[c-nsp] Untagged packets on trunk interfaces
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 5 20:06:18 EST 2008
Kristian Larsson wrote:
> On Tue, Feb 05, 2008 at 10:53:49PM +0000, Phil Mayers wrote:
>> Brandon Price wrote:
>>> Thanks for the reply!!
>>>
>> Please don't remove the list from the Cc: - the replies in the archived
>> may help others
>>
>>> >From the link you sent:
>>>
>>> "The vlan dot1q tag native command is a global command that configures
>>> the switch to tag
>>> native VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q
>>> trunks, dropping any
>>> untagged traffic, including untagged traffic in the native VLAN"
>>>
>>> Which tag is being applied to this formally "native" traffic?
>> I've never used this feature - because it's a chassis global it's
>> useless - so I'm not certain, but I think it's fair to assume the native
>> vlans tag number.
>>
>> int gX/Y
>> switchport mode trunk
>> switchport trunk native vlan 123
>> switchport trunk allowed vlan 123,456
>>
>> ...vlans 123 & 456 will come out tagged. I guess in this case, the only
>> difference between a native and allowed vlan is... erm... the name?
>
> no, 123 vill be untagged while 456 will carry a
> tag.
Wrong.
The discussion is in the context of having typed the global command I
suggested:
vlan dot1q tag native
...which is "a global command that configures the switch to tag native
VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q trunks,
dropping any untagged traffic" (quote from Cisco docs)
>
>> FYI, you can also try this:
>>
>> int gX/Y
>> switchport mode trunk
>> switchport trunk native vlan 999
>> switchport trunk allowed vlan 123,456
>>
>> ...that is - 999 is a dummy vlan BUT is not in the allowed vlan list; I
>> believe this stops it forwarding traffic.
>
> I believe you are right.
>
> -K
>
More information about the cisco-nsp
mailing list