Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

802.1q concepts issue

Hi, I have read a lot of pieces on 802.1q however I am still perplexed as to the conditions when I should untag or tag a port!  Let me try and illustrate my confusion with an example, a switch and 4 VLANs (v1 to V4).

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
T=Tagged U=Untagged N=No

My question is on port 2, I just have a device that I want to dedicate to V4 only however this should be accessible from ports 1 and 3.  What actually happens to traffic on port2 - will it append VLAN information Tag to it and will it be able to communicate with ports 1 and 3 if they are set to "Tagged" or should they be set to "Untagged" to match it?

What would happen if I have another device that did not support VLANs and this was on another port and VLAN for example,

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
4    N  U  N  N       (Another device that does not support VLANs)    

Will this work?  Will ports 1 and 3 still be able to communicate with port 4 even though they are "tagged" and port 4 is "untagged" for the same VLAN?  Can I mix "untagged" ports between vlans or do I have to make sure all devices that do not support VLANs are on the same VLAN?!

Does the "tag" mean it is added as the ethernet frame leaves the port, or is it added when the frame is sent to the port?

I am very confused so any pointers would be great.
Thanks
0
nmxsupport
Asked:
nmxsupport
2 Solutions
 
kdearingCommented:
First of all, you need a Layer-3 device to route traffic between VLANs.
This can be a router or a Layer-3 switch.

An unmanaged switch cannot see tagged traffic, it is not VLAN-capable.

When you put 2 or more VLANs on a port, it becomes a trunk.
By default, every trunk has a native VLAN (usually VLAN1) and that traffic is not tagged
If you decide to change the native VLAN to VLAN2, then that traffic becomes untagged and the switch will see it (VLAN1 will become tagged).

This is why you need to have either:
1. a Layer-2 VLAN-capable switch (almost every managed and web-managed switch) + a router to route traffic between the VLANS
2. a Layer-3 switch; this will be VLAN-capable and will route traffic internally

Hope this explanation helps
0
 
Don JohnstonInstructorCommented:
>My question is on port 2, I just have a device that I want to dedicate to V4 only

First off, different vendors can use different terminology. For example, Cisco doesn't use the terms "tagged" and "untagged" when discussing 802.1q. They just "trunking" or "access (non-trunking)" .

In your case, it looks like port two is just a plain old port that sends and receives ethernet frames. These frames are in VLAN 4 and are only allowed to/from other ports that are in VLAN 4 or trunks that carry VLAN 4.

On port 1, that's a trunk. And in your example traffic from VLAN 1, 2, 3 and 4 will have a tag added to them which indicates what VLAN the frame is a member of.

One thing to keep in mind. As previously mentioned, 802.1q uses a "native VLAN". The traffic which goes out the trunk port that is a member of the native VLAN doesn't get tagged (all the other VLANs do). So normally I would expect to see an untagged VLAN on port 1. That would be the native VLAN.
 
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now