xStack
®
DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual
IEEE 802.1Q VLANs
Some relevant terms:
y Tagging - The act of putting 802.1Q VLAN information into the header of a packet.
y Untagging - The act of stripping 802.1Q VLAN information out of the packet header.
y Ingress port - A port on a switch where packets are flowing into the Switch and VLAN decisions must be
made.
y Egress port - A port on a switch where packets are flowing out of the Switch, either to another switch or to
an end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the Switch. 802.1Q VLANs require tagging, which enables them to
span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a
VLAN will only be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and
this includes broadcast, multicast and unicast packets from unknown sources.
VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver packets between
stations that are members of the VLAN.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs allows
VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows
VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to
be enabled on all ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving port is a
member.
The main characteristics of IEEE 802.1Q are as follows:
y Assigns packets to VLANs by filtering.
y Assumes the presence of a single global
spanning tree.
y Uses an explicit tagging scheme with one-level
tagging.
y 802.1Q VLAN Packet Forwarding
y Packet forwarding decisions are made based
upon the following three types of rules:
y Ingress rules - rules relevant to the classification
of received frames belonging to a VLAN.
y Forwarding rules between ports - decides
whether to filter or forward the packet.
y Egress rules - determines if the packet must be
sent tagged or untagged.
Figure 3 - 2. IEEE 802.1Q Packet Forwarding
802.1Q VLAN Tags
The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address.
Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to
0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists
of three bits of user priority, one bit of Canonical Format Identifier (CFI - used for encapsulating Token Ring packets
so they can be carried across Ethernet backbones), and twelve bits of VLAN ID (VID). The three bits of user priority
are used by 802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard. Because the VID is twelve
bits long, 4094 unique VLANs can be identified.
The tag is inserted into the packet header making the entire packet longer by four octets. All of the information
originally contained in the packet is retained.
59