- Posts: 2
- Thank you received: 0
VLAN tagging
16 years 2 months ago #27671
by nk007
VLAN tagging was created by nk007
Hi All,
I have a doubt in VLAN tagging (802.1Q 4 bytes).
How to identify from VLAN tagging, whether it contain Access link(one VLAN ID) or trunk link(multi VLAN ID).
TPID (16 bit):indicate that tagging protocol type i.e 802.1q or 802.1ad
Priority (3 bit):Qos i.e voice,data,video
CFI:Non Mac address or Mac address
VLAN ID:between 1 to 4095
Kindly some one can explain me.
Thanks in advance.
I have a doubt in VLAN tagging (802.1Q 4 bytes).
How to identify from VLAN tagging, whether it contain Access link(one VLAN ID) or trunk link(multi VLAN ID).
TPID (16 bit):indicate that tagging protocol type i.e 802.1q or 802.1ad
Priority (3 bit):Qos i.e voice,data,video
CFI:Non Mac address or Mac address
VLAN ID:between 1 to 4095
Kindly some one can explain me.
Thanks in advance.
16 years 2 months ago #27675
by unlight
Replied by unlight on topic Re: VLAN tagging
Hi,
I don't quite understand your question.
Trunk and Access are properties of ports not tags. No specific tag is either a access or trunk tag, i.e. fa0/1 could be an access port for VLAN 200 and fa0/24 trunks VLAN 200 along with several specified VLAN or all VLANs. So the same VLAN tag can be used in a access / trunk configuration on the same switch.
Perhaps you could outline the scenario?
I don't quite understand your question.
Trunk and Access are properties of ports not tags. No specific tag is either a access or trunk tag, i.e. fa0/1 could be an access port for VLAN 200 and fa0/24 trunks VLAN 200 along with several specified VLAN or all VLANs. So the same VLAN tag can be used in a access / trunk configuration on the same switch.
Perhaps you could outline the scenario?
16 years 2 months ago #27688
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: VLAN tagging
inlight is correct, i think you are just over thinking this. This is how i think of it;
The VLAN tag is stripped when it leaves a switch port that is within a specific VLAN. The actually machines are not configured to handle the VLAN Tagging (although you can get them to) so the PC/Server or whatever is connected to the switch port will not do anything with it. Therefore, when the traffic leaves the switch port, it looses the tagging information. The switch handles all this for you.
VLAN Trunks are setup as a switchport which will maintain the VLAN Tag as the traffic leaves the switch port. This way, when it reaches the other end the receving device (usually a switch or a router) will know what VLAN its a member of.
Switch A -> TRUNK -> Switch B
Here if switch A and B have ports assigned to VLAN 10, a machine on Switch A which is connected to a port in VLAN 10, can send traffic to anything connected to a port in VLAN 10. If Switch B has ports also assigned to VLAN 10, then the traffic will go over the trunk and maintain the VLAN 10 tag so switch B knows that its only going to ports in VLAN 10.
Hope it clears things up.
Wayne
The VLAN tag is stripped when it leaves a switch port that is within a specific VLAN. The actually machines are not configured to handle the VLAN Tagging (although you can get them to) so the PC/Server or whatever is connected to the switch port will not do anything with it. Therefore, when the traffic leaves the switch port, it looses the tagging information. The switch handles all this for you.
VLAN Trunks are setup as a switchport which will maintain the VLAN Tag as the traffic leaves the switch port. This way, when it reaches the other end the receving device (usually a switch or a router) will know what VLAN its a member of.
Switch A -> TRUNK -> Switch B
Here if switch A and B have ports assigned to VLAN 10, a machine on Switch A which is connected to a port in VLAN 10, can send traffic to anything connected to a port in VLAN 10. If Switch B has ports also assigned to VLAN 10, then the traffic will go over the trunk and maintain the VLAN 10 tag so switch B knows that its only going to ports in VLAN 10.
Hope it clears things up.
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.117 seconds