When I activate the interfaces, I see the following message
Then, the f1/1 of ESW1 is in blocking state
For that reason, Host1 can't communicate with Host2
Also, consider the following table:
Between "trunk" and "access" exists a "limited connectivity"
You must try with real devices, too.
That is the exact table I was referring to in the OCG actually, as I was confused why it would not just say "No connectivity" rather than Limited, as that implies some type of connectivity.
I believe the paragraph / following page said something to the effect of the Trunk port would still allow communications if the Access Port matches the Native VLAN for the trunk.
Am I correct in thinking every "Limited Connectivity" in that table should be "No connectivity" at all?
Thank you for taking the time to mock that up!
it is because of Native Vlan is not tag'ed . if u have Access Port on vlan which is same as Native VLAN for a Trunk configured, data is ok
you should not use native vlan for data / end user usage
i think we have some discussion about it long time ago....let me see if i have that ....
There is a potential security consideration with dot1q caused by the implicit tagging of the native VLAN, as it can be possible to send frames from one VLAN to another without a router. Refer to Are there Vulnerabilities in VLAN Implementations? for further details.
I have to give this the correct answer, as quoting from the OCG:
"Limited Connectivity is a result of one side being operationally a trunk and the other side being operationally an access port. Connectivity will occur only if the access port VLAN on one switch happens to be the same as the native VLAN for the 802.1Q trunk on the other switch. If not, connectivity will be broken."
It goes on to explain exactly what Martin had said, if the ports see frames coming from different VLAN #'s it breaks connectivity, but if they are seen as being on the same VLAN they will be forwarded.
This just seems like a tricky "gotcha" that might show up on the TSHOOT exam, so was wanted to clarify if the data transmission would actually occur in that scenario, even though it is very far from optimal.
Thank you all for the input!
For that reason, I explained in my previous post, each switch can have a different behaviour (in case of GNS3 with IOS and IOU, the communication is not possible, but in Cisco Packet tracer you can make ping in the native vlan). The better verification is experimenting with real devices to check.