Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Understanding vlan treatment on packet

Tags:

networking

lan

ethernet

Hi every one i am trying to understand vlan behavior on tagged and untagged packets.i have come across these statement which sounds quite confusing to me

When a tagged packet enters a port, the default VLAN ID setting has no effect on the tag.


 1. The packet proceeds to the VLAN specified by its VLAN ID tag number.

 2. If the port in which the packet entered does not belong to the VLAN
    specified by the packet’s VLAN ID tag, the system drops the packet.


 3. If the port belongs to the VLAN specified by the packet’s VLAN ID,
    the system can send the packet to other ports with the same VLAN ID.

I am so confuse in all these statements.How does these three differ. They are contradicting one an other what does packet /port belong to specific vlan ID mean as port can have only one vlan ID

like image 368
mainajaved Avatar asked Dec 22 '11 08:12

mainajaved

People also ask

How does a VLAN affect a transmitted packet?

If the port belongs to the VLAN specified by the packet's VLAN ID, the system can send the packet to other ports with the same VLAN ID. Otherwise if the port has permissions to transmit packets with that particular vlan id then it will transmit the packet ahead.

How do you read a VLAN?

Each VLAN is a collection of network nodes that are grouped together to form separate broadcast domains. On an Ethernet network that is a single LAN, all traffic is forwarded to all nodes on the LAN. On VLANs, frames whose origin and destination are in the same VLAN are forwarded only within the local VLAN.

Does router know about VLAN?

The simplest way to enable routing between the two VLANs to simply connect an additional port from each VLAN into a Router. The Router doesn't know that it has two connections to the same switch — nor does it need to. The Router operates like normal when routing packets between two networks.

How does VLAN tagging work?

VLAN tagging is performed by the putting the VLAN ID into a header to identify which network it is present in. This helps in determining which interface or broadcast area the information packet needs to be sent to in order to receive the right information.

1 Answers

Overview

I have been refraining from answering this question, since I thought it would get migrated to Server Fault; since it is lingering here, I will address the specifics of your question. It is also difficult to completely respond without more context of why the author was making those points, but I will endeavor to answer as best I can. I'm not sure why I spent so much time answering this question, other than it's Christmas and my wife is out of the country visiting her family...

Diagram

I think the concepts are best illustrated by something called a multi-layer switch, which is just an ethernet switch that also understands IP addresses. I drew a diagram to illustrate:

  • The switch has four physical interfaces, numbered Port 1/1, Port 1/2, Port 1/3 and Port 1/4
  • The switch has one virtual interface, Vlan12. The virtual interface has an ethernet mac-address and an IP address assigned to it.
  • Three ethernet frames are assumed to enter Port 1/1
  • Port 1/1 is configured to accept Vlan tags 12 and 13. Port 1/1 also has a default Vlan of 1; this means that any untagged frames are put into Vlan 1.
  • The first decision point an ethernet switch uses is determining what Vlan a frame belongs to.
  • Next the ethernet switch looks at it's database of ethernet mac-addresses that it knows

Switch with Ethernet Vlans

Answers

I am so confuse in all these statements.How does these three differ. They are contradicting one an other what does packet /port belong to specific vlan ID mean as port can have only one vlan ID

Actually it depends on the kind of port we are discussing. The author is very clearly describing what happens on an ethernet switch port in trunk mode.

  • Ethernet trunk mode ports can process than one Vlan ID, if they are in trunk mode (see Port 1/1 in the diagram). Port 1/1 can accept ethernet frames with either Vlan 12 or Vlan 13; however, those frames must have an 802.1q tag on them so the switch knows which Vlan they belong in
  • Ethernet Access mode ports have only one Vlan assigned.

To address the points in quoted from the text...

When a tagged packet enters a port, the default VLAN ID setting has no effect on the tag.

1. The packet proceeds to the VLAN specified by its VLAN ID tag number.

This is best illustrated by what could happen to Frame A.

Even though Port 1/1 has a default Vlan (Vlan 1), Frame A remains assigned to Vlan 12. As such, it could exit Port 1/2, 1/3 or go directly to Virtual Interface Vlan12:

  • If Frame A goes out Port 1/2, the 802.1q tag (12) sent into Port 1/1 remains on Frame A, because Port 1/2 is in trunk mode
  • If Frame A goes out Port 1/3, the 802.1q tag (12) sent into Port 1/1 is removed from Frame A, because Port 1/3 is in access mode
  • If Frame A is delivered to Virtual Interface Vlan12 (if Frame A's destination mac-address is 000a.dead.beef), the switch doesn't need to forward the frame anywhere else. Normally the reason that you would see an ethernet frame addressed to a virtual interface on the switch is for management purposes, such as telnet, ssh or snmp. There are other reasons, but let's not complicate things any more for now.

... 2. If the port in which the packet entered does not belong to the VLAN specified by the packet’s VLAN ID tag, the system drops the packet.

This is best illustrated by what happens to Frame B.

Port 1/1 is not configured to accept Vlan ID 20, so when the switch sees "20" in the 802.1q tag, Frame B is discarded.

... 3. If the port belongs to the VLAN specified by the packet’s VLAN ID, the system can send the packet to other ports with the same VLAN ID.

This again refers to Frame A; in this case the author describes what could happen if the switch does not deliver Frame A to Virtual Interface Vlan12.

Finally I included Frame C for your reference. This is to illustrate the behavior of a default Vlan on an ethernet trunk port.

Merry Christmas, and good luck with your studies.

like image 52
Mike Pennington Avatar answered Sep 20 '22 15:09

Mike Pennington
Sign in to Comment

Related questions

C# Networking API's [closed]
Measuring latency
QUdpSocket: No such file or directory
If UDP is unreliable why is it used at transport layer
"android.os.NetworkOnMainThreadException" when trying to connect over WiFi using Calimero Java Library
Why Wireshark display filter does not show http packets?
Multiple node selection in vis.js
How can I determine if a remote drive has enough space to write a file using C#?
sys/sendfile.h not found GCC
Restrict Docker exposed port from only specific IP adresses
Get IP Mask from IP Address and Mask Length in Python
how to reassemble tcp segment?
"uncompressable" data sequence
What techniques can you use to encode data on a lossy one-way channel?
Why I cant create raw socket in Ubuntu?
AFNetworking: Can't get the response string from AFHTTPRequestOperation
Single TCP/IP server that handles multiple clients (in C++)?
How reliable is .NET TCP protocol?
How should I export http_proxy variable?
Nmap not retrieving MAC address and Vendor

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!