IEEE 802.1Q: Difference between revisions

IEEE 802.1Q (also known as VLAN Tagging) was a project in the IEEE 802 standards process to develop a mechanism to allow multiple bridged networks to transparently share the same physical network link without leakage of information between networks (i.e. trunking). IEEE 802.1Q is also the name of the standard issued by this process, and in common usage the name of the encapsulation protocol used to implement this mechanism over Ethernet networks.

IEEE 802.1Q also defines the meaning of a virtual LAN or VLAN with respect to the specific conceptual model underpinning bridging at the MAC layer and to the IEEE 802.1D spanning tree protocol. This protocol allows for individual VLANs to communicate with one another with the use of a layer-3 router. See also Cisco's proprietary DTP, VTP and ISL for information on inter-switch and inter-VLAN communication.

As an illustration of the utility of VLANs, consider a company whose IT department wishes to provide separate logical networks for each department in the company while using only one physical corporate network. The IT department assigns a unique VLAN per department. Edge switches on the corporate network are configured to insert an appropriate VLAN tag into all data frames arriving from equipment in a given department. After the frames are switched through the corporate network, the VLAN tag is stripped before the frame is sent back to the department's equipment, possibly at a different geographical location. In this way, traffic from one department cannot be leaked to or snooped from another department.

Frame format

802.1Q does not actually encapsulate the original frame. Instead, for Ethernet frames using Ethernet II framing, it sets the EtherType value in the Ethernet header to Tag Protocol ID (TPID) 0x8100, identifying this frame as an 802.1Q frame. It then inserts an extra two-bytes of Tag Control Information (TCI) after the TPID, followed by another two bytes containing the frame's original EtherType. Together the four bytes of TPID and TCI are called the VLAN Tag.

The format of the TCI is

• Priority Code Point (PCP): a 3-bit field storing the priority level for the frame. Use of this field is defined in IEEE 802.1p.
• Canonical format indicator (CFI): a 1-bit indicator that is always set to zero for Ethernet switches. CFI is used for compatibility between Ethernet and Token Ring networks. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be bridged to an untagged port.
• VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. A value of 0 means that the frame doesn't belong to any VLAN; in this case the 802.1Q tag specifies only a priority and is referred to as a priority tag. A value of hex FFF is reserved for implementation use. All other values may be used as VLAN identifiers, allowing up to 4094 VLANs. On bridges, VLAN 1 is often reserved for management.

For frames using IEEE 802.2/SNAP encapsulation with an OUI field of 00-00-00 (so that the protocol ID field in the SNAP header is an EtherType), as would be the case on LANs other than Ethernet, the EtherType value in the SNAP header is set to hex 8100 and the aforementioned extra 4 bytes are appended after the SNAP header.

Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer. It also increases the maximum frame size by 4 bytes.

Double-tagging can be useful for Internet Service Providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged. The outer tag comes first, followed by the inner tag. In such cases, an alternate TPID such as hex 9100, or even 9200 or 9300, sometimes may be used for the outer tag; however this is being deprecated by 802.1ad, which specifies 88a8 for service-provider outer tags. Triple-tagging is also possible.

Native VLAN

Clause 9 of the standard defines the encapsulation protocol used to multiplex VLANs over a single link, and introduces the concept of a native VLAN. Frames belonging to the native VLAN are not modified when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is placed into the VLAN that is native to this port. This concept has been introduced to ensure interoperability with older and low-cost devices that do not understand 802.1Q.

For example, if an 802.1Q port has VLANs 2, 3 and 4 assigned to it with VLAN 2 being the Native VLAN, frames on VLAN 2 that egress (exit) the aforementioned port are not given an 802.1Q header (ie., they are plain Ethernet frames). Frames which ingress (enter) this port and have no 802.1Q header are put into VLAN 2. Behaviour of traffic relating to VLANs 3 & 4 is intuitive.

Generic Attribute Registration Protocol

In addition, IEEE 802.1Q defines GVRP, an application of the Generic Attribute Registration Protocol, allowing bridges to negotiate the set of VLANs to be trunked over a specific link.

An improved registration protocol, Multiple VLAN Registration Protocol (MVRP), has been issued as 802.1ak.

Multiple spanning-tree protocol

The 2003 revision of the standard also rolled in the Multiple Spanning Tree Protocol (MSTP) originally defined in IEEE 802.1s.

The official title of the 802.1Q standard is IEEE Std. 802.1Q-2005, Virtual Bridged Local Area Networks; ISBN 0-7381-3662-X.'

External links

• standard (must accept license agreement)
• ISL & 802.1q Frame Formats