- Posts: 227
- Thank you received: 0
Tag and Untag?
20 years 4 months ago #4487
by apit
Tag and Untag? was created by apit
when configuring switch port , i often make it untag for utp and tag for fiber but i don't really understand why should i do that.Just read from the books but not really understand the concept. Can expert out there give clear discription to me.tq
20 years 3 months ago #4511
by varun
Replied by varun on topic Re: Tag and Untag?
Basically if you make UTP tagged, your switch will not accept untagged frames and drop them. There might be a case when someone just wants to send untagged frames (eg. broadcast messages). Therefore, the need to have untagged UTP.
Fibre is needed to be tagged because it almost always forms the backbone of a network and therefore we only need tagged frames to be transmitted from VLANs spread across multiple switches.
I hope this brief information has helped you in answering your query to a certain extent.
Fibre is needed to be tagged because it almost always forms the backbone of a network and therefore we only need tagged frames to be transmitted from VLANs spread across multiple switches.
I hope this brief information has helped you in answering your query to a certain extent.
20 years 3 months ago #4525
by apit
Replied by apit on topic Re: Tag and Untag?
so, that mean we MUST configure tag for fiber and untagged for utp..
we set fiber to tag because it always been use but utp not always in use; sp we set utp to untagged..
is that true?
what is the effect when we set fiber to untagged?
we set fiber to tag because it always been use but utp not always in use; sp we set utp to untagged..
is that true?
what is the effect when we set fiber to untagged?
20 years 3 months ago #4527
by varun
Replied by varun on topic Re: Tag and Untag?
ok lets consider the basics first ....
When you're referring to fibre, i believe that means a Gigabit (1000 Mbps) port (interface) that is the trunk port of Switch A that forms a tunnel (trunk) to the Gig port (again a trunk port) of Switch B and a tunnel (trunk) is established between these two ports of Switch A & B.
Suppose we have VLANs (port-based) 100 and 200 in Switch A and Switch B also has devices (attached to ports) that are members of VLANs 100 and 200 i.e. both VLANs 100 and 200 exist on both the Switches. Now, when Switch A receives a broadcast from a host in VLAN 100, it has to broadcast it to all the members of VLAN 100 i.e Switch A also has to forward the broadcast to Switch B since VLAN 100 also exists on Switch B.
Now, Switch A adds a VLAN tag (header) to the frame it received from the host in VLAN 100. Among other things, the VLAN tag has the VLAN number which identifies from which VLAN the frame originated. The frame is sent via the Gig port (tagged) of Switch A to the Gig port (tagged) of Switch B. The Gig ports on both the Switches are members of all the VLANs that exist on their respective Switches (this is manually configured by the network admin).
When Switch B receives the VLAN tagged frame from Switch A, it looks into the VLAN tag and sees that it's from VLAN 100 and switches the frame to all the ports that are members of VLAN 100 in Switch B. And similarly with frames coming from VLAN 200, Switch B, switches the frames to all the ports that are members of VLAN 200 in Switch B.
Now if the Gig port on Switch A was untagged, it would send out frames as untagged no matter from which VLAN in Switch A, the frames originated. It means that if the host on VLAN 100 sends a broadcast, it will be sent to Switch B as an untagged frame i.e. with no VLAN id and if the Gig port on Switch B is tagged, it will drop the incoming frame from Switch A since it's untagged (this depends on the Ingress filtering rules enabled for that port). If, however, the Gig port of Switch B is untagged, it receives the untagged frame from Switch A and assigns it a Port Vlan Id (PVID). PVID is the default VLAN ID set for a particular port. It is usually set to 1 in almost all switches. And so the frame will incorrectly be sent out to all the members of VLAN 1.
However if we assign the PVID on the Gig port of Switch B as 100. Then the untagged frames coming from Switch A will be assigned a PVID of 100 and sent out to all the ports that are members of VLAN 100. But what if the untagged frame came from VLAN 200 in Switch A?? Therefore, though not compulsory, it is HIGHLY advisable to always keep your Gig ports (trunk ports) as tagged.
When you're referring to fibre, i believe that means a Gigabit (1000 Mbps) port (interface) that is the trunk port of Switch A that forms a tunnel (trunk) to the Gig port (again a trunk port) of Switch B and a tunnel (trunk) is established between these two ports of Switch A & B.
Suppose we have VLANs (port-based) 100 and 200 in Switch A and Switch B also has devices (attached to ports) that are members of VLANs 100 and 200 i.e. both VLANs 100 and 200 exist on both the Switches. Now, when Switch A receives a broadcast from a host in VLAN 100, it has to broadcast it to all the members of VLAN 100 i.e Switch A also has to forward the broadcast to Switch B since VLAN 100 also exists on Switch B.
Now, Switch A adds a VLAN tag (header) to the frame it received from the host in VLAN 100. Among other things, the VLAN tag has the VLAN number which identifies from which VLAN the frame originated. The frame is sent via the Gig port (tagged) of Switch A to the Gig port (tagged) of Switch B. The Gig ports on both the Switches are members of all the VLANs that exist on their respective Switches (this is manually configured by the network admin).
When Switch B receives the VLAN tagged frame from Switch A, it looks into the VLAN tag and sees that it's from VLAN 100 and switches the frame to all the ports that are members of VLAN 100 in Switch B. And similarly with frames coming from VLAN 200, Switch B, switches the frames to all the ports that are members of VLAN 200 in Switch B.
Now if the Gig port on Switch A was untagged, it would send out frames as untagged no matter from which VLAN in Switch A, the frames originated. It means that if the host on VLAN 100 sends a broadcast, it will be sent to Switch B as an untagged frame i.e. with no VLAN id and if the Gig port on Switch B is tagged, it will drop the incoming frame from Switch A since it's untagged (this depends on the Ingress filtering rules enabled for that port). If, however, the Gig port of Switch B is untagged, it receives the untagged frame from Switch A and assigns it a Port Vlan Id (PVID). PVID is the default VLAN ID set for a particular port. It is usually set to 1 in almost all switches. And so the frame will incorrectly be sent out to all the members of VLAN 1.
However if we assign the PVID on the Gig port of Switch B as 100. Then the untagged frames coming from Switch A will be assigned a PVID of 100 and sent out to all the ports that are members of VLAN 100. But what if the untagged frame came from VLAN 200 in Switch A?? Therefore, though not compulsory, it is HIGHLY advisable to always keep your Gig ports (trunk ports) as tagged.
20 years 2 months ago #4981
by apit
Replied by apit on topic Re: Tag and Untag?
oic..
now i can understand..
what is the mening of trunk?
is it a tunnel?
now i can understand..
what is the mening of trunk?
is it a tunnel?
20 years 2 months ago #4999
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Tag and Untag?
www.firewall.cx/vlans-links.php
Should help you out
Should help you out
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.153 seconds