VLAN Tagging

Having understood VLANs and Trunks, let’s go deeper on how trunks work and learn more about the trunking protocols.

How Trunks work — VLAN Tagging

Trunking is the ability to connect multiple switches together and allow the VLANs seamlessly go across the switches.

Trunks carry traffic of all the VLANs

VLAN Tagging is a method developed by Cisco to identify the packets traveling through the trunk links. When an Ethernet frame traverses through the trunk link, a special VLAN tag is added to the frame and sent across the trunk link.

Trunks inject a VLAN tag into the frame which is used to identify the VLAN the frame belongs to. Trunk is a Cisco term; other vendors call it a tagged port to signify VLAN tagging.

The switch adds the VLAN tag into the frame before it leaves the trunk port. When the frame arrives at the other end of the trunk, the switch identifies the VLAN by examining the VLAN tag in the frame; and forwards it to the computer before which it strips off the VLAN tag. Hence the computers are unaware that they belong to a VLAN. The frames are tagged by the switch to identify the VLANs, however the frames always leave the switch untagged.

Frames leave the switch untagged

If the frame is a broadcast (destination MAC address: ffff.ffff.ffff), then the switch broadcasts the frame only to the VLAN identified by the VLAN tag.

VLAN Tagging Protocols

There are two trunking protocols or tagging protocols.

1. Inter-Switch Link (ISL)
2. IEEE 802.1q


Inter-Switch Link (ISL)

ISL is the Cisco proprietary VLAN tagging protocol which works only on FastEthernet and GigabitEthernet links.

ISL being a proprietary protocol, works only between the Cisco switches. ISL is known as an “external tagging process” as it won’t modify the Ethernet frame. Instead it encapsulates the frame within a 26 byte ISL header and a 4 byte ISL FCS (Frame check sequence).

Interswitch Link

  • ISL supports upto 1000 VLANs
  • ISL header and FCS adds extra overhead making the 1518 byte Ethernet frame 1548 bytes, making them “giant” or “jumbo” frames.
  • Despite the overhead, ISL doesn’t introduce any delay in transferring the frames across the trunk links.
  • Once encapsulated within the ISL header and FCS, the Ethernet frame can no longer be processed by devices other than the ISL-aware (Cisco) devices.
  • ISL has supplanted by IEEE 802.1q protocol. The newer Cisco switches won’t even have the option of ISL.


IEEE 802.1Q

The 802.1q standard was created by the IEEE to enhance the network performance by breaking a large network into smaller and manageable ones through the use of VLANs.

802.1q is the industry standard and is supported by all the vendors. 802.1q is by far the most widely used tagging protocol to ensure compatibility and seamless integration with the existing network infrastructure.

In addition to the compatibility issue, there are several more reasons for which most engineers prefer this method of tagging. These include:

  • Support of up to 4096 VLANs
  • Insertion of a 4-byte VLAN tag with no encapsulation
  • Smaller final frame sizes compared to ISL

The 4-byte tag mentioned earlier is inserted into the existing Ethernet frame, right after the Source MAC Address as illustrated in the diagram below:

dot1q tagging

Because of the extra 4-byte tag, the minimum Ethernet II frame size increases from 64 bytes to 68 bytes, while the maximum Ethernet II frame size now becomes 1522 bytes.

As you may have already concluded yourself, the maximum Ethernet frame is considerably smaller in size (by 26 bytes) when using the IEEE 802.1q tagging method rather than ISL. This difference in size might also be interpreted by many that the IEEE 802.1q tagging method is much faster than ISL, but this is not true. In fact, Cisco recommends you to use ISL tagging when in a Cisco native environment, but as outlined earlier, most network engineers and administrators believe that the IEEE 802.1q approach is much safer, ensuring maximum compatibility.

Let’s study the 802.1q tag fields. The tag has two primary fields : Tag protocol identifier (TPID) and Tag Control Information (TCI).

dot1q tag fields

  • Tag protocol identifier (TPID): a 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the same position as the EtherType/length field in untagged frames, and is thus used to distinguish the frame from untagged frames.
  • Tag control information (TCI)
    • Priority code point (PCP): a 3-bit field which refers to the IEEE 802.1p class of service and maps to the frame priority level. Values in order of priority are: 1 (background), 0 (best effort), 2 (excellent effort), 3 (critical application), …, 7 (network control). These values can be used to prioritize different classes of traffic (voice, video, data, etc.).
    • Drop eligible indicator (DEI): a 1-bit field. May be used separately or in conjunction with PCP to indicate frames eligible to be dropped in the presence of congestion.
    • VLAN identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved value 0x000 indicates that the frame does not carry a VLAN ID; in this case, the 802.1Q tag specifies only a priority and is referred to as a priority tag. On bridges, VID 0x001 (the default VLAN ID) is often reserved for a management VLAN; this is vendor-specific. The VID value 0xFFF is reserved for implementation use; it must not be configured or transmitted. 0xFFF can be used to indicate a wildcard match in management operations or filtering database entries.


Firewall.cx | VLAN Tagging
Wikipedia | IEEE 802.1q

About Deepak Devanand

Seeker of knowledge
This entry was posted in 802.1q, Switching, VLAN and tagged , , , , , , , , , , , , . Bookmark the permalink.

2 Responses to VLAN Tagging

  1. Pingback: Configuring VLANs and Trunks | Deepak's Kaleidoscope

  2. Pingback: Understanding and Configuring VTP | Deepak's Kaleidoscope

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s