Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

802.1q concepts issue

Posted on 2011-03-10
4
Medium Priority
?
250 Views
Last Modified: 2012-05-11
Hi, I have read a lot of pieces on 802.1q however I am still perplexed as to the conditions when I should untag or tag a port!  Let me try and illustrate my confusion with an example, a switch and 4 VLANs (v1 to V4).

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
T=Tagged U=Untagged N=No

My question is on port 2, I just have a device that I want to dedicate to V4 only however this should be accessible from ports 1 and 3.  What actually happens to traffic on port2 - will it append VLAN information Tag to it and will it be able to communicate with ports 1 and 3 if they are set to "Tagged" or should they be set to "Untagged" to match it?

What would happen if I have another device that did not support VLANs and this was on another port and VLAN for example,

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
4    N  U  N  N       (Another device that does not support VLANs)    

Will this work?  Will ports 1 and 3 still be able to communicate with port 4 even though they are "tagged" and port 4 is "untagged" for the same VLAN?  Can I mix "untagged" ports between vlans or do I have to make sure all devices that do not support VLANs are on the same VLAN?!

Does the "tag" mean it is added as the ethernet frame leaves the port, or is it added when the frame is sent to the port?

I am very confused so any pointers would be great.
Thanks
0
Comment
Question by:nmxsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Accepted Solution

by:
kdearing earned 1000 total points
ID: 35100652
First of all, you need a Layer-3 device to route traffic between VLANs.
This can be a router or a Layer-3 switch.

An unmanaged switch cannot see tagged traffic, it is not VLAN-capable.

When you put 2 or more VLANs on a port, it becomes a trunk.
By default, every trunk has a native VLAN (usually VLAN1) and that traffic is not tagged
If you decide to change the native VLAN to VLAN2, then that traffic becomes untagged and the switch will see it (VLAN1 will become tagged).

This is why you need to have either:
1. a Layer-2 VLAN-capable switch (almost every managed and web-managed switch) + a router to route traffic between the VLANS
2. a Layer-3 switch; this will be VLAN-capable and will route traffic internally

Hope this explanation helps
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 1000 total points
ID: 35101381
>My question is on port 2, I just have a device that I want to dedicate to V4 only

First off, different vendors can use different terminology. For example, Cisco doesn't use the terms "tagged" and "untagged" when discussing 802.1q. They just "trunking" or "access (non-trunking)" .

In your case, it looks like port two is just a plain old port that sends and receives ethernet frames. These frames are in VLAN 4 and are only allowed to/from other ports that are in VLAN 4 or trunks that carry VLAN 4.

On port 1, that's a trunk. And in your example traffic from VLAN 1, 2, 3 and 4 will have a tag added to them which indicates what VLAN the frame is a member of.

One thing to keep in mind. As previously mentioned, 802.1q uses a "native VLAN". The traffic which goes out the trunk port that is a member of the native VLAN doesn't get tagged (all the other VLANs do). So normally I would expect to see an untagged VLAN on port 1. That would be the native VLAN.
 
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35349233
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question