A tagged port is obtained after a VLAN tagging operation, also known as Frame Tagging. This is a method developed by Cisco for available packets passing through the backbone. When an Ethernet frame traverses this link, the receiving side has no knowledge of the use of virtual networks.
History of the standard
In the old days, when there were no switches and VLANs, the network was connected through hubs and placed on all network hosts on the same Ethernet segment. This was one of the main reliability limitations, because all the hosts were in the same collision house, and if two hosts hit at the same time, the data would "collide" and be retransmitted. Switches were introduced to the system to solve this problem.
There are two types of switches for tagged and untagged ports:
- Basic, called "unmanaged" with simple functionality. They do not have configurable VLAN support. This means that all hosts on it are part of the samebroadcast domain.
- Managed, allowing you to separate traffic using VLANs. They are widespread today, although unmanaged switches are still plentiful.
Achieving transmission system reliability goals involves connecting all groups of hosts to their own switch. Sometimes this is done to control traffic. Unfortunately, this is still too expensive, so often users prefer VLANs. The concept of VLAN is a virtual switch. The main function is traffic separation. Hosts in one cannot communicate with hosts in the other without additional services. An example of a service is a router for transmitting packets over a virtual line.
Frame marking principle
One of the reasons for placing hosts and tagged ports in separate VLANs is to limit the number of broadcast messages on the network. IPv4, for example, relies on translations. The separation of these hosts will be limited.
The following is a normal Ethernet frame, the presence of mandatory data:
- MAC address of sources and their destinations;
- field, type/length;
- FCS for integrity.
A four-byte tagged VLAN port has been added to the frame, including a virtual line ID. It is located immediately after the original MAC and is 12 bits long, which provides a theoretical maximum of 4096 virtual lines. In practice, there are several reserved VLANs depending on the provider.
802.1 Q is the current IEEE standardVLAN (Virtual LAN), which establishes marking and tagging of traffic in order to transmit data over a specific virtual Internet network. The OSI 802.1 Q layer for tagged port technology is channel, the frame sets the tag (vlanid), which determines the ownership of the tagged traffic. On the contrary, it is untagged, which does not have a marker and VLAN ID set to an l2-frame in the size of a 12-bit field. Reading limits from 0 to 4096.
- 0 and 4096 - data reserve for use by the system;
- 1 - default.
VLAN tagging basics
VLAN-enabled tagged ports are generally classified in one of two ways: tagged or untagged. They may also be referred to as "trunk" or "access". A tagged or "trunk" port assignment consists of traffic with multiple virtual lines, while an untagged port has access to traffic for only one. Trunk ports link switches and end users, and require more procedures for tagged ports. Both ends of the link must have common parameters:
- Allowed VLANs.
- Native VLAN.
Although the channel can be successfully configured, both sides of the channel must be configured the same. Mismatching own or allowed virtual line can have unforeseen consequences. Mismatched trunks on opposite sides can inadvertently create "VLAN hopping". Often this methoddeliberate attack, it constitutes an open security risk.
Trunk channels transmitting frames (packets) VLAN, allow you to connect several switches together and independently configure each port for a virtual line. VLAN tagging is a technique developed by Cisco to help identify packets passing through a trunk link.
For example, when using two Catalyst 3500 series switches and one Cisco 3745 router connected via trunk lines. Trunks provide a choice of virtual lines. Workstations are connected directly to the access channel. Ports configured for only one membership.
By naming a port Link Access (Access Line) or Trunk Link (Backbone), it is given certain settings, for example, an access channel or a Trunk channel when it is 100 Mbps or more. Thus, the switch's uplink is always a backbone, and any normal link that a workstation is connected to is an access port.
The differences between access line and trunk line are as follows:
- Access line is a link that is part of the same VLAN and is usually available to end users.
- Any device attached to the channel is unaware of VLAN membership.
- Available connections understand strict standard Ethernet frames, routers strip any VLAN information from the frame before it is sent to the deviceaccess lines.
- The backbone handles multiple VLAN traffic and is typically used to connect switches to routers.
For a VLAN frame, the Cisco switch offers various methods of VLAN frame tagging, with no virtual link assigned to the trunk. Most VLAN traffic is transported between switches using the same physical trunk.
Adding a tag to an Ethernet frame
Many users don't fully understand that this is a tagged port. Actually, the VLAN tag arrives in the Ethernet frame at the MAC address. Frame marking is a technology used for existing packages. The Frame tag is placed on a frame that is a member of a virtual line. If it has a trunk port, then the frame is forwarded over the trunk. This allows a particular switch to see which VLAN the tag belongs to. The framing switch pass removes the ID, so membership information is closed to end devices.
There are various trunking technologies - these are VLAN tagged ports in Cisco technology:
- Inter-Switch Link (ISL) - Cisco network frame marking. The system offers support from other vendors for older router models.
- IEEE 802.1Q - IEEE industry standard frame tagging.
- LANE emulation - used to communicate with existing VLANs.
- 802.10 (FDDI) - protocol for sending VLAN information via FDDI.
ISL (internet switch) is a proprietary Cisco protocol used only for Gigabit Ethernet links as switches and routers, and is referred to as "external marking". This means that the Ethernet protocol does not modify the frame, it has a VLAN tag, and it includes a new 26-byte header by adding a 4-byte frame check sequence (FCS) at the end of the field. Despite this additional overhead, ISL supports up to 1000 VLANs and does not introduce latency between trunks.
Cisco uses trunk tagging as the protocol when configured to use ISL. The ISL and FCS fields can be 1548 bytes long, with a maximum possible frame size of 1518 bytes, making the ISL a "giant" frame. In addition, it uses a bonding network (PVST) in each virtual line. This method optimizes the placement of the root switch for the available line.
It was created by the IEEE group to solve the problems of dividing large networks into smaller and manageable ones using VLANs. This standard is an alternative to Cisco ISL for compatibility and full integration with existing network infrastructure. IEEE 802.1Q is the most popular and widely used in Cisco-centric networking installations, which allows for interoperability and future upgrades. In addition to compatibility issues, there are several other reasons why engineers prefer this method.tagging. They include:
- Support up to 4096 VLAN.
- Insert 4-byte tag without encapsulation.
- Smaller final frame sizes compared to ISL.
- A 4-byte tag inserted into an existing Ethernet frame immediately after the source MAC address. Due to the additional 4-byte tag, the minimum Ethernet II frame size is increased from 64 bytes to 68 bytes, and the maximum frame size is now 1522 bytes.
Ethernet's maximum size is significantly smaller (by 26 bytes) when using IEEE 802.1Q tag parameters, so it will be much faster than ISL. However, Cisco recommends using ISL tagging in your own environment. This means if a user has 10 VLANs, then there will also be 10 STP instances participating in the switches. For non-Cisco cases, only 1 STP instance will be supported for all. It is critical that the VLAN for the IEEE 802.1Q trunk be the same for both ends of the trunk.
LAN emulation was introduced to make decisions about whether to create VLANs across WAN links, allowing the network administrator to define workgroups based on logical function rather than location. There are virtual local area networks (VLANs) between remote offices, regardless of their location. LANE is not very common, however users should not ignore it.
LANE was created by Cisco in 1995 with the release of IOS version 11.0. When implemented between twopoint-to-point WAN connections become completely transparent to end users:
- Each LAN or native ATM node, such as a switch or router, indicates that it is connected to the network through a special software interface called "LAN Emulation Client".
- The LANE client works with a LAN emulation network (LES) to process all messages and packets.
- The LANE specification defines a Local Area Network Configuration Server (LECS), services running inside an ATM switch or ATM connected server that is on the network and allows an administrator to control which LANs are combined to form a VLAN.
Windows 2012 Server setup algorithm
Preliminary, if the user wants to configure one VLAN for interfaces, you need to go to the "Network Connections" -> "Properties" -> "Advanced", select the VLAN I" field and add the corresponding value. If you need to configure multiple VLANs for the same interface, you must specify the VLAN ID value, the set value is 0, otherwise the line will not work.
When using Windows 2012 Server, the user needs to configure several tagged ports. It is possible to implement this on the same network interface with a local server connection and NIC teaming.
Order of operations:
- Create a new team with a single interface (TEAMS-> TASKS-> New TEAM),selects the desired interface, for example, 40GbE, and gives it a name.
- Select "Adapter and interfaces" windows, click "Set"-> Add an interface.
- Set up a specific VLAN and click OK to add another VLAN interface.
- Assign an IP address to the new interface, search "Network Connections" and find the correct VLAN interface.
- Then configure the IP.
So it can be summed up that VLAN tagged ports is a standard that is used to identify a packet through a MAC address. The operation is completely transparent to end devices and provides a level of necessary security on the network.