VLAN Tagging

Vignesh M · ‎05-29-2015

When will a packet get tagged?

I have attached 3 network architecture diagrams(Image 1, 2, 3).

Configurations:

Image 1: Both L3 switches were in default VLAN's and no trunk link present between them. All the access ports were left to default including uplink.

Image 2: All the ports of the 2 L3 switches were configured to VLAN 10 including the uplinks..

Image 3: The uplink between 2 L3 switches were configured as trunk. All the access ports were configured as VLAN 10.

In which of the above scenarios, when will the tagging happens? Please clarify.

Mark Malone · ‎05-29-2015

tagging is done on the trunk ports not the access ports where a customer device would be

tagging is not performed when its just an access port connecting 2 switches , two reasons there's only 1 vlan so no need to tag, tagging is performed just so far end device knows where to put the traffic as it comes into it at layer 2 on the trunk , if everything came in untagged the switch would not know what vlan to put it in , Aswell native vlans which would be your vlan 1 by default do not tag packets belonging to it

So image 1 no tagging as access only between the 2 switches , 1 vlan allowed an its vlan 1

Image 2 no tagging as not trunk again its access only vlan 1o will pas this link when set like this

image 3 tagging on trunk as vlan 10 and 1 will be on it and its set as trunk link each side

Vignesh M · ‎05-31-2015

Hi, thanks for the inputs and clarification.

Another doubt popped up.

If I have a switch and have 4 vlans namely vlan 10,20,30 and 40 configured for 2 ports each starting from fa0/1 to fa0/8. In this case how wil the traffic flows within the switch. Whether the packet will be tagged when it access the other pc in the same vlan? How the traffic is broadcasted/unicasted into the switch? Also I have multiple vlans and without tagging, how the other pc in the same swith will identify that the traffic is intended to it?

Jon Marshall · ‎05-31-2015

If the ports are access ports the frames will not be tagged between those ports.

The switch obviously keeps a mac address table that tells it which mac addresses are reachable via which ports.

A PC receiving a frame will know it is intended for it because the destination mac address in the frame header will be it's own mac address. If the frame had a destination broadcast mac address then the PC will also process that frame.

If the frame has a multicast destination mac address if the PC has registered for the multicast stream it will process it, if it hasn't it won't.

If the frame is an unknown unicast frame and is therefore flooded with the vlan if the destination mac address matches the PCs it will process it, if it doesn't it won't.

Note whether the PC wants the frame or not it still needs to look at the destination mac address in the frame so when I use the term "process" I mean the PC has looked at the destination mac address and determined that it should be receiving that frame and doing something with it.

In terms of broadcast, unknown unicast and multicast and how the switch knows which ports to send the frames out of we have had a number of discussion about this on the forums and the simple, although unsatisfactory answer, is that the switch just "knows".

It certainly has all the information present in the running configuration to know which ports belong to which vlans etc. but in terms of what internal data structures are used to record this information and how exactly it is accessed etc. is more than likely a trade secret because all vendors will have their own implementation of this.

I have searched high and low to find out this specific information on Cisco switches and have yet to find anything definitive but I live in hope :-)

Jon

Vignesh M · ‎05-31-2015

Thanks all for making things clear :-)

devils_advocate · ‎05-29-2015

Tagging is not done on Access Ports, there is no need to.
An access port can only be part of a single vlan therefore why tag the packets? Both sides know what vlan the port is part of.

A trunk port however passes traffic for multiple vlans.
When one switch sends a packet to another switch across a trunk link, how does the receiving switch know what Vlan the packet is part of? It's tagged by the sending switch, that's how it knows.

The main exception for this is the 'native' vlan which is a specific vlan on a trunk link for traffic which is sent 'untagged'. The default native vlan on a trunk link is vlan 1 so if you look at the configuration for a trunk port and do not see a native vlan listed, it will be the default of vlan 1.

Funnily enough, the concept of tagged/untagged and access/trunk ports clicked in my head when I had to configure a HP switch for the first time. They do not use the concept of Access Ports and Trunks (they mean something else in HP) but use the terms 'Tagged' and 'Untagged'.

Joseph W. Doherty · ‎05-29-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I just wanted to add, there's a special case for access ports, which can send/receive both untagged and tagged frames. Those are when you define a voice VLAN on the port. The latter's frames are tagged.

suhasdachamp · ‎01-13-2016

Hi Joseph,

can pc send tagged packets??

Warm regards

Suhas Mohd

devils_advocate · ‎01-14-2016

I believe Windows can and Linux definitely can.

Linux allows you to create subinterfaces and have each one add a Vlan tag to its packets.

The switchport can then be a trunk.

It wouldn't just be something you would do without a reason though.

I have done it before with a Linux machine Apple Airplay packets to 'leak' between Vlans so Senders and Receivers can be in different subnets but still see each other.

Joseph W. Doherty · ‎01-14-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If the NIC and OS supports it.