originally untagged frame that came in and got put into vlan 2 get tagged along the trunk as vlan 2 ?

  Hi Carl,
  I hope i understand ur question correctly :)
  you are asking once farme is tagged with vlan id, what will happen to a frame as it pass through a inter switch trunk port.
  then the asnwer is (using 802.1q trunking protocol)-
  802.1Q does not actually encapsulate the original frame, it sets the EtherType value in the Ethernet header to Tag Protocol ID (TPID) 0x8100, identifying this frame as an 802.1Q frame. It then inserts an extra two-bytes of Tag Control Information (TCI) after the TPID, followed by another two bytes containing the frame's original EtherType. Together the four bytes of TPID and TCI are called the VLAN Tag.
  The format of the TCI is
  15:13 12 11:0
  user_priority CFI VID
  user_priority: a 3-bit field is defined in IEEE 802.1p.
  Canonical format indicator (CFI): a 1-bit indicator used for compatibility between Ethernet and Token Ring networks.
  VLAN ID (VID): a 12-bit field specifying the VLAN to which the frame belongs. A value of 0 means that the frame doesn't belong to any VLAN; in this case the 802.1Q tag specifies only a priority and is referred to as a priority tag. A value of hex FFF is reserved for implementation use. All other values may be used as VLAN identifiers, allowing up to 4094 VLANs. On bridges, VLAN 1 is often reserved for management.
  so ur original vlan tag is retained and other end of trunk port will be able to original vlan id of frame.
  HTH
  rgds
  rajat