Switches, Hubs, and Modems
1748182 Members
3704 Online
108759 Solutions
New Discussion

Re: Tagged vs. Untagged

 
SOLVED
Go to solution
Robert Peirce
Advisor

Tagged vs. Untagged

Can anyone explain the true purpose of tagged vs. untagged members of a VLAN? A real world example would be very helpful. I have read the documentation, but it is not really clear.

Any help with this will be greatly appreciated.
17 REPLIES 17
Joel Belizario
Trusted Contributor

Re: Tagged vs. Untagged

The terminology of tagging is confusing if you don't have some understanding of how the protocol works. Have a look and see whether this clears up anything for you:

http://en.wikipedia.org/wiki/IEEE_802.1Q

But anyways, an untagged port in a VLAN is a physical member of that VLAN, ie. when you plug your host into that port it is physically connected to that VLAN (also known as an "access port" in Cisco terminology).

A tagged port will normally carry traffic for multiple VLANs from the switch to other network devices such as an upstream router or an edge switch (In Cisco terminology this is called trunking, HP have no specific term for it).

Hope this clears any confusion for you!
Jonathan Axford
Trusted Contributor
Solution

Re: Tagged vs. Untagged

Hi Robert,

In the simplest form, I used to remember a 'Tagged' port as an inter-switch link and an 'Untagged' port as a host port.

Basically, its all about the VLAN information that gets 'tagged'into the Ethernet frame.

When you configure a port as 'Tagged' you are telling the switch to place an 802.1q tag in the frame that can identify the VLAN that the frame came from.


That way, the switch that receives the frame knows which VLAN to send the Frame to.

So if you have 2 switches, each with ports 1-10 in VLAN 10 and ports 11-22 in VLAN 20.

You want PC's to be in VLAN 10 and Servers to be in VLAN 20, so you would :

VLAN10 untag ports 1-10 on each switch
VLAN20 untag ports 11-22 on each switch

This sets your hosts up. You want to use interface 24 to connect the switches.

VLAN10 tag port 24
VLAN20 tag port 24

So, the Interswitch links are TAGGED and the hosts are UNTAGGED...

Where there is a will there is a way...
Robert Peirce
Advisor

Re: Tagged vs. Untagged

Thank you for taking the time to respond.

I just want to be clear.

Are you saying that a physical ethernet cable is needs to be connected from port 20 to port 10 on the same switch to enable communication between VLAN 10 and VLAN 20? If so, I am assuming a physical cable would only be needed if IP Routing was not enabled on the switch?

Thank you for your help.
Robert Peirce
Advisor

Re: Tagged vs. Untagged

Disregard the last question. I read the last response again and now I am clear.

Thanks to all who responded.
Patrick Terlisten
Honored Contributor

Re: Tagged vs. Untagged

Hello,

if you want that a port only belongs to one VLAN, set the port to UNTAGGED. If you want a port in more then one VLAN, you need to set it to TAGGED. If a host should belong to more than one VLAN, the port must be TAGGED (for example an VMware ESX Server with guests that belongs to different VLANs). If you want to uplink a switch to another, you need to set the uplink port to TAGGED, for each VLAN which should be acccessable over the uplink.

Kind regards,
Patrick
Best regards,
Patrick
splouxe
Visitor

Re: Tagged vs. Untagged

Please I have a problem of inter-vlan routing, I have a core and two switches in each room floor.  
I created a vlan 11 and I give him an IP address and i enabled the ip routing in the core and in the switches in each room floor and I can not have the router with another VLAN and most all other vlan are not router, please how do ???  
Below config core and a switch to floor,
Please, I'am blocked, plz i need help  
I can not have access to the other sub networks  with the ip 11.11.1.25  
========================================
show running-config
Running configuration:
; J4819A Configuration Editor; Created on release #E.11.38
hostname "HP ProCurve Switch 5308xl"  
snmp-server contact "test"  
mirror-port D11  
module 6 type J4907A  
module 5 type J4907A  
module 4 type J4907A  
module 1 type J4878B  
module 2 type J4878B  
module 3 type J4878B  
ip routing  
snmp-server community "public" Unrestricted  
vlan 1  
name "DEFAULT_VLAN"  
untagged A1-A4,B1-B4,C1-C4,D15-D16,E1-E16,F3-F4,F6-F9,F11-F16  
ip address 172.16.X.1 255.255.0.0  
ip address 10.10.X.250 255.255.255.0  
no untagged D1-D14,F1-F2,F5,F10  
exit  
vlan 2  
name "WIFI"  
untagged F1-F2,F5,F10  
tagged A4,B4  
exit  
vlan 100  
name "DMZ"  
untagged D6-D7,D13-D14  
ip address 192.168.X.254 255.255.255.0  
exit  
vlan 200  
name "INTERNET"  
untagged D1-D5,D8-D12  
ip address 192.168.X.254 255.255.255.0  
monitor  
exit  
vlan 3  
name "MANAGEMENT"  
ip address 172.17.X.1 255.255.0.0  
exit
 
 
Vlan 11
name "test"
11.11.1.254 255.255.255.0
exit
 
banner motd "This is a private system maintained by the Allied Widget Corporatio
n.
Unauthorized use of this system can result in civil and criminal penalities !"
spanning-tree
spanning-tree priority 2
router rip
exit
vlan 1
ip rip
ip rip receive V1-only
ip rip send V1-only
exit
vlan 100
ip rip
ip rip receive V1-only
ip rip send V1-only
exit
 
 
 
============================================
floor switch:
 
 
ProCurve 2910al-48G-1E-2#  
ProCurve 2910al-48G-1E-2#  
ProCurve 2910al-48G-1E-2#  
ProCurve 2910al-48G-1E-2# sh running-config
Running configuration:
; J9147A Configuration Editor; Created on release #W.14.70
hostname "ProCurve 2910al-48G-1E-2"  
module 1 type J9147A  
ip routing  
vlan 1  
name "DEFAULT_VLAN"  
untagged 1-48  
ip address 172.16.X.5 255.255.0.0  
exit  
gvrp  
banner motd "This is a private system maintained by the Allied Widget Corporation.\nUnauthorized use of this system can result in ci
vil and criminal penalities !"
snmp-server community "public" unrestricted
spanning-tree force-version rstp-operation
password manager
password operator
ProCurve 2910al-48G-1E-2

plz help me

sw2090
New Member

Re: Tagged vs. Untagged

Well this no secret :9

 

Its just like this:

 

tagged - means that packets that have a valid vlan tag for this vlan id will be accepted on this port. packets without vlan tag will not be accepted. The Switch will not change anything on the vlan tagging of the packet.

This means that the client is responsible for the tagging.

 

untagged - means that if there is packets on this port that have no vlan id set will have their vlan id tag set to this vlan by the switch. Packets that do have a vlan tag with this vlan id will bei ignored.

This means that the client must not tag packets for this vlan.

 

no/forbid means that any packets tagged for this vlan will be ignored. Packets without tag will be handled by the untagged vlan on this port like said above.

 

Due to this any Port must be untagged in one vlan!

Thus any port can be tagged in various vlans!

 

hth

Sebastian

PierrotMoto
New Member

Re: Tagged vs. Untagged

Hi all

I have some more questions about this.

Here is the configuration I have :

 

vlan 1

 name "DATA"

 untagged 1-28

vlan 2

 name "TEL"

 tagged 1-28

vlan 3

 name "GUEST"

 tagged 25-28

vlan 4

 name "INTERCO"

 tagged 25-28

vlan 5

 name "INTERNET"

 tagged 25-28

 

Which port is in Cisco access mode ?

Which port is is Cisco trunk mode ?

 

Thanks for your answers

EricAtHP
Esteemed Contributor

Re: Tagged vs. Untagged

In your case, they are all trunk ports with a native VLAN 1.

 

An access port is a port that only carries untagged traffic. It could be untagged traffic in any VLAN.

 

A trunk port is a port that carries more than one VLAN. All VLANs can be tagged on the port or you can have a up to one untagged VLAN, called the native VLAN in Cisco.