Solved

vlan tag and untagged

Posted on 2014-10-03
9
612 Views
Last Modified: 2014-10-21
Hello,

I'm having a difficult time understanding the difference between tagging and untagging vlans. When to use each one.
I've read online articles but still not getting it.

let me try to use an example.  If I have 3 vlans. vlan1 for my main network, vlan2 for my wireless-company wifi, and vlan3 for my wireless-guestwifi. and let say I have 5 switches. How would I  configure my switches? which ports would be tagged and untaged? please explain in plain English .   please see attached jpeg.
Capture.JPG
0
Comment
Question by:MrMay
  • 6
  • 3
9 Comments
 
LVL 3

Assisted Solution

by:markc56
markc56 earned 500 total points
ID: 40359663
The very basic of tagging and untagging is tagging is a way for switches to know what VLAN traffic is to be forwarded to what VLAN. It is only used between switches. Untagged just means that the native VLAN will not have the traffic tagged and therefore the receiving switch(es) will know to forward this traffic to the native VLAN. By default a Cisco switch's native VLAN is VLAN 1. You really do not need to do anything to specify tagging and untagging, that is taken care of by the switch for each VLAN and the untagged VLAN is your native VLAN.

You can change the native VLAN and it is a best practice to do for security reasons. You will also want to verify that all switches have the same native VLAN or you will get "VLAN mismatch errors".

You can configure the switches manually (creating each VLAN on each switch) or you can use VTP. VTP has positives and negatives which is a lot more detail. Again, basic stuff: make the main switch the "server" and the others "clients" and all switches will update per the "Server" switch. This is very basic and you will need more information for setup (i.e., Revision number, domain name, etc.). You will not be able/allowed to configure VLANs on the client switches. Only the server switch can be configured and this information will update (create additional VLANs, etc. as needed).

In addition you will need the port where each switch is connected to another switch setup as a trunk port and allow the needed VLANs.
0
 
LVL 3

Expert Comment

by:markc56
ID: 40359676
0
 

Author Comment

by:MrMay
ID: 40359702
I guess my mine confusion lies in our current switch configuration. Its been configured previously by a third party IT company and I'm just trying to understand it.
Let me try to explain it.
We have a core switch and 4 switches connected to it (just like the diagram that I attached in my original post).

The core-switch
***************
VLAN1 -> tagged ports none
                  untagged 1-25, 27-37,39,41,43,45,47

VLAN2 (wireless) --> tagged 1,6
                 untagged  26

VLAN3 (guest-wifi) --> tagged 6,11
                untagged 6,11

(this switch has other vlans but I want to concentrate and these 3)

Here are the configs for one of the switches off the core switch (Switch-A)
******************************************************
VLAN1 --> tagged none
                    untagged 1-39, 41-48

VLAN2 (wireless) --> tagged 1-2, 22, 46-48
                                      untagged 40
VLAN3(guest wifi)  --> tagged none
                                    untagged none

my questions are... why is my switchA (the one off the core switch) have so many tagged ports?  
Why does my core switch have port 1 and 6 tagged and 26 untagged for Vlan2?
I'm just not understanding how tagging and untagging works.... (we are using HP switches)
0
 
LVL 3

Accepted Solution

by:
markc56 earned 500 total points
ID: 40359812
It has been awhile since I have worked with HP switches. The are different (more complicated) than Cisco. After a little research here is what I found about HP switches:

-------------------------------------------------------------------------------------------------------
With HP switches the terminology is different, here switch ports are either tagged members or untagged members of a VLAN.

What's the difference between tagged and untagged? If a port is a tagged member it passes the VLAN information with the traffic it sends. If it is untagged it sends the VLAN traffic without adding in the VLAN tag. So you would only make a port a tagged member if the device that is plugged into it is VLAN aware, i.e. another switch, router, or machine with a VLAN aware NIC. (Note: The VLAN tag is the ID that gets inserted into the head of a network packet). So to do exactly the same as we did in scenario 1, but with HP switches, you would do the following:

BE AWARE: Any single port can only be untagged on one VLAN. Out of the box all ports are untagged on VLAN 1 (or the default VLAN), so if you untag a port into VLAN 20 (for example) it will automatically remove the 'vlan 1 untagged' property for that port.

&

Here is a link for HP configuration of VLANs and ports for:

http://www.hp.com/rnd/device_help/help/hpwnd/webhelp/HPJ4812A/configuration_vlan.htm
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:MrMay
ID: 40359983
so in my example above, why do some VLAns have two or more tagged ports? I mean, my understanding is that only one physical port can connect to another physical port on another switch. So what's the point of tagging lets say port 1 and 6?
0
 
LVL 3

Assisted Solution

by:markc56
markc56 earned 500 total points
ID: 40360107
HP can only have one UNTAGGED per port, but several TAGGED. The untagged is the natvie VLAN of that port, but it can have several tagged VLANs allowing multipe VLANs to travel over this port and have the other switch know where (which VLAN) to forward traffic to. Multiple VLANs can use different ports on each switch a configured.
0
 
LVL 3

Expert Comment

by:markc56
ID: 40360122
Here is an older experts-exchange link helping with the HP tagging/untagging:

http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_27410110.html
0
 

Author Comment

by:MrMay
ID: 40360129
Weird... you say that only one port per vlan can be untagged.... One of my current switches has a vlan that has port 38.40,42,44 untagged. Doesn't untagged port make it a access link.... my understanding is that all untagged ports in a vlan are capable of talking to each other?
0
 
LVL 3

Expert Comment

by:markc56
ID: 40360145
Each and every port can have one untagged VLAN.

The link: http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_27410110.html
explains the difference in terminology between HP and Cisco which can cause a lot of the confusion.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now