How does L2 switch forward tagged VLAN?

Question

I am a student of networking and have a question. I am currently doing an internship / project at a school where they have 3 buildings. I will name them for now

1. A (subnet 172.16.x.x) --> Each with their vlans
2. B (same as A)
3. (subnet 172.20.x.x) --> With each their vlans

In building A and C there are 2 large Layer 3 switches. So the network is connected in such a way that first goes from building A to building B via a wireless antenna connection. This arrives in building B on an L2 switch.

Then in building B you go to an L3 switch which so goes to building C and so on.

So now I am wondering on the coreswitch at A there is a vlan80 defined for the wireless connection.

vlan:

interface vlan-interface80
 ip address 192.168.80.1 255.255.255.252 

So there is a port taged with vlan80 for all traffic for subnet 172.20.x.x. Via static route.

Interface:

interface GigabitEthernet2/3/0/47
 port link-mode bridge
 port access vlan 80

Route:

ip route static 172.20.0.0 255.255.0.0 192.168.80.2

So this traffic arrives on the L2 switch in building B, but how does the L2 switch determine that the incoming taged vlan80 packet should be forwarded to the L3 switch in building B? Does it automatically forward this to all the port where taged vlan 80 is or does it look in its cam table for that? I have already looked up all kinds of things, but no one has yet provided me with a clear and ready answer.

L2 in building B

vlan 80
   name "Straal"
   untagged 21-22
   tagged 1,6,23-24
   no ip address
   exit

This might be a silly question, but hopefully someone can help me. Thanks in advance.

Answer 1

how does the L2 switch determine that the incoming tagged vlan80 packet should be forwarded to the L3 switch in building B?

Based on your description, interface GigabitEthernet2/3/0/47 is an access port, which means the frames are not tagged.

A switch forwards frames based on the entries in the CAM (MAC address) table. If there is no entry for the destination MAC, it forwards the frame out all ports (floods) that are configured for the VLAN (80 in this case).

When the device at 192.168.80.2 replies, the L2 switch in B will learn the MAC address and update its CAM table.

Remember that VLAN tags are configured on the port. So VLAN 80 can be tagged on one port, but untagged on another.

Answer 2

The basics:

• Each VLAN acts like a separate switch.
• A frame is associated with a VLAN on ingress - untagged on an access port or tagged on a trunk port. It keeps that VLAN association until it leaves the switch. Whether it's tagged or not depends on the egress port.
• The forwarding within a VLAN (also called layer-2 switching) is done by the frame's destination MAC address and the switch's CAM table.
• A layer-3 switch can additionally act as a router. As with a separate router, the encapsulating frame needs to address the L3 switch's IP interface (SVI or L3 routed port). The L3 switch forwards the encapsulated IP packet between VLANs based on its routing table.

interface GigabitEthernet2/3/0/47
 port link-mode bridge
 port access vlan 80

On that access port VLAN 80 is not tagged. Only trunk ports use tags.

how does the L2 switch determine that the incoming taged vlan80 packet should be forwarded to the L3 switch in building B?

See above: An L2 switch forwards by destination MAC address. If the frame carries the L3 switch's MAC as destination then that's where it goes. The L2 switch has learned the L3 switch's MAC from previous frames and knows where it is connected.

Does it automatically forward this to all the port where taged vlan 80 is or does it look in its cam table for that?

The latter. Switches only flood frames to all ports (participating in the respective VLAN = broadcast domain) when the destination MAC address is unknown to them, ie. when it's not present in the switch's CAM table. Usually there's been some kind of traffic and no flooding happens.