LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN interfaces and tagged traffic

 
loophole
Occasional Contributor

VLAN interfaces and tagged traffic

Hi folks,

 

hope someone can help me understand the interaction of vlan interfaces and tagged traffic. My question is does a L3 Switch care about 802.1Q tagged packets when it comes to routing?

 

For example i have as the core switch an A5120el. And V1910 as edge switches.  Linked through a 2 port bridge aggregation.

 

On the A5120 you have several VLANs. Say 110, 120, 130. All with an interface in the 192.168.<vlan-id>.254/24 IP setup. Some ports get a tagged vlan id 110 to go to some virtual server. Vlan 120, 130 are tagged on the bridge aggregation ports to the edge switches.

The edge switches just have the 120 and 130 vlan. No interface. We have the 120 and 130 vlan going tagged over the bridge aggregation to the core. The clients get an untagged port in either 120 or 130 vlan depending on their location.

 

Taking for granted that dhcp works for the clients and have the gateway of 192.168.<vlan-id>.254. Which is pingable and all good. Now if I would go from a 120 vlan client to a 110 vlan server:

1.) packet from 192.168.120.1/32 goes into the switch untagged.

2.) Uplink tagges the packets with vlan id 120.

3.) Arrival of the tagged packet at 192.168.120.254

4.) Routing of the 192.168.120.1 to 192.168.110.1

5.) ????

 

Does the port for 192.168.110.1 now tag the packet with vlan id 110 and leave the vlan id 120 untouched?

Does the routing remove all 802.1Q tags?

Do I even have to care about 802.1Q when it comes to routing within a switch that has all the vlans setup?

 

2 REPLIES
Vince-Whirlwind
Honored Contributor

Re: VLAN interfaces and tagged traffic

OK, here's the bit you are missing: packets are not tagged.

(Google for IP packet header structure - no tagging).

 

 802.1q describes a format for ethernet frame headers (layer2). Frames are tagged.

 

So, two devices communicating within a broadcast segment (within a subnet) communicate using frames addressed to each other's MAC addresses. These frames can be tagged by using the 802.1q frame format.

This includes a host communicating with its default gateway.

 

A router does not read the frame headers - it just discards them. It then reads the packet. It then re-encapsulates the packet in a new frame header using its own source MAC address and the correct destination MAC address for the IP address of the route target (the destination host, or the next router) and sends the frame out its interface that is in the correct broadcast segment for the destination.

3comold
Advisor

Re: VLAN interfaces and tagged traffic

Genericaly spoken, whether the packets that travels a port that is tagged or untagged in 802.1Q encapsulatation, the switch always will need to read certain information in the 802.1Q Ethernet Frame. That is the protocol identifier (TPI) and the TAG it self to be able read from the latest the priority, the CFI (canonical format indicator) and the VLANID.

 

This is to say that in any case the "SWITCH" to internally proccess the packet uses always 802.1Q Ethernet frame. So its alway add this to the Ethernet frame.

 

This is also to say, generically speaking, that the SWITCH alway - TRY - to commute (switch) before it  read and processes the layer 3 information ( L3 as per the information in the previous post).

 

As best practice always TAG VLANS on interswitch links/ports  even when you have only 1 VLAN and specialy when that VLAN is VLAN 1; this is for security reason. Otherwise doing, so you can also achive a kind of prioritisation (L2 Class of Priority) using the information of 3 bits of the priority in the 802.1Q Ethernet Frame.

 

regards

 

You can achieve = you can maintain end2end