We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • [geot exclude_region="No Trial" ] Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career![/geot]
  • Full Access to our 541 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


303 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Notable Replies

  1. Hi John,

    When you mix access and trunk mode, we get to see this message:

    %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/14 VLAN1.
    %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/14 on VLAN0001. Inconsistent port type.
    %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/14 on VLAN0001. Port consistency restored.

    The trunk will send BPDUs for each VLAN, our access mode interface only sends one BPDU so that's why CDP reports this error. This won't be a working trunk but I think the access mode VLAN (VLAN1) will work.

    I'd have to give this a try to see if it works.


  2. Dear Rene

    i'm new here i finished before some week from CCNA I want to study CCNP with you the explanation is very good.this command:

    switchport trunk encapsulation dot1q

    Is not working in my packet tracer how can I make a switching lab ??

  3. Hi Mohamed,

    There are two trunking protocols, 802.1q and ISL. Some newer switches only support 802.1Q and in that case this command will be unavailable.

    It's also possible that packet tracer doesn't support it, it's a simulator after all. It doesn't matter too much though...when this command doesn't work then the switch will use 802.1Q when you configure the interface as a trunk.


  4. Nicholas,
    Your left hand side description is correct. Since the incoming tag matches the native vlan of the trunk, the tag gets discarded. I suspect, however, that your scenario would break if you told your switch "switchport trunk native vlan tag" which means that even the native vlan keeps the tag. Since almost all PCs have no idea what a vlan tag is, it would discard the packet.

    For your right hand side, I suspect the problem is not knowing what the access port VLAN is for connection from Switch 5 to Switch 6. If it is not vlan 10, this would explain the failure.

  5. Hello Pankaj.

    Tagging occurs when a frame exits a switch on a trunk port. If you have a trunk port with VLANs 10 and 20 allowed on it for example, and you send a frame from VLAN 10 through that trunk, as it exits the physical port, a tag of "10" will be placed in the header of the frame.

    So in none of your above examples is tagging being configured. The following configuration configures a trunk:

    interface fastethernet0/1
    switchport mode trunk
    switchport trunk allowed vlan 10,20

    These commands tell the switch that frames that exit fastethernet 0/1 must be tagged with the appropriate VLAN tag.

    Now you mention that you read that you should not tag a frame twice. The article you read is probably referring to double tagging as a method of attacking networked resources to gain access to traffic on other VLANs that would normally not be accessible. This is a security issue that you can read more about here: https://supportforums.cisco.com/discussion/12304791/double-tagging-through-access-ports-why

    There are cases where you do want to have two tags such as when you use q-in-q. You can read more about it in Rene's lessons here: https://networklessons.com/switching/802-1q-tunneling-q-q-configuration-example/

    I hope this has been helpful!


Continue the discussion forum.networklessons.com

32 more replies