RE: Cisco 3560 - behavior

Oh !... I've been feeling tagged now with so many replies...:)
Well, first for those who are arguing CCIE shouldn't raise it, Precisely I'd
say sometimes simple things does have great meaning & huge effect ofcourse
while working in production as I've observed. Well I tried it from everyside
but results were not as expected n that urged me to understand it in more
depth so I put this on our forum.

Coming towards problem...
thanks to the responders for detailed replies I agreed on first part it should
be but other side is non-cisco device which sends tagged frames and it's
observed switch is overriding all frames with assigned access vlan. Does it
surely mean the other non-cisco device doesn't tag it at all? Could it be
captured by any method or debugging?

and in 2nd part more specifically I need to know If we compare " the port
having x vlan as voice and other is having x vlan as access "
Will it be the same scenario where two access ports communicate within x vlan
(configured x vlan as access)?

Thanks & REgards,

Jagdeesh. K. Vasvani
CCIE# 28213 (R&S)

> Date: Mon, 11 Apr 2011 21:05:42 +0100
> Subject: Re: Cisco 3560 - behavior
> From: malickmuz_at_gmail.com
> To: sdibias_at_gmail.com
> CC: narbikk_at_gmail.com; stephen.robinson_at_qtzl.com; jb.poplawski_at_gmail.com;
nmaxpierson_at_gmail.com; jk_vasvani_at_hotmail.com; ccielab_at_groupstudy.com
>
> Everybody learnt/remembered/suggested something!! Its great isn't it!!
>
> On 11 April 2011 21:01, Steve Di Bias <sdibias_at_gmail.com> wrote:
> > I pasted the wrong debug for the first one, should have been
> > 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
RIB
> > 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
> > 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
> > packet.
> > 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
RIB
> > Even still the traffic was blocked...
> > On Mon, Apr 11, 2011 at 12:58 PM, Steve Di Bias <sdibias_at_gmail.com>
wrote:
> >>
> >> Narbik & Muzammil I stand corrected, so thank you for pointing that out.
> >> To lab this up I followed Narbik's advice and created an SVI on the
switch
> >> for VLAN 100 with an IP address of 1.1.1.2/24.
> >> Of course my pings to 1.1.1.1 failed as you can see here
> >> Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
> >> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
> >> RIB
> >> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, sending.
> >> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan12), len 100, encapsulation
> >> failed
> >> Once I added the "native" keyword to the routers sub-interface my pings
> >> were successful
> >> 3w3d: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), routed via
> >> RIB
> >> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending
> >> 3w3d: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan100), len 100, sending full
> >> packet
> >> 3w3d: IP: s=1.1.1.1 (Vlan100), d=1.1.1.2, len 100, rcvd 1
> >> I'm not ashamed to say I was incorrect in my answer, and I wasn't
> >> intentionally making fun of the original poster, however I would have
> >> expected him to have at least researched it or tested this in a lab
> >> environment first.
> >> If it came off that way I do apologize
> >> Happy labbing!
> >>
> >>
> >>
> >>
> >> On Mon, Apr 11, 2011 at 12:20 PM, Narbik Kocharians <narbikk_at_gmail.com>
> >> wrote:
> >>>
> >>> Totally agreed, you can actually test it by labbing it up. All you need
> >>> is a router and a switch.
> >>> Configure the router with:
> >>>
> >>> Int F0/0
> >>> No shut
> >>> Int F0/0.1
> >>> Encap dot 100
> >>> ip addr 1.1.1.1 /24
> >>>
> >>> Configure the switch with:
> >>> Int F0/1 ------ Let's say this is the port that he router is connected
to
> >>> swi mode acc
> >>> swi acc v 100
> >>> no shut
> >>>
> >>> Once you test it, you will never forget it.
> >>> To send untagged frames, just add the "Native" keyword.
> >>>
> >>> On Mon, Apr 11, 2011 at 12:13 PM, Muzammil Malick <malickmuz_at_gmail.com>
> >>> wrote:
> >>>>
> >>>> So are you saying that an access port today will accept tagged traffic
> >>>> as long as it is tagged with the vlan assigned to the access port?
> >>>>
> >>>> This is contradictory to the documentation and everything else I have
> >>>> read.
> >>>>
> >>>> I had always understood that any tagged traffic will be dropped
> >>>> regardless?
> >>>>
> >>>> On 11 April 2011 20:04, Steve Di Bias <sdibias_at_gmail.com> wrote:
> >>>> > Of course, nobody knows everything, so fair enough.
> >>>> >
> >>>> >
> >>>> >
> >>>> > The behavior today would be to forward any untagged frames or frames
> >>>> > tagged
> >>>> > with a vlan id of the access vlan while denying everything else.
> >>>> >
> >>>> >
> >>>> >
> >>>> > This wasn't always the case however, and I believe that older OS
> >>>> > versions
> >>>> > will actually forward the tagged frames as well.
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> >>>> > On Mon, Apr 11, 2011 at 11:39 AM, Stephen Robinson <
> >>>> > stephen.robinson_at_qtzl.com> wrote:
> >>>> >
> >>>> >> Sounds like none of you know the answer either... HaHAHa....
> >>>> >>
> >>>> >> Better to make fun than be productive... :)
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >> Jagdeesh - sorry for the ridicule of my peers. I speculate (but do
> >>>> >> not
> >>>> >> know) that you could not pass a vlan tag on an access port but I'm
> >>>> >> not
> >>>> >> sure
> >>>> >> if it would drop or if it would just strip the tag.
> >>>> >>
> >>>> >> Steve-Max-JP care to step up and try to answer?
> >>>> >>
> >>>> >>
> >>>> >> BTW - a ccie number does not mean you know everything.... And who
> >>>> >> better
> >>>> >> to ask than other smart people like this list. even Narbik and
> >>>> >> Scott
> >>>> >> don't know everything (I mean... in theory there may be something
> >>>> >> that
> >>>> >> they don't know... Of course I can't prove it)
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >> > From: JB Poplawski <jb.poplawski_at_gmail.com>
> >>>> >> > Reply-To: JB Poplawski <jb.poplawski_at_gmail.com>
> >>>> >> > Date: Mon, 11 Apr 2011 13:09:07 -0500
> >>>> >> > To: Max Pierson <nmaxpierson_at_gmail.com>
> >>>> >> > Cc: Steve Di Bias <sdibias_at_gmail.com>, "Engr. Jagdeesh. K.
Vasvani"
> >>>> >> > <jk_vasvani_at_hotmail.com>, group-study <ccielab_at_groupstudy.com>
> >>>> >> > Subject: Re: Cisco 3560 - behavior
> >>>> >> >
> >>>> >> > I just re-read that... yikes!
> >>>> >> > JB
> >>>> >> >
> >>>> >> > On Mon, Apr 11, 2011 at 12:43 PM, Max Pierson
> >>>> >> > <nmaxpierson_at_gmail.com>
> >>>> >> wrote:
> >>>> >> >>> Does your signature say CCIE?
> >>>> >> >>
> >>>> >> >> Lol, i was thinking the same thing. It must be from a pass4sure
> >>>> >> >> cert
> >>>> >> :)
> >>>> >> >>
> >>>> >> >> On Mon, Apr 11, 2011 at 12:18 PM, Steve Di Bias
> >>>> >> >> <sdibias_at_gmail.com>
> >>>> >> wrote:
> >>>> >> >>
> >>>> >> >>> Does your signature say CCIE?
> >>>> >> >>> On Apr 11, 2011 9:59 AM, "Engr. Jagdeesh. K. Vasvani" <
> >>>> >> >>> jk_vasvani_at_hotmail.com> wrote:
> >>>> >> >>>> Dear Experts,
> >>>> >> >>>> Would appreciate if anyone could help by clarifying below
> >>>> >> >>>> queries:
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>>> 1. how would a cisco switch reacts when it receives a tagged
> >>>> >> >>>> Frame on
> >>>> >> an
> >>>> >> >>>> Access Port.
> >>>> >> >>>> 2. Does switch pass each & every frame b/w access ports in
vlan
> >>>> >> >>>> x,
> >>>> >> where
> >>>> >> >>> one
> >>>> >> >>>> is configured with " switchport voice vlan x" and other with
> >>>> >> "switchport
> >>>> >> >>>> access vlan x"
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>>> REgards,
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>>> Jagdeesh. K. Vasvani
> >>>> >> >>>> CCIE# 28213 (R&S)
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >> >>>> Blogs and organic groups at http://www.ccie.net
> >>>> >> >>>>
> >>>> >> >>>>
> >>>> >>
> >>>> >>
Received on Tue Apr 12 2011 - 01:35:31 ART