- Posts: 20
- Thank you received: 0
VLAN Tagging (Q in Q)
In a second senario (in the first we have a single L2 switch) we many interconnected switches with trunk ports. In this case (trunk) we are using a different mechanism for the frame tagging (Q in Q) in order to carry traffic coming in from many VLANs.
"As i have so far read about vlan concept, this is an allocation by the switch. The VLAN ID is assigned by the switch and not by the PC station which is connected to a port. So, the switch assigns a VLAN number to a port and every packet received an that port gets allocated that vlan id"
Vlan ID is configured on the switch port. Although Some times you will have multiple IP devices in 1 Switch port. Example would be IP phone is plugged into switch, and the PC is plugged into the IP phone. The PC will only pick up the packets from the Untagged VLan(Usually VLan1). THe phone is setup using 802.1q and you assign the phone the VID number lets say 2. So the switch port is confgiured with 2 vlans. VLan 1 untagged (no 802.1q) and vlan 2 (802.1q Tagged). You also need to do this with access points since they will possibly be serving devices from both VLans. SO that port will have multiple VLANs confgiured, and then you also have to configure those Vlans per SSID in the access point.
All "trunk" or connecting switch ports should have 802.1q configured since they will pass traffic from Multiple vlans.
This is were it gets kinda shady for me.
You can only have 1 untagged VLan per port. So if you plug in a phone to a port and ONLY assign it to VLan 2. Then you are not using 802.1q per se because the port is only part of 1 vlan and is therefore "Untagged".
Correct me if i'm wrong on this people.
The Bublitz
Systems Admin
Hospice of the Red River Valley
Bublitz wrote:
You can only have 1 untagged VLan per port. So if you plug in a phone to a port and ONLY assign it to VLan 2. Then you are not using 802.1q per se because the port is only part of 1 vlan and is therefore "Untagged".
Correct me if i'm wrong on this people.
Dont think so.
You wrote you are setting port 2 (for example) as access for vlan 2, and you connect it a phone.
Data leaving the pone and entering the switchport is tagged, unless vlan 2 is not the NATIVE VLAN, only traffic belonging to the native vlan is untagged, by default vlan 1 in al catalyst plataforms is untagged, but you can change that default parameter.
So back in your scenario, if you are using a catalyst plataform with default native vlan setting, traffic entering an access port who belong to vlan 2, is tagged.
HP VLAN DOC
Quote
When you subsequently assign a port a given Vlan, you must implement the VLAN tag (VID) if the port will carry traffic from more than 1 Vlan. Otherwise, the port VLAN assignment can remain "untagged" becuase the tag is not needed. On a given switch, this means you should use the "Untagged" destination for a port VLAN assignment where the port is connected to a non 802.1q-compliant device or is assigned to only one VLAN.
The native VLAN is used when a port is configured with multiple VLans 802.1q and there are devices connected to that port that doesn't support 802.1q.
So its tagged for vlan 2 but its NOT 802.1q "tagged" unless the port is configured with 2 vlans(SO each device can figure out what traffic is for them). So like I said on the example you quoted the port is only configured for vlan 2 so its not 802.1q "tagged". This allows non 802.1q devices to exist on VLan 2 some pcs/switches aren't.
I think the HP document explains it good, but leaves out the difference between 802.1q tagged and vlan tagged.
Anyone else fill in the blanks? Or am I just understanding their doc wrong?
The Bublitz
Systems Admin
Hospice of the Red River Valley
Bublitz wrote: No I dont think thats entirley correct. Then all devices would have to be 802.1q compatible if it wasn't on vlan 1. Most PCs and servers aren't...
quote]
NO NO NO YOU ARE WRONG MEN!
I WILL TRY TO EXPLAIN YOU OK.
IF YOU SET PORT 1 TO VLAN 2 DIRECTLY CONNECTED TO AN IP PHONE, AND THAT PHONE IS NOT 802.1Q COMPATIBLE , THE PHONE SENDS FRAMES (LEAVIN THE PHONE) UNTAGGED, SO WHEN IT ENTERS THE SWITCHPORT CONFIGURED AS VLAN 2 MEMBER, INMEDIATELY IT IS TAGGED AS VLAN 2 FRAMES.
SO DO YOU UNDERSTAND??
The native VLAN is used when a port is configured with multiple VLans 802.1q and there are devices connected to that port that doesn't support 802.1q.
EXSCUSE ME AGAIN, BUT THIS IS NOT TRUE, DONT KNOW WHERE YOU GET THAT INFO MEN???
I THINK ALMOST ALL DEVICES (END USER PCS) ARENT 802.1 Q COMPTIBLE, SO THEY DONT UNDERSTAND WHAT IS 8021Q TAGGING, THEY ONLY SEND FRAMES TO THE SWITCH, AND THE SWITCH MUST KNOW (DEPENDING IN THE SWITCH PORT CONFIG VLAN ) WHETHER IS MUTS TAG OR NOT A VLAN.
AS I EXPLAINED BEFORE, IF YOU HAVE NATIVE VLAN 1 FOR EXAMPLE, AND THE SWITCHPORT IS CONFIGURED AS ACCESS PORT FOR VLAN 1 MEMBER, IT DOESNT TAG THE FRAME.
IN THE SAME SCENARIO, IF THE SAME END USER PC, AND THE SAME SWITCHPORT IS CONFIGURED FOR ANOTHER VLAN EXPET NATIVE ONE, IT INMEDIATELY TAGS.