I'm currently studying for the Cisco switching exam and having trouble understanding exactly how 802.1q tagging works.
Given three daisy chained switches (A,B, and C) with trunk ports between them and VLAN 101 defined on both end switches (A and C), I'm not sure why the VLAN also needs to be defined on the middle one (B)?
Note that I am not disputing that it does need to be configured, I'm just trying to understand why exactly.
As I understand it, traffic from VLAN 101 on switch A will be tagged as it goes through the trunk to switch B. According to the documentation I have read, trunks will pass all VLANs by default, and the .1q tag is only removed when the frame leaves through an access port on the relevant VLAN. From this I would expect switch B to simply forward the tagged frame unchanged through the trunk to switch C.
Can anyone shed some light on how switch B processes this frame and why it does not get forwarded through the other trunk ?
Best Answer
Trunking just gives an interface the ability to deal with tagged frames. It doesn't give it a general ability to handle all tags.
This is where the "default" or PVID (primary VLAN ID) comes in. When you set this, the switch treats all incoming packets with tags that it isn't explicitly configured to handle as if it was an untagged packet on the PVID. The frame is then handled with that in mind -- with the 802.1q tag removed.
You have to explicitly specify which VLANs are supported on which ports. This means you have to explicitly define and configure how the VLANs are forwarded through your mesh(*) of switches. Otherwise, all tagged packets could potentially go everywhere, leading to security problems and potential bottlenecks in terms of throughput.
(*) == originally typed as "mess", but that's often an appropriate sentiment.