I would like to understand the flow of frames through a switch when using vlans.
1. Are the frames tagged with VLan I.D everytime they arrive at the port from the attached end device and before being processed/forwarded by the switch?
Or are the frames only ever tagged if they are to be forwarded to a 802.1Q device such as a trunk port to another switch or IP Phone?
2. I thought the switch uses a forwarding decision based on Dest Mac address. How does the vlan tag help in a forwarding decision?
Is it only ever used in the case of a broadcast packet?
when a switch knows out which port a MAC address X is it will forward the frame with destination MAC address X out it.
This doesn't change if the vlan extends over multiple switches:
the outgoing interface becomes an uplink or trunk port.
A switch knows how to send traffic with a destination that has spoken in the last 300 seconds (default aging time).
If a frame has an unknown unicast destination Y it is treated like a broadcast: sent out all ports in vlan
As soon as that Y MAC address starts to talk again the association MAC Y, vlan id, port is made and frames are processed as unicast traffic.
You could recognize a switch uplink because multiple MAC addresses are associated with the port (if the vlan spans over multiple switches)
This MAC filtering capability is one of the greatest advantages of LAN switches over simple signal repeaters like hubs: they save bandwidth making each collision domain confined at each switch port
Hope to help