AnsweredAssumed Answered

Converting/Traversing a VLAN

Question asked by jamcguire on Sep 11, 2014

Hi there,


I'm trying to understand the scenario as described in the following blog:


In essence I'm trying to understand the process of extending an on-premise network at layer 2 into a service provider network with a different/changed VLAN.  The on-premise VLAN ID is VLAN ID 100 and the service provider network is VLAN ID 200.


The basic concept is to take the ports of the two adjoining switches and set them both to access ports, switch A on-premise would have an interface set to access port VLAN 100 and switch B at the service provider would have its interface set to access port VLAN 200 and the interfaces would be directly attached.


Im just trying to understand why this works, according to the blog linked above the explanation is as follows:


"The explanation is quite simple – even though we normally consider VLAN IDs to segregate traffic between subnets, the packets leaving the switches are not tagged when traversing an access port."


However, for the frames to be accepted by the access port on switch A, the traffic must already have been tagged VLAN 100, so further to the explanation above the switch must actually detag the VLAN ID from the frames as they leave the interfaces?


By my understanding, the adjacent switch B, with its access port set to VLAN ID 200 then should not accept the frames which have been detagged/untagged from switch A VLAN 100 interface, as they are not tagged VLAN ID 200!


So can anyone advise;


* Why two adjacent directly connected switches with their interfaces configured as access ports for different VLAN ids allow traffic to pass, this would seem to contradict the statement of "If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address." taken from Cisco Nexus 5000 Series NX-OS Software Configuration Guide - Configuring Access and Trunk Interfaces [Cisco Nexus 5000 S…

* What the process of tagging and detagging is, and if possible are there any official links to documentation which explain this?

* If I were to capture ethernet frames on a host computer received from a switch access port on a VLAN 100, would I actually see the frames stripped of their VLAN, i.e. it is only transmitted frames which need to carry the VLAN id?


Many thanks,