VLAN Tagged vs Untagged: Unlock Your Network’s Power

Introduction

Vlan tagging is the process through which a sender switch adds a header in a frame to identify the VLAN to which the frame belongs. If our LAN consists of more than two switches and each switch consists of more than one VLAN, e.g. switch1 has Vlan10 and Vlan20, and similarly, switch2 has Vlan10 and Vlan20, then there will be a need for vlan tagging. Communication between VLANs on different switches is not possible without VLAN tagging. Similarly, VLAN untagging is the process where traffic from the native VLAN passes through a trunk link without a VLAN tag. However, VLAN tagged vs untagged is an important topic to learn in the CCNA course. We will explain it more in the following.

VLAN tagged vs untagged

We will explain VLAN-tagged vs untagged with the help of examples and diagrams. What will be the impact if a Switch doesn’t insert a “tag” into the frame? Suppose our network diagram has two switches, e.g. Switch1 and Switch2. Vlan10 and vlan 20 are configured on both switches.

If we don’t establish a trunk link between switch1 and switch2, then VLANs in switch1 will not send data to their corresponding VLANs in switch2.

ping frm PC1 to PC5 without trunk

PC1 at switch1 in vlan10 is not able to ping PC5 at switch2 in the same vlan10. This is due to the fact that the interface Gig0/1 is not a trunk link, and it allows only vlan1 traffic.

Tagged vlan

Vlan tagging allows us to send multiple VLAN traffic from one switch to another switch through the use of only one link. In this way, we can send multiple VLAN traffic from one switch to another. Vlan trunk link creates multiple virtual links within the physical link between the switches.

The sender switch adds an extra tag in the frame when the switch sends the data to the other switch.

Untagged vlan

Vlan1 traffic is untagged vlan. Vlan 1 is also known as default vlan. There is no need to create a default vlan, but it’s already made.

ping from pc11 to 12 nattive vlan

Both the PCs (PC11 and PC12) are in the same VLAN1 or untagged VLAN. So, the ping between them is successful, although there is no trunk link between the switches.

How Switch Separate Vlan’s Traffic?

We will explain this process through the use of an example. Suppose PC1 at switch1 in vlan10 sends data to PC5 at switch2 in vlan10, then first PC1’s data will come to switch1 in the form of a frame. As the PC5 is connected to switch2 through the trunk link, switch1 will send the data to switch2 through the trunk link. But, before sending data on the trunk link, Switch1  ensures that PC1 data shouldn’t be collapsed with the other PCs (vlan20) data. That’s why Switch1 adds vlan10 information in the PC1’s frame. The addition of the vlan10 in the PC1’s frame is called tagging, which is also known as 802.1q vlan tagging.

When the Switch2 receives this frame, it removes this tag from the frame and sends it to the PC5.

There are two important protocols for vlan tagging:

  • IEEE 802.1 q vlan tagging
  • ISL (Inter-Switch Link)

IEEE 8021q is an industry-level standard protocol, developed by IEEE. While ISL (Inter-Switch Link) is a Cisco proprietary protocol, that was available only on Cisco switches. ISL was developed before IEEE 802.1q vlan tagging. The working of both the protocols are the same but in different manners. However, ISL is not supported on modern Cisco IOS (15.x).

802.1q has 32-bit or 4 bytes, where 12-bits are reserved for vlan ID (vlan range). It can insert a vlan ID from 0 to 4096. 802 1q carries multiple VLAN traffic as well as separates each vlan from one another.

802.1q vlan tagging

How to Create 802.1Q Trunk

We will use the following lab topology for the IEEE 802.1q vlan trunk link.

vlan tagged vs untagged topology

Create two vlans on switch1 and switch2. Assign associative interfaces to the respective vlans through switchport mode access and switchport access vlan commands. Run the command “show vlan” and check for vlans with associative interfaces.

show vlan brief

As there is no trunk link between Switch1 and Switch2, PC1 at SWTICH1 in vlan10 will not ping with PC5 in vlan2 at SWTICH2. The reason for not pinging is that PC1 is in vlan10, while the interface Gig0/1 only allows vlan1 traffic, or only native vlan traffic is passing through Gig0/1.

show interface trunk

Check the interface Gig0/1, which connects switch1 to switch2.

show interface gigabit 0 slash 1 switchport status

Check the same commands on Switch 2, which will have the same output. The Gig0/1 has switchport mode access. We are going to convert this “access mode” into a trunk mode through the following commands.

Ping from PC1 to PC2 and PC5. PC1 will ping PC2, but it will not ping PC5, because it’s on another switch and the trunk has not been configured till now.

ping from PC1 to PC2 and PC5 in vlan 10

Configure 802 1Q trunk on Switch1 and Switch2.

confiugure trunk link

Check the trunk link on Switch 1 and Switch 2.

show interface trunk

Ping again PC5 on Switch2 from PC1;

As we have established a trunk link between the switches, PC1 can ping PC5 in the same vlan.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *