Page Content

Tutorials

Load more

What Is VLAN Tagging Cisco? An Introduction To IEEE 802.1Q

CCNA
Hemavathi
Author: Hemavathi
7 min.read

What is VLAN Tagging?

VLAN Tagging
VLAN Tagging

A basic networking technique called VLAN tagging divides a single physical network logically into several smaller, isolated Virtual Local Area Networks (VLANs) by adding an identifier, or “tag,” to Ethernet frames. This technique is essential for determining which VLAN a data frame is associated with when it traverses trunk links, which are lines that transport traffic for several VLANs. Within a topology, it aids in separating traffic from several networks as it passes over shared links and devices.

Also Read About What is WAN Security & Advantages of Wide Area Network Wan

Purpose of VLAN Tagging

VLAN tagging serves the following main purposes:

Determine VLAN membership: To differentiate frames travelling over trunk lines from various VLANs.

Network Segmentation: Network segmentation is the process of rationally dividing a physical network into more manageable, smaller sections. This is very helpful for safeguarding network segments and restricting broadcast network traffic.

Enhanced Security: Prevents unauthorized access and enhances network security by isolating certain departments or user groups. For instance, mismatched native VLANs may unintentionally result in “VLAN hopping,” which poses a security concern.

Better Performance: By segmenting the network, broadcast traffic is decreased, increasing network efficiency.

Improved Network Management: Makes it simpler to classify, manage, and control network traffic.

Enhanced Network Flexibility: This feature, which is particularly helpful in business settings, allows the establishment of several logical networks across a single physical infrastructure.

How VLAN Tagging Works

VLAN tagging entails the following particular procedures on various port types:

On Access Ports: Access ports, which are set up for a single VLAN, are connected to devices such as PCs and printers. These devices send untagged frames and are not aware of VLANs. The switch allocates an untagged frame received on an access port to the VLAN set up for that particular port.

On Trunk Ports: The first switch adds a VLAN tag to an untagged frame before sending it out a trunk port if the frame must pass via another switch or a router in order to get to its destination. In order to transport traffic for numerous VLANs and enable VLAN tagging, trunk ports are usually used to connect switches or switches to routers.

VLAN Identification: A VLAN Identifier (VLAN ID) is contained in the tag, and it informs the receiving switch or router of the VLAN to which the packet belongs.

Tag Removal: The switch eliminates the VLAN tag once the tagged frame has arrived at the destination switch and has been routed to an end device via an access port. This makes sure the final device doesn’t have to comprehend VLAN tagging in order to get the original frame.

Also Read About How To Set Up A LAN Network Devices Connection Guidelines

Key Components and Terms

Understanding VLAN tagging requires knowledge of several crucial words and elements:

  • VLAN (Virtual Local Area Network): A logical identifier for network isolation is called a VLAN (Virtual Local Area Network).
  • Trunk Port: A port intended to carry traffic for several VLANs that has been activated for VLAN tagging. These ports are used for switch-to-switch or switch-to-router communications, and they add or remove VLAN tags as frames enter or exit the switch, respectively.
  • Access Port: A port that only allows traffic for one VLAN and does not tag. These ports are used to send and receive untagged frames and connect end devices.
  • Encapsulation is the process of adding extra information, like a VLAN tag, to data frames.
  • VLAN ID (VID): A 12-bit number that uniquely identifies each VLAN and indicates the VLAN the frame is associated with.
  • Native VLAN: One VLAN is identified as the native VLAN on a trunk port. This VLAN’s traffic is transmitted and received over the trunk link without tags. VLAN 1 is frequently the native VLAN by default. Changing the native VLAN from its default setting to an unused VLAN is a security best practice. “VLAN hopping” is one of the major security threats that can result from mismatched native VLANs on opposing sides of a trunk.
  • The best practice is to utilise one subnet per VLAN ID. A subnet is a logical network that can be generated from a bigger network ID.

VLAN Tagging Protocols

VLAN Tagging Protocols
VLAN Tagging Protocols

IEEE 802.1Q is the most widely utilised of the several protocols used for VLAN tagging:

IEEE 802.1Q (Dot1Q)

  • This open standard protocol is the most widely used encapsulation technique for VLAN tagging. It is how Meraki devices operate.
  • After the Source MAC Address, it adds a 4-byte (32-bit) header to the original Ethernet frame.
  • Up to 4094 distinct VLANs can be supported by the 802.1Q tag’s 12-bit VLAN ID (VID); 0 and 4095 are reserved.
  • A Tag Protocol Identifier (TPID) (0x8100) that indicates that the frame is 802.1Q-tagged, three bits for User Priority (QoS), and one bit for Canonical Format Indicator (CFI) are additional fields in the 802.1Q tag.
  • As the frame size varies after inserting the 802.1Q header, the Frame Check Sequence (FCS) needs to be redone.
  • Ethernet II frames are significantly smaller than ISL frames, with a maximum frame size of 1522 bytes.
  • One instance of the Spanning Tree Protocol (STP) is typically maintained per VLAN for networks powered by Cisco.
  • To prevent network loops, an 802.1Q trunk’s VLAN must be the same on both ends of the trunk link.

Inter-Switch Link (ISL)

  • FastEthernet and Gigabit Ethernet links on Cisco devices are the main applications for ISL, a Cisco-proprietary legacy trunking protocol. The majority of Cisco switches nowadays support 802.1Q; ISL is no longer supported.
  • In contrast to 802.1Q, ISL employs an external tagging procedure, adding a 4-byte packet Check Sequence (FCS) field at the end and encapsulating the entire Ethernet packet with a new 26-byte ISL header.
  • Frames up to 1548 bytes long, known as “giant” or “jumbo” frames, can be read by only ISL-aware devices due to its encapsulation.
  • A maximum of 1000 VLANs are supported.
  • ISL enables optimisation and VLAN load balancing by utilizing Per VLAN Spanning Tree (PVST), which runs one instance of STP per VLAN.

LAN Emulation (LANE)

  • Introduced to enable workgroups to be defined by logical function rather than physical location by establishing VLANs over WAN cables.
  • Although Cisco has supported it since 1995, small and mid-sized networks do not frequently use it.
  • By mapping MAC addresses to ATM addresses and simulating Layer 2 communications, LANE Clients collaborate with LAN Emulation Servers (LES) and Configuration Servers (LECS).

802.10 (FDDI)

  • Usually seen in big networks with expensive Cisco switch models, this technology is used to tag VLAN frames on Fibre Distributed Data Interface (FDDI) networks.
  • Inserts the VLAN ID using the IEEE 802.10 frame’s SAID field.
  • For compatibility, an Ethernet II frame must first be transformed to an Ethernet SNAP frame and then to an IEEE 802.10 frame.

Native VLAN and Untagged Traffic

  • One unique idea in 802.1Q trunking is the native VLAN.
  • Frames from the native VLAN are transmitted untagged over a trunk link when 802.1Q is used.
  • VLAN 1 is the native VLAN by default.
  • A switch will presume that an untagged frame on an 802.1Q trunk port is part of the native VLAN set up for that port.
  • Changing the native VLAN from the default VLAN 1 to an unused or dummy VLAN that is separate from all other VLANs in the switched LAN is a security best practice. Frames bouncing between VLANs on a trunk can result from mismatched native VLANs.

Also Read About CISCO Switch Configuration: A Safe and Effective Setup Guide

Application of VLAN Tagging

When traffic for several VLANs needs to be sent over a single physical connection, VLAN tagging is especially utilised on trunk links, which link switches to routers, servers, or other switches. Access ports don’t use VLAN tagging when they connect to end-user devices.

Best Practices and Potential Issues

In order to guarantee appropriate VLAN tagging, it’s crucial to:

  • Continue to adhere to consistent VLAN standards (e.g., don’t mix 802.1Q with ISL).
  • Check for tagging issues on a regular basis, such as dual/double tagging, which occurs when a packet receives two or more VLAN tags.
  • To avoid unanticipated outcomes and security threats like VLAN hopping, maintain the same trunk configuration on both ends of a link, including encapsulation, permitted VLANs, and the native VLAN.
  • For security, switch the native VLAN from the default VLAN 1 to an unused or dummy VLAN.

Misconfigurations (e.g., mismatched VLAN IDs, untagged ports, misconfigured switches/trunks), high management expenses, a lack of internal expertise, and the requirement for regular maintenance and monitoring are common problems with VLAN tagging.

Previous article
How to Replace a String with another String in Oracle?
Next article
SQL Fundamentals in PostgreSQL With Code Example
Hemavathi
Hemavathihttps://govindhtech.com/
Myself Hemavathi graduated in 2018, working as Content writer at Govindtech Solutions. Passionate at Tech News & latest technologies. Desire to improve skills in Tech writing.

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index