Solved: understanding VLAN tagging

kjbarrass · ‎03-27-2009

Hi

im struggling to understand how VLAN dot1q tags are handled internaly on the switch. When a frame enters an access port in say vlan 5 is it tagged ingress on the switch so the switch knows what vlan it belongs to. what about with a dot1q when a frame is received tagged on a dot1q trunk is the tag retained so the switch knows how to handle the packet internaly.

Any clarrification on this appreciated.

Regards

Kev

Jon Marshall · ‎03-27-2009

Kev

When a switch receives a tagged frame on a trunk port the tag is removed and the frame then forwarded to either

1) the mac-address of the destination in that vlan

2) all ports in that vlan if the destination mac-address is unknown. This may also include other trunk links in which case the packet will have a tag added to it again.

Switches keep a per vlan mac-address table so once the tag has been removed the switch simply refers to the mac-address table for that vlan.

Jon

View solution in original post

Giuseppe Larosa · ‎03-27-2009

Hello Kevin,

>> what about with a dot1q when a frame is received tagged on a dot1q trunk is the tag retained so the switch knows how to handle the packet internaly.

yes the switch needs to know on what vlan the frame has been received to perform the correct actions

Hope to help

Giuseppe

kjbarrass · ‎03-27-2009

Hi

Sorry the bit iam confused about is when a tagged frame is received on a dot1q trunk is the tag retained for the switch to make internal forwarding decisions and also when a un-tagged frame is received on an access port is it tagged again for internal use.

Regards

Kev

Jon Marshall · ‎03-27-2009

Kev

When a switch receives a tagged frame on a trunk port the tag is removed and the frame then forwarded to either

1) the mac-address of the destination in that vlan

2) all ports in that vlan if the destination mac-address is unknown. This may also include other trunk links in which case the packet will have a tag added to it again.

Switches keep a per vlan mac-address table so once the tag has been removed the switch simply refers to the mac-address table for that vlan.

Jon

kjbarrass · ‎03-27-2009

hi

that makes sense so the tag is stripped and has no internal signifficance it is only used to decide what part of the mac-add-table to look at.

Regards

Kev

Joseph W. Doherty · ‎03-27-2009

Jon,

A similar question about tagged frames within a switch arose some time back. As I recall, what you're descibing could happen or a switch might maintain tagged frames internally. What the switch "had" to do was apply/remove tags as required sending frames out ports, and of course "understand" tags entering ports, but internally the switch architecure could do as it pleased.

Do you know of any requirement that switches never maintain frame tags, of some kind, internally or that no switch does? (This might be very hard to tell since how a particular box operates internallly can be part of the vendor's "secret sauce".)

Jon Marshall · ‎03-27-2009

Joseph

Yes, i seem to remember a similiar conversation a while back.

I think as you say the problem is that vendors quite often don't publicize the detailed internal workings, i know there have been times when i have spent fruitless hours trying to find info on how a 6500 does one particular thing :-). Presumably someone from Cisco may well be able to answer altho whether they would...

I think it's entirely reasonable that the switch may well have an internal tag for each packet, kind of like the way it uses an internal DSCP value for QOS decisions, but as to the format of that tag i would have no idea. I suspect it would not be a standard 802.1q tag but who knows.

So i tried to explain the workings without referencing an internal tag because i'm really not sure there is one.

Jon