Solved: Single Switch VLAN operation - are frames tagged?

wardwolfram · ‎05-06-2020

Hello Team,

I am looking to better understand how a single (non-trunking) switch implements/executes VLANs. For example, if a PC connected to f0/1 configured with VLAN 10 sends a frame to a PC on f0/18 also on VLAN 10, does the switch add a vlan tag so that a PC connected to the switch with VLAN 20 does not get this frame?

If vlan tagging is not used in a non-trunking switch, how does the switch route frames to only the correct ports in the vlan?

Thanks,

Ward

Sergiu.Daniluk · ‎05-06-2020

Hi @wardwolfram

I will try to give a short explanation, but the complete answer is much more complex then this. Also, depending on the switch, the details might be partial true (as the hardware architecture depends on each particular family of switches, vendor etc).

On the motherboard of any modern switch there is one or more ASICs (Application Specific Integrated Circuit) to which all ports are connected to. This is basically a chip which is programmed for a specific use. On switches, the ASIC is programmed to switch/forward/tag/buffer/etc traffic in and out of ports. When you configure a port in access (or trunk), the ASIC is programmed to understand that any ingress traffic on that port belongs to VLAN X. Internally, inside the ASIC/forwarding engine, the packets will receive some internal headers (which will include the vlan which it belongs to, along with the source interface index, destination interface index etc). Based on the internal headers, the forwarding is performed.

Stay safe,

Sergiu

View solution in original post

Martin L · ‎05-06-2020

Good question! I do not have answer for you. I don't think I ever read about it in details; maybe it is still Cisco tech secret.
We know that switching is done in hardware internally based on MAC table. Switch builds MAC table with port ID, Vlan number, MAC address if known. Somehow Internally switch routes or forwards frames to appropriate ports.

Regards, ML
**Please Rate All Helpful Responses **

AJ Cruz · ‎05-06-2020

The frames are not 802.1q tagged.

dot1q tagging is used to differentiate traffic over a trunk link.

Think of it in terms of separate bridge domains (which is what a VLAN is). If I consolidate traffic from different bridge domains over a given link (trunk) I need some way to split it back out into it's appropriate bridge domain. That is the purpose of the dot1q tag.

MAC address learning does not require dot1q tags, we simply need to map a mac address to a port. Therefore dot1q tags are not required for traffic switched locally. I don't know the underlying mechanics but L2 broadcasts stay within the scope of the bridge domain (VLAN), but don't rely on dot1q tagging.

wardwolfram · ‎05-07-2020

Thanks AJ, no tagging, just with trunk ports (non-native vlan).

Sergiu.Daniluk · ‎05-06-2020

Hi @wardwolfram

I will try to give a short explanation, but the complete answer is much more complex then this. Also, depending on the switch, the details might be partial true (as the hardware architecture depends on each particular family of switches, vendor etc).

On the motherboard of any modern switch there is one or more ASICs (Application Specific Integrated Circuit) to which all ports are connected to. This is basically a chip which is programmed for a specific use. On switches, the ASIC is programmed to switch/forward/tag/buffer/etc traffic in and out of ports. When you configure a port in access (or trunk), the ASIC is programmed to understand that any ingress traffic on that port belongs to VLAN X. Internally, inside the ASIC/forwarding engine, the packets will receive some internal headers (which will include the vlan which it belongs to, along with the source interface index, destination interface index etc). Based on the internal headers, the forwarding is performed.

Stay safe,

Sergiu