- Topics: 16
- Replies: 163
- Total Posts: 179
I think the issue is this, by default the Native VLAN is the default VLAN, a trunk port can carry multiple VLANs to route traffic to the router or a switch. VLAN is a layer 2 protocol and it segments a layer 2 network, they can only communicate in a Layer 3 device such as a router or a layer 3 switch.
This why you are not having issues when everything is on the default (native) VLAN as your trunk port will forward packets untagged without issue. Since now you can have multiple networks on each link/port you have to somehow be able to distinguish which packet belongs to which network. That’s where tagging comes in and why packets get tagged.
Generally you have to distinguish packets at port ingress (incoming “from the cable”) and egress (outgoing “into the cable”).
- ingress untagged: this is where the native vlan of the port comes in. If the switch has multiple VLANs configured, you have to tell the switch to which VLAN an incoming untagged packet belongs ;
- ingress tagged: well, if it comes in tagged, then it’s tagged, and you can’t do much about it. If the switch doesn’t know about tagging or about that precise VLAN, it will reject it, sometimes you have to activate some kind of ingress-filter though. You can also force a port to accept untagged or tagged packets only.
- egress untagged: for each port you can select one VLAN whose outgoing packets on that port are not tagged (e.g. because the host doesn’t support it, or only one VLAN is required for example for a PC, printer, etc.) ;
- egress tagged: You have to tell the switch which VLANs to make available on the port and if more than one, all but one have to be tagged anyway.
Hope that helps!