vlan tag and untagged

Hello,

I'm having a difficult time understanding the difference between tagging and untagging vlans. When to use each one.
I've read online articles but still not getting it.

let me try to use an example.  If I have 3 vlans. vlan1 for my main network, vlan2 for my wireless-company wifi, and vlan3 for my wireless-guestwifi. and let say I have 5 switches. How would I  configure my switches? which ports would be tagged and untaged? please explain in plain English .   please see attached jpeg.
Capture.JPG
MrMayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

markc56Commented:
The very basic of tagging and untagging is tagging is a way for switches to know what VLAN traffic is to be forwarded to what VLAN. It is only used between switches. Untagged just means that the native VLAN will not have the traffic tagged and therefore the receiving switch(es) will know to forward this traffic to the native VLAN. By default a Cisco switch's native VLAN is VLAN 1. You really do not need to do anything to specify tagging and untagging, that is taken care of by the switch for each VLAN and the untagged VLAN is your native VLAN.

You can change the native VLAN and it is a best practice to do for security reasons. You will also want to verify that all switches have the same native VLAN or you will get "VLAN mismatch errors".

You can configure the switches manually (creating each VLAN on each switch) or you can use VTP. VTP has positives and negatives which is a lot more detail. Again, basic stuff: make the main switch the "server" and the others "clients" and all switches will update per the "Server" switch. This is very basic and you will need more information for setup (i.e., Revision number, domain name, etc.). You will not be able/allowed to configure VLANs on the client switches. Only the server switch can be configured and this information will update (create additional VLANs, etc. as needed).

In addition you will need the port where each switch is connected to another switch setup as a trunk port and allow the needed VLANs.
0
MrMayAuthor Commented:
I guess my mine confusion lies in our current switch configuration. Its been configured previously by a third party IT company and I'm just trying to understand it.
Let me try to explain it.
We have a core switch and 4 switches connected to it (just like the diagram that I attached in my original post).

The core-switch
***************
VLAN1 -> tagged ports none
                  untagged 1-25, 27-37,39,41,43,45,47

VLAN2 (wireless) --> tagged 1,6
                 untagged  26

VLAN3 (guest-wifi) --> tagged 6,11
                untagged 6,11

(this switch has other vlans but I want to concentrate and these 3)

Here are the configs for one of the switches off the core switch (Switch-A)
******************************************************
VLAN1 --> tagged none
                    untagged 1-39, 41-48

VLAN2 (wireless) --> tagged 1-2, 22, 46-48
                                      untagged 40
VLAN3(guest wifi)  --> tagged none
                                    untagged none

my questions are... why is my switchA (the one off the core switch) have so many tagged ports?  
Why does my core switch have port 1 and 6 tagged and 26 untagged for Vlan2?
I'm just not understanding how tagging and untagging works.... (we are using HP switches)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

markc56Commented:
It has been awhile since I have worked with HP switches. The are different (more complicated) than Cisco. After a little research here is what I found about HP switches:

-------------------------------------------------------------------------------------------------------
With HP switches the terminology is different, here switch ports are either tagged members or untagged members of a VLAN.

What's the difference between tagged and untagged? If a port is a tagged member it passes the VLAN information with the traffic it sends. If it is untagged it sends the VLAN traffic without adding in the VLAN tag. So you would only make a port a tagged member if the device that is plugged into it is VLAN aware, i.e. another switch, router, or machine with a VLAN aware NIC. (Note: The VLAN tag is the ID that gets inserted into the head of a network packet). So to do exactly the same as we did in scenario 1, but with HP switches, you would do the following:

BE AWARE: Any single port can only be untagged on one VLAN. Out of the box all ports are untagged on VLAN 1 (or the default VLAN), so if you untag a port into VLAN 20 (for example) it will automatically remove the 'vlan 1 untagged' property for that port.

&

Here is a link for HP configuration of VLANs and ports for:

http://www.hp.com/rnd/device_help/help/hpwnd/webhelp/HPJ4812A/configuration_vlan.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MrMayAuthor Commented:
so in my example above, why do some VLAns have two or more tagged ports? I mean, my understanding is that only one physical port can connect to another physical port on another switch. So what's the point of tagging lets say port 1 and 6?
0
markc56Commented:
HP can only have one UNTAGGED per port, but several TAGGED. The untagged is the natvie VLAN of that port, but it can have several tagged VLANs allowing multipe VLANs to travel over this port and have the other switch know where (which VLAN) to forward traffic to. Multiple VLANs can use different ports on each switch a configured.
0
markc56Commented:
Here is an older experts-exchange link helping with the HP tagging/untagging:

http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_27410110.html
0
MrMayAuthor Commented:
Weird... you say that only one port per vlan can be untagged.... One of my current switches has a vlan that has port 38.40,42,44 untagged. Doesn't untagged port make it a access link.... my understanding is that all untagged ports in a vlan are capable of talking to each other?
0
markc56Commented:
Each and every port can have one untagged VLAN.

The link: http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_27410110.html 
explains the difference in terminology between HP and Cisco which can cause a lot of the confusion.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.