Solved

802.1q concepts issue

Posted on 2011-03-10
4
247 Views
Last Modified: 2012-05-11
Hi, I have read a lot of pieces on 802.1q however I am still perplexed as to the conditions when I should untag or tag a port!  Let me try and illustrate my confusion with an example, a switch and 4 VLANs (v1 to V4).

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
T=Tagged U=Untagged N=No

My question is on port 2, I just have a device that I want to dedicate to V4 only however this should be accessible from ports 1 and 3.  What actually happens to traffic on port2 - will it append VLAN information Tag to it and will it be able to communicate with ports 1 and 3 if they are set to "Tagged" or should they be set to "Untagged" to match it?

What would happen if I have another device that did not support VLANs and this was on another port and VLAN for example,

Port V1 V2 V3 V4
1    T  T  T  T       (HyperV server that uses all VLANs)
2    N  N  N  U       (A device that does not support VLANs)
3    T  T  T  T       (A router to manage security between VLANs)
4    N  U  N  N       (Another device that does not support VLANs)    

Will this work?  Will ports 1 and 3 still be able to communicate with port 4 even though they are "tagged" and port 4 is "untagged" for the same VLAN?  Can I mix "untagged" ports between vlans or do I have to make sure all devices that do not support VLANs are on the same VLAN?!

Does the "tag" mean it is added as the ethernet frame leaves the port, or is it added when the frame is sent to the port?

I am very confused so any pointers would be great.
Thanks
0
Comment
Question by:nmxsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Accepted Solution

by:
kdearing earned 250 total points
ID: 35100652
First of all, you need a Layer-3 device to route traffic between VLANs.
This can be a router or a Layer-3 switch.

An unmanaged switch cannot see tagged traffic, it is not VLAN-capable.

When you put 2 or more VLANs on a port, it becomes a trunk.
By default, every trunk has a native VLAN (usually VLAN1) and that traffic is not tagged
If you decide to change the native VLAN to VLAN2, then that traffic becomes untagged and the switch will see it (VLAN1 will become tagged).

This is why you need to have either:
1. a Layer-2 VLAN-capable switch (almost every managed and web-managed switch) + a router to route traffic between the VLANS
2. a Layer-3 switch; this will be VLAN-capable and will route traffic internally

Hope this explanation helps
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 250 total points
ID: 35101381
>My question is on port 2, I just have a device that I want to dedicate to V4 only

First off, different vendors can use different terminology. For example, Cisco doesn't use the terms "tagged" and "untagged" when discussing 802.1q. They just "trunking" or "access (non-trunking)" .

In your case, it looks like port two is just a plain old port that sends and receives ethernet frames. These frames are in VLAN 4 and are only allowed to/from other ports that are in VLAN 4 or trunks that carry VLAN 4.

On port 1, that's a trunk. And in your example traffic from VLAN 1, 2, 3 and 4 will have a tag added to them which indicates what VLAN the frame is a member of.

One thing to keep in mind. As previously mentioned, 802.1q uses a "native VLAN". The traffic which goes out the trunk port that is a member of the native VLAN doesn't get tagged (all the other VLANs do). So normally I would expect to see an untagged VLAN on port 1. That would be the native VLAN.
 
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35349233
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question