Bill H
asked on
HP Procurve VLAN Tagging
I am playing with a few HP procurves, and I am bit confused as to when you should and shouldnt tag a VLAN
ASKER
So what would be the benefit of untagging?
Hi,
Untagging is used when you are connecting a device to a switch which doesn't understand the 802.1Q tag i.e. an end user device such as a PC.
You will use tagging when connecting a switch to another switch and the link between them must carry multiple vlans so that each switch can distinguish between different vlans.
Tagging can also be used when connecting to an IP phone which has a PC connected to the phone. The voice traffic will be tagged and the PC traffic will be untagged or native.
Untagging is used when you are connecting a device to a switch which doesn't understand the 802.1Q tag i.e. an end user device such as a PC.
You will use tagging when connecting a switch to another switch and the link between them must carry multiple vlans so that each switch can distinguish between different vlans.
Tagging can also be used when connecting to an IP phone which has a PC connected to the phone. The voice traffic will be tagged and the PC traffic will be untagged or native.
Many end user devices won't be able to read the VLAN tag and therefore won't be able to communicate with your network unless a VLAN is sent through the port untagged.
There are many cases in which you might need to TAG the VLANs for the port such as trunks between network devices such as Access Points, VoIP Phones, etc. These devices us the tagging to know where to send information for certain connections. Say you wanted an AP to broadcast VLAN100 as AdminNetwork and VLAN200 as GuestNetwork, the tags would allow the devices to keep those two networks seperated.
If you are familiar with the cisco world, untagged would be the same as a Native VLAN or an Switchport Access VLAN command.
There are many cases in which you might need to TAG the VLANs for the port such as trunks between network devices such as Access Points, VoIP Phones, etc. These devices us the tagging to know where to send information for certain connections. Say you wanted an AP to broadcast VLAN100 as AdminNetwork and VLAN200 as GuestNetwork, the tags would allow the devices to keep those two networks seperated.
If you are familiar with the cisco world, untagged would be the same as a Native VLAN or an Switchport Access VLAN command.
ASKER
Okay, so if i an untagged switch port which is a member of vlan 100 on switch, and i want to access a server that is also vlan 100 on another switch, and the 2 switches are connected via a trunk. If i am untagging, how would the other switch know it came from vlan 100?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So it would be tagged at the trunk then?
Yes
Be very careful using the term "trunk" to refer to a link that carries multiple VLANs in the HP world.
What HP calls a "trunk" is what Cisco calls "EtherChannel".
What Cisco calls "trunking" is what HP calls "tagging".
What HP calls a "trunk" is what Cisco calls "EtherChannel".
What Cisco calls "trunking" is what HP calls "tagging".
ASKER
So how the trunk know it came from vlan100 if the frame isn't tagged
Think of it like this: because the tagging/untagging happens at the port, the switch still knows that the traffic belongs to the untagged vlan that port is configured for. It can then toward the traffic to all other ports that have that vlan configured regardless as to whether it is tagged or untagged.
Don - good point, terminology between manufacturers can be confusing if used for literal definitions.
Don - good point, terminology between manufacturers can be confusing if used for literal definitions.
if you carry multiple vlans over a single port, only one of them can be untagged, the rest must be tagged. The untagged one is called the native vlan and must match at both ends of the link.
I know this is not the point of this topic, but important to properly note.
Another note on the term "Trunk": The term Trunk is actually used on HP ProCurve and Foundry Networks/Brocade switches for LACP Link Aggregation (Trunk Port/Group). The command 'trunk' is used to group and configure ports in a LACP trunk; and 'sh trunk' displays group information for ports involved in the Link Aggregation Trunk. 'VLAN Trunk' (term is lightly used but not in commands) is when you tag or untag an interface or interfaces to one or more VLANs.
Different names are used to describe similar concepts on both platforms.
Cisco HP ProCurve What is it?
--------------------------
Trunk Tagged A port that “carries” multiple VLANs using the 802.1q tag, for example an uplink, an IP phone port.
Access Untagged A port that belongs to a unique VLAN and is untagged
Native VLAN - Defines the untagged VLAN of a 802.1q - tagged port. Defaults to VLAN 1 on HP and Cisco
Cisco HP ProCurve What is it?
--------------------------
Channel-group Trunk Description of an aggregated link
Port-channel Trunk port The logical port representing an aggregated link
Int channel 1 Int trk1 To enter the configuration mode of an aggregated link interface
Another note on the term "Trunk": The term Trunk is actually used on HP ProCurve and Foundry Networks/Brocade switches for LACP Link Aggregation (Trunk Port/Group). The command 'trunk' is used to group and configure ports in a LACP trunk; and 'sh trunk' displays group information for ports involved in the Link Aggregation Trunk. 'VLAN Trunk' (term is lightly used but not in commands) is when you tag or untag an interface or interfaces to one or more VLANs.
Different names are used to describe similar concepts on both platforms.
Cisco HP ProCurve What is it?
--------------------------
Trunk Tagged A port that “carries” multiple VLANs using the 802.1q tag, for example an uplink, an IP phone port.
Access Untagged A port that belongs to a unique VLAN and is untagged
Native VLAN - Defines the untagged VLAN of a 802.1q - tagged port. Defaults to VLAN 1 on HP and Cisco
Cisco HP ProCurve What is it?
--------------------------
Channel-group Trunk Description of an aggregated link
Port-channel Trunk port The logical port representing an aggregated link
Int channel 1 Int trk1 To enter the configuration mode of an aggregated link interface
^Above..... The information didn't line up properly when posted, but you should be able to make sense of it.
More to the point.... Everyone is pretty much correct in there statements, but some further detail needs to be added for clarity.
'Tagged' or 'Untagged': These terms are exactly what they imply. 'Tagged' is when a switch port tags the header of a packet/datagram with a VLAN ID as the packet/datagram leaves the interface or when it matches a VLAN ID (found in the packet/datagram header) to a specific VLAN. VLAN IDs are added to a packet/datagram (on outbound) and then stripped off on the receiving end (on Inbound) of network (On any device supporting 802.1q) and switch interfaces. Tagging VLAN IDs is strickly a function of devices supporting 802.1q.
'Untagged' - VLAN ID is only identified at the Switch level and packets/datagrams are never modified. Therefore, whatever device connected to an untagged interface or untagged native VLAN automatically assumes the VLAN ID assigned to the switches interface (without modifying any packets/datagrams).
You may have a scenario like with VMware on a HP C7000 blade center where you need to tag packets/datagrams at multiple points to ensure traffic is received from the VM down to the switch and vice versa (ie. A -> B -> C -> D - Tagging at each point). (A = Virtual Machine - OS Level, B = ESXi Virtual Switch, C = HP C7000 Virtual Connect, D = Switch Interface). In this scenario, it's important to ensure the VLAN ID is consistent all the way through weither the VLAN ID is tagged or untagged. For the most part, VLAN tagging is normally only between two devices/ network interfaces with the exception of this type of scenario.
'Tagged' or 'Untagged': These terms are exactly what they imply. 'Tagged' is when a switch port tags the header of a packet/datagram with a VLAN ID as the packet/datagram leaves the interface or when it matches a VLAN ID (found in the packet/datagram header) to a specific VLAN. VLAN IDs are added to a packet/datagram (on outbound) and then stripped off on the receiving end (on Inbound) of network (On any device supporting 802.1q) and switch interfaces. Tagging VLAN IDs is strickly a function of devices supporting 802.1q.
'Untagged' - VLAN ID is only identified at the Switch level and packets/datagrams are never modified. Therefore, whatever device connected to an untagged interface or untagged native VLAN automatically assumes the VLAN ID assigned to the switches interface (without modifying any packets/datagrams).
You may have a scenario like with VMware on a HP C7000 blade center where you need to tag packets/datagrams at multiple points to ensure traffic is received from the VM down to the switch and vice versa (ie. A -> B -> C -> D - Tagging at each point). (A = Virtual Machine - OS Level, B = ESXi Virtual Switch, C = HP C7000 Virtual Connect, D = Switch Interface). In this scenario, it's important to ensure the VLAN ID is consistent all the way through weither the VLAN ID is tagged or untagged. For the most part, VLAN tagging is normally only between two devices/ network interfaces with the exception of this type of scenario.
When you leave a port untagged, it dedicates that VLAN to that port and normal equipment that does not look for VLAN tags (Printers, PCs, etc;) will live on that VLAN.
This link may help explain it better for you too: http://www.skullbox.net/hp_procurve_vlan.php