VLAN Tagged vs Untagged: Unlock Your Network’s Power
Introduction
Vlan tagging is the process through which a sender switch adds a header in a frame to identify the VLAN to which the frame belongs. If our LAN consists of more than two switches and each switch consists of more than one VLAN, e.g. switch1 has Vlan10 and Vlan20, and similarly, switch2 has Vlan10 and Vlan20, then there will be a need for vlan tagging. Communication between VLANs on different switches is not possible without VLAN tagging. Similarly, VLAN untagging is the process where traffic from the native VLAN passes through a trunk link without a VLAN tag. However, VLAN tagged vs untagged is an important topic to learn in the CCNA course. We will explain it more in the following.
VLAN tagged vs untagged
We will explain VLAN-tagged vs untagged with the help of examples and diagrams. What will be the impact if a Switch doesn’t insert a “tag” into the frame? Suppose our network diagram has two switches, e.g. Switch1 and Switch2. Vlan10 and vlan 20 are configured on both switches.
If we don’t establish a trunk link between switch1 and switch2, then VLANs in switch1 will not send data to their corresponding VLANs in switch2.
PC1 at switch1 in vlan10 is not able to ping PC5 at switch2 in the same vlan10. This is due to the fact that the interface Gig0/1 is not a trunk link, and it allows only vlan1 traffic.
Tagged vlan
Vlan tagging allows us to send multiple VLAN traffic from one switch to another switch through the use of only one link. In this way, we can send multiple VLAN traffic from one switch to another. Vlan trunk link creates multiple virtual links within the physical link between the switches.
The sender switch adds an extra tag in the frame when the switch sends the data to the other switch.
Untagged vlan
Vlan1 traffic is untagged vlan. Vlan 1 is also known as default vlan. There is no need to create a default vlan, but it’s already made.
Both the PCs (PC11 and PC12) are in the same VLAN1 or untagged VLAN. So, the ping between them is successful, although there is no trunk link between the switches.
How Switch Separate Vlan’s Traffic?
We will explain this process through the use of an example. Suppose PC1 at switch1 in vlan10 sends data to PC5 at switch2 in vlan10, then first PC1’s data will come to switch1 in the form of a frame. As the PC5 is connected to switch2 through the trunk link, switch1 will send the data to switch2 through the trunk link. But, before sending data on the trunk link, Switch1 ensures that PC1 data shouldn’t be collapsed with the other PCs (vlan20) data. That’s why Switch1 adds vlan10 information in the PC1’s frame. The addition of the vlan10 in the PC1’s frame is called tagging, which is also known as 802.1q vlan tagging.
When the Switch2 receives this frame, it removes this tag from the frame and sends it to the PC5.
There are two important protocols for vlan tagging:
- IEEE 802.1 q vlan tagging
- ISL (Inter-Switch Link)
IEEE 8021q is an industry-level standard protocol, developed by IEEE. While ISL (Inter-Switch Link) is a Cisco proprietary protocol, that was available only on Cisco switches. ISL was developed before IEEE 802.1q vlan tagging. The working of both the protocols are the same but in different manners. However, ISL is not supported on modern Cisco IOS (15.x).
802.1q has 32-bit or 4 bytes, where 12-bits are reserved for vlan ID (vlan range). It can insert a vlan ID from 0 to 4096. 802 1q carries multiple VLAN traffic as well as separates each vlan from one another.
How to Create 802.1Q Trunk
We will use the following lab topology for the IEEE 802.1q vlan trunk link.
Create two vlans on switch1 and switch2. Assign associative interfaces to the respective vlans through switchport mode access and switchport access vlan commands. Run the command “show vlan” and check for vlans with associative interfaces.
As there is no trunk link between Switch1 and Switch2, PC1 at SWTICH1 in vlan10 will not ping with PC5 in vlan2 at SWTICH2. The reason for not pinging is that PC1 is in vlan10, while the interface Gig0/1 only allows vlan1 traffic, or only native vlan traffic is passing through Gig0/1.
Check the interface Gig0/1, which connects switch1 to switch2.
Check the same commands on Switch 2, which will have the same output. The Gig0/1 has switchport mode access. We are going to convert this “access mode” into a trunk mode through the following commands.
Ping from PC1 to PC2 and PC5. PC1 will ping PC2, but it will not ping PC5, because it’s on another switch and the trunk has not been configured till now.
Configure 802 1Q trunk on Switch1 and Switch2.
Check the trunk link on Switch 1 and Switch 2.
Ping again PC5 on Switch2 from PC1;
As we have established a trunk link between the switches, PC1 can ping PC5 in the same vlan.