-
Notifications
You must be signed in to change notification settings - Fork 0
/
VLAN.txt
42 lines (23 loc) · 4.56 KB
/
VLAN.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
How Virtual Local Area Networks (VLANs) Work
By Edward Tetz from Cisco Networking All-in-One For Dummies
The magic of how virtual local area networks (VLANs) work is found in the Ethernet headers. When a switch receives an Ethernet frame, the frame will either already have a VLAN tag or the switch will insert a VLAN tag into the Ethernet header. If the frame was received from another switch, that switch will have already inserted the VLAN tag; while frames come from network devices, such as computers, the frame will not have a VLAN tag.
If you are using the switch defaults for VLANs, the VLAN tag that will be placed on the frame is VLAN1. When placing a VLAN tag (also known as an IEEE 802.1Q tag) on the Ethernet frame, the four bytes of data, which make up the VLAN tag, are inserted before the Type field, as shown in the following figure. This 4-byte header includes several pieces of information:
A 2-byte Tag Protocol Identifier (TPID), which will be set to a value of 0x8100 to denote that this frame carries 802.1Q or 802.1p tag information.
A 2-byte Tag Control Information (TCI), which is made of the following:
A 3-bit user Priority Code Point (PCP) that sets a priority value between 0 and 7, which can be used for Quality of Service (QoS) priority traffic delivery.
A 1-bit Canonical Format Indicator (CFI) that is a compatibility bit between Ethernet and other network structures, such as Token Ring. For Ethernet networks, this value will also be set to zero.
A 12-bit VLAN Identifier (VID) that identifies the VLAN the frame belongs to.
image0.jpg
Haggling with gargantuan packet sizes
An unfortunate error can happen when tagging VLANs on a frame. The maximum size of an IEEE 802.3 Ethernet frame is 1518 bytes. If the payload or data portion contains its full 1500 bytes of data and the additional 4-byte header into the frame, the frame would be 1,522 bytes in size.
To deal with this situation, IEEE released a new standard for Ethernet in 1998 (IEEE 802.3ac) that increased the maximum size of an Ethernet frame to 1,522 bytes. If you have older switches that do not support the larger IEEE 802.3ac frame size, your switches might drop these unsupported frames with notification or might report them as baby giants, or overly sized frames.
Prior to the IEEE 802.1Q standard defining VLAN tagging, some vendors took matters into their own hands with proprietary solutions. Cisco’s answer to the problem was Inter-Switch Link (ISL), which now runs on switchports configured for Trunk mode.
In addition to switches, Cisco has supported ISL with router connections since Cisco IOS Release 11.1. ISL implements support for VLAN information in a completely different manner than IEEE 802.1Q; instead of inserting a header into the Ethernet frame it encapsulates the entire existing Ethernet frame into an ISL frame with a new header used to transport the Ethernet frame between switches.
The ISL frame adds an extra 30 bytes to the size of the Ethernet frame with a 26-byte ISL header containing the VLAN ID and a 4-byte checksum at the end of the frame. This overhead exists only if the frame goes out over an ISL link.
When the ISL frame leaves the switch, the switch examines the port type of the exiting port. If the port is not part of an ISL link, the ISL encapsulation is stripped from the frame, and the standard 802.1Q tag is inserted into the Ethernet frame.
VLAN frames
Now you know how to move VLAN traffic from one switch to another by using IEEE 802.1Q tags or ISL frames across ISL links, but how does VLAN information get onto the frames in the first place? There are both manual and automatic methods for doing this, but the most common method is the manual method of configuring a port-based VLAN.
With a port-based VLAN, your switch examines data that comes in on a port, and if the data is not already tagged with a VLAN, the switch then places a VLAN tag on the data.
When implementing VLANs on your network, you use trunk ports for your inter-switch links, but for your client access ports, you use Access mode instead of Trunk mode.
When you unbox your new switch, all ports are in Access mode by default; that means that they expect to have computing devices connected to them, and they will automatically insert IEEE 802.1Q tags into any Ethernet frames that do not already have tags. Typically, ports in Access mode expect to see untagged traffic because computers and other devices do not know how to pre-tag Ethernet frames.
If you have implemented IP telephony, IP phones are capable of tagging their own traffic through an integrated two-port switch.