I'm currently studying for the Cisco switching exam and having trouble understanding exactly how 802.1q tagging works.
Given three daisy chained switches (A,B, and C) with trunk ports between them and VLAN 101 defined on both end switches (A and C), I'm not sure why the VLAN also needs to be defined on the middle one (B)?
Note that I am not disputing that it does need to be configured, I'm just trying to understand why exactly.
As I understand it, traffic from VLAN 101 on switch A will be tagged as it goes through the trunk to switch B. According to the documentation I have read, trunks will pass all VLANs by default, and the .1q tag is only removed when the frame leaves through an access port on the relevant VLAN. From this I would expect switch B to simply forward the tagged frame unchanged through the trunk to switch C.
Can anyone shed some light on how switch B processes this frame and why it does not get forwarded through the other trunk ?
Trunking just gives an interface the ability to deal with tagged frames. It doesn't give it a general ability to handle all tags.
This is where the "default" or PVID (primary VLAN ID) comes in. When you set this, the switch treats all incoming packets with tags that it isn't explicitly configured to handle as if it was an untagged packet on the PVID. The frame is then handled with that in mind -- with the 802.1q tag removed.
You have to explicitly specify which VLANs are supported on which ports. This means you have to explicitly define and configure how the VLANs are forwarded through your mesh(*) of switches. Otherwise, all tagged packets could potentially go everywhere, leading to security problems and potential bottlenecks in terms of throughput.
(*) == originally typed as "mess", but that's often an appropriate sentiment.
Hm I sat here thinking about this for 10 minutes and couldn't come up with a good generic answer. Maybe there's something specific to how cisco equipment works that makes this a requirement? Maybe it's simpler to always require that vlans be enabled on intermediate switches because it makes the logic simpler?
This could also be a guard against malicious intent or careless mistakes - you are forcing the user to positively configure the intermediary switches to deal with vlans, instead of just allowing them to exist by default. Best I can think of.
Your doubt was why you need to configure the VLAN in the intermediate switch i.e., Switch B. Here is the simple and TO THE POINT answer for you. Switch B only forwards the tagged frames over those trunks that are defined to support that VLAN, and for which that VLAN is in a forwarding state. That means Switch B's Vlan table should have VLAN 101.