how to generate vlan tag

Latest reply: Oct 22, 2014 15:04:29 4045 11 0 0


Hi 
below  excerpts  from  the topic " how to generate vlan tag " 


"All the ethernet frames exist in the switch in the form of tagged frames .certain ports may receive untagged frames from peer devices , 
but the frame from the port of the local switch must be a tagged frame .if the frame received is tagged , it will be forwarded ; if it is untagged , 
a tag will be added to it .The device can implement a VLAN in the following way . 


admin configures a a pvid for every port of a switch , known as the port VLAN ID or port default VLAN. if an untagged frame is received , the VLAN ID will be the PVID "


question : what is peer devices mentioned above 


As far as I know  the vlan tag is adding when the frame leaves at the trunk port and the tag will be stripped by the receiving switch .Is that true ?.




Please clarify , i am a newbie in networking 


  • x
  • convention:

Jon_TX
Created Oct 15, 2014 22:04:54 Helpful(0) Helpful(0)

peer device just means any device that's connected to the port... if you receive an untagged frame, the peer is usually a end user device such as a desktop computer, maybe a server.


i think you need to understand the purpose of a TRUNK first.

trunk is used to connect two switches and pass multiple vlans.

long time ago when there was no trunk, you needed multiple connections between two switches to pass vlans.

for each vlan, you need a connection. so if you had 10 vlans, you needed 10 connections between switches.  

trunk saves you number of ports being used between switches.

now you only need 1 port, no matter how many vlans you have.


normally, trunk port does not tag or untag frames.  they just let them pass, but first you must configure which vlans are allowed to pass.  otherwise they will be dropped.  I think Cisco allows all vlans to pass by default, though.


only time they tag or untag is when PVID is configured. 

when untagged frame arrives, it will tag with PVID Vlan number.

when it arrives with same vlan number as PVID, it will strip the vlan (untag them).


hope this helps.






  • x
  • convention:

simclt
Created Oct 16, 2014 04:19:10 Helpful(0) Helpful(0)

Thanks j00 for your reply 

you wrote 

" only time they tag or untag is when PVID is configured. 

when untagged frame arrives, it will tag with PVID Vlan number.

when it arrives with same vlan number as PVID, it will strip the vlan (untag them)."


I believe you are talking about  switchport PVID (switchPort's VLAN ID) . Please correct me i am wrong . 


 " when untagged frame arrives, it will tag with PVID Vlan number. " 

Say one pc is connected to  a switchport  and the  pc sending a frame . When the frame arrives on the port will it tag with PVID ?


Please clarify ?


  • x
  • convention:

Jon_TX
Created Oct 20, 2014 14:29:33 Helpful(0) Helpful(0)

Trunk port is for connecting 2 switches.

normally you would not connect a PC to a trunk port.  you connect PC to an ACCESS PORT.

an access port is configured with "default vlan".  traffic from a PC is untagged and yes, the port will tag the traffic from the PC with the configured default vlan.  if there is no default vlan configured on the access port, the default vlan is 1.


if another vlan comes through the port other than what is configured, the traffic is dropped.


  • x
  • convention:

simclt
Created Oct 20, 2014 18:53:31 Helpful(0) Helpful(0)


j00736535 wrote

traffic from a PC is untagged and yes, the port will tag the traffic from the PC with the configured default vlan


if that is the case 


lets say we have two switch 

SW1 and SW2


all SW1 ports are configured vlan 10 and all SW2 are port configured vlan 20.

PC A connected on gi0/0/2 on  SW1  

PC A ,IP Address 192.168.1.1 /24  (note  PVID of  gi0/0/2 is 10 )

PC B connected on gi0/0/2 on  SW2 

PC A ,IP Address 192.168.1.2 /24  (note  PVID of  gi0/0/2 is 20 )

Now we interconnect the SW1-gi0/0/1  and  SW1-gi0/0/1

(note PVID of gi0/0/1 on SW1 is  10  and  PVID of gi0/0/1  on SW2 is  20)


Ping 192.168.1.2 from PC1 


you will get reply . if it is  "the port will tag the traffic from the PC with the configured default vlan"  the PC1 cannot ping PC2. Meaning An access port never tag . This is what i understood about tag .Correct me if i am wrong .


Thank you 




  • x
  • convention:

Jon_TX
Created Oct 21, 2014 16:51:41 Helpful(0) Helpful(0)

first, you need to understand the difference between layer 2 and layer 3.

you will be able to ping if the switches act as layer 3 device, meaning if it can route them.

if it's purely layer 2 with no default route, then no, they should not be able to ping each other.

if you configure your PC's with no default gateway, you would not be able to ping each other because they're in different vlan.


in terms of layer 2, within a vlan, they use broadcast to find out which devices are connected to which port.  broadcast can not be communicated between vlans.  once you configure default gateway, it becomes layer 3 and they use ROUTING to communicate each other.  that's why you're able to ping each other.  

when you remove default gateway on your PC, it will rely on layer 2 (broadcast) to communicate with other devices on your network.  so if another device is in different vlan (different subnet), you will not be able to ping.


and I am not sure what you mean by " the PC1 cannot ping PC2. Meaning An access port never tag ."


  • x
  • convention:

simclt
Created Oct 21, 2014 17:34:45 Helpful(0) Helpful(0)

HI

PC1 cannot ping PC2. Meaning An access port never tag , sorry it was mistake  . I really mean PC1 can Ping PC2 .



Please read the below link , you may get better understanding . Believe me  there is no routing  since the  PC 1 ip address ( 192.168.1.1)  and PC 2 ip address (192.168.1.2)  are in same subnet . So why routing is required 


Believe me  i tested  what i posted in my previous post .  :D

I am leaving a url  to read , it may help you to understand  better 

http://huaweis3700.weebly.com/blog/vlans-trunk-links-and-access-ports


Thanks



  • x
  • convention:

Jon_TX
Created Oct 21, 2014 18:45:46 Helpful(0) Helpful(0)

now I see that all your PCs are in the same subnet, but assigned different vlan on each switches.

I want to say that normally within a company network, you would keep the same VLAN with same subnet to avoid this kind of confusion.

other thing I want to point out is that, the example in the link, switches are connected through ACCESS PORTS, not Trunks.

access port strips the VLAN tag if it's configured with same vlan.  if it was configured with different vlan, it would be dropped.

and if they were trunks with PVID VLAN 10 on SW1, and PVID VLAN 20 on SW2, it would have same effect. only difference is other VLANs will pass without VLAN tag changing.



PC1 --->  (add vlan10) SW1 (strip vlan10) --->  (add vlan 20) SW2 (strip vlan 20) ---> PC2


PC1 <---  (strip vlan10) SW1 (add vlan10) <---  (strip vlan 20) SW2 (add vlan 20) <--- PC2



when PC1 enters SW1, it gets tagged with VLAN10, when it leaves SW1, VLAN10 tag gets stripped.

when it enters SW2, it gets tagged with VLAN20, when it leaves SW2 to reach PC2, VLAN20 tag gets stripped again.


even though PC1 has different vlan tag initially, when it enters SW2, it gets tagged with same vlan number as PC2.

this would not be a best practice, in terms of network design.




  • x
  • convention:

Jon_TX
Created Oct 21, 2014 19:40:58 Helpful(0) Helpful(0)

following example would not work.


PC1 --> (tag vlan 10) SW1 ====trunk with NO PVID (keep vlan 10)===> SW2 (vlan 10 dropped) ---X---> PC2

PC1 <--X--  (drop vlan 20) SW1 <====trunk with NO PVID (keep vlan 20)=== SW2 (tag vlan 20) <---  PC2


the access port on SW2 connected to PC2 will drop VLAN10 traffic because that port is configured with default vlan 20, vice versa.



  • x
  • convention:

simclt
Created Oct 21, 2014 20:33:06 Helpful(0) Helpful(0)

Thanks for your reply 

understanding is much better now and getting clear 

" when PC1 enters SW1, it gets tagged with VLAN10, when it leaves SW1, VLAN10 tag gets stripped.

when it enters SW2, it gets tagged with VLAN20, when it leaves SW2 to reach PC2, VLAN20 tag gets stripped again " 




The below  question may be hypothetical but just for clearing misconception 

You said when it leaves SW1, VLAN10 tag gets stripped. Means when the frame leaves the  port   gi0/0/1 .(connected to sw2 gi0/0/1)


if that is the case  it should  remove  the tag when it leaves the  port  gi0/0/2  where  PC1 is connected .

if the flow is like what i told above , 

frame going to   gi0/0/2  from PC1,  vlan 10 is getting tagged and when leaves  gi0/0/2  tag is stripped .

going to  gi0/0/1 again getting tagged and when leaves getting striiped




Correct me i am wrong ?

I checked with some cisco experts they said , they found the tags only on  trunks .

Meaning   PC1 enters SW1 it never get tagged,   it will remain untagged.  it is tagged only when it is going through the trunk .

( you said when  PC1 enters SW1, it gets tagged with VLAN10 .) 

Need your valuable opinion 


One more request please give me an idea of hybrid port . i have opened another thread but unfortunately i dod not understand 

here is the link 

http://forum.huawei.com/enterprise/thread-239461.html

Thanks again 




  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login