H Brandon I am not getting your point. Please find my understanding:
*Point 1* With IOS router, by default the physical interface will handle all the untagged frames and put them in vlan 1. or You can configure a default vlan for physical interface using "encapsulation dot1Q 2 native" But with ASA, there is no option to specify a native vlan. I am wondering, will support ASA receive untagged frames. *Point 2* If is true that ASA supports untagged frame, I am not getting why we need to add the native vlan in the allowed list. For what purpose are we adding a native vlan in allowed list? With regards Kings On Tue, Apr 13, 2010 at 9:24 PM, Brandon Carroll <[email protected]>wrote: > Vlan 12 in the allowed list does not make it tagged if its the native vlan. > You would need it in the allowed list if the switch was tagging all vlans > including the native. > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 13, 2010, at 3:18 AM, Kingsley Charles wrote: > > That is what we need, right? > > The traffic to the phsyical interface should not be tagged. The physical > interface can't understand tagged traffic. Only the sub-interface can > understand tagged traffic with the "vlan" keyword. > > vlan 12 in the allowed vlan list, makes it tagged. > > With regards > Kings > > On Tue, Apr 13, 2010 at 2:54 PM, 'Segun Daini <[email protected]>wrote: > >> To allow the trunk to pass vlan 12 traffic. specifying it a the native >> vlan is just telling the switch to not TAG vlan 12 traffic. >> >> Regards >> >> ------------------------------ >> *From:* Kingsley Charles <[email protected]> >> *To:* [email protected] >> *Sent:* Tue, April 13, 2010 9:56:31 AM >> *Subject:* [OSL | CCIE_Security] Native vlan mapped to physical interface >> >> Hi all >> >> Vol 2 > Lab 15 > Section 1.0 >> >> ASA1's e0/0 is connected to cat 3 f0/10. >> vlan 12's subnet address is 192.1.12.0. >> e0/0's IP address is 192.1.12.10. >> >> "switchport trunk native vlan 12" alone is suffice to route traffic from >> "192.1.12.0" to ASA1's e0/0. >> >> Why are we adding vlan 12 in the trunk allowed list? >> >> >> >> *ASA 1 config* >> >> interface Ethernet0/0 >> nameif outside >> security-level 0 >> ip address 192.1.12.10 255.255.255.0 standby 192.1.12.60 >> ! >> interface Ethernet0/0.55 >> vlan 55 >> nameif DMZ55 >> security-level 55 >> ip address 192.168.5.10 255.255.255.0 standby 192.168.5.60 >> >> *Cat3 config* >> >> interface FastEthernet0/10 >> description ASA1 F0/0 >> switchport trunk encapsulation dot1q >> switchport trunk native vlan 12 >> switchport trunk allowed vlan 12,55 >> switchport mode trunk >> >> >> >> >> >> With regards >> Kings >> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
