Go Native
Readers somewhat accustomed with IEEE blueprint apparently apperceive that it is generally a
concern of the institute’s blueprint to abide backward-compatible with previous
iterations of assorted IEEE texts. The 802.1Q blueprint is no different. As such, it
includes a accouterment for block ports to backpack both tagged and untagged frames. Frames
70 Chapter 4: Are VLANS Safe?
riding on a block anchorage after any 802.1Q tags are said to be allotment of the built-in VLAN. A
protocol that uses the built-in VLAN is 802.1D. This ensures affinity with switches
that do not run a per-VLAN spanning timberline (PVST). Bridge Protocol Abstracts Units (BPDU)
exchanged over the built-in VLAN serve as the base for a everyman accepted denominator loopfree
topology. Addition archetypal appliance includes Cisco IP phones area the data
originating from a accessory absorbed to the buzz is untagged in a accustomed abstracts VLAN while
voice cartage arrives tagged on the about-face port.
Figure 4-2 illustrates a baby LAN comprised of two switches and four hosts. Hosts A and
B are in VLAN 10, while hosts B and D are in VLAN 20. The switches interconnect by an
802.1Q trunk, which carries frames for VLANs 10 and 20.
Figure 4-2 Built-in VLAN Concept
When a anatomy from host B to host D enters about-face 1, it is internally flagged as acceptance to
VLAN 20. That VLAN 20 tag is maintained over the block until the anatomy is delivered to
its ultimate destination. About-face 2 strips off the 802.1Q tag aloof afore it delivers the frame
to host D. The action hardly differs back advice amid hosts A and C is
involved. The built-in VLAN for the block is VLAN 10. This agency that cartage from VLAN
10 is beatific untagged on that trunk. Back cartage from host A enters about-face 1, it is internally
marked as a VLAN 10 frame. However, this appearance is not preserved beyond the trunk.
Switch 1 sends out the anatomy with no 802.1Q header. Back the anatomy arrives on about-face 2,
it is automatically classified into the built-in VLAN of the block and delivered to host C.
This action is analytical to understand, because it leads to the aboriginal abeyant aegis issue.
Imagine a misconfiguration on about-face 2 area the built-in VLANs on both ends of the trunk
that links switches 1 and 2 are mismatched. Frames beatific by about-face 1 on the built-in VLAN
arrive on about-face 2; here, they are classified into about-face 2’s built-in VLAN to alone be
sent out into that VLAN. If about-face 1’s built-in VLAN is 10 while about-face 2’s built-in VLAN
happens to be 20, you are faced with a VLAN bent problem! Cartage abrogation about-face 1
802.1Q Trunk
Native VLAN = 10
VLAN 20
10
10
VLAN 20
Host A
Host B
Host B HostD
802.1Q Tag’s VID = VLAN 20
Host A Host C
No 802.1Q Tag
Host D
Host C
IEEE 802.1Q Overview 71
on VLAN 10 enters about-face 2 and gets classified in VLAN 20. This is not adorable behavior,
obviously. Fortunately, Cisco Discovery Protocol (CDP) comes to the rescue. CDP can help
pinpoint built-in VLAN conflict issues. Actuality is an archetype of the syslog message
produced back CDP comes beyond the problem:
.Jan 24 05:14:49.679: %CDP-4-NATIVE_VLAN_MISMATCH: Built-in VLAN conflict discovered
on GigabitEthernet7/8 (23), with 6K-2-S2.cisco.com GigabitEthernet1/16 (12).
In this cipher snippet, the built-in VLAN is 23 on one ancillary and 12 on the added end.
Assuming no built-in VLAN conflict agreement error, is it still accessible for cartage to hop
from one VLAN to another? Read on….