Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: vLAN questions  (Read 895 times)

0 Members and 1 Guest are viewing this topic.


    Topic Starter


    • Experience: Beginner
    • OS: Unknown
    vLAN questions
    « on: December 08, 2018, 02:55:57 PM »
    Hello ,

    I'm a very young student that is learning and reading stuff about networking. It's a bit hard for me because I'm learning english lang too. Sry for bad english

    I'm interested in vLan configuration.

    from a tutorial I can read:
    Untagged: a VLAN that is untagged is also sometimes referred to as the "Native VLAN".  Any traffic that is sent from a host to a switch port that doesn't have a VLAN ID specified, will be assigned to the untagged VLAN.

    This option is typically used when connecting hosts such as workstations or devices like IP cameras that don't tag their own traffic, and only need to communicate on one specific VLAN.  A port can only have one Untagged VLAN configured at a time

    How Does vLan work if there is no TAG ?

    Tagged: Assigning a tagged VLAN to a port adds that port to the VLAN, but all ingress and egress traffic must be tagged with the VLAN ID in order to be forwarded. The host connected to the switch port must be capable of tagging its own traffic, and be configured to do so with the same VLAN ID.

    How Does the Host (my computer) add TAG in order to talk to vLan ?

    Thanks so much for any help



    • Thanked: 305
      • Yes
      • Cameron Gray - The Random Rambings of a Computer Geek
    • Certifications: List
    • Computer: Specs
    • Experience: Expert
    • OS: Mac OS
    Re: vLAN questions
    « Reply #1 on: December 08, 2018, 07:50:51 PM »
    While you can configure your machine to tag traffic with a VLAN ID (there's usually an option somewhere in your OS's network settings) often you won't configure anything vlan related on your machine and will configure vlans on the switch.  If a port on a switch is configured as "untagged" any packet passing into that port (where the traffic doesn't have a vlan tag) will have the vlan tag added to it. When the traffic leaves an untagged port, the vlan ID will be removed. In this case you're pretty much just using VLANs to divide a single switch into multiple separate switches.

    With tagged ports, they won't change the VLAN tags on packets entering or leaving the ports, however they will only permit traffic which has a VLAN tag that the port is tagged with. You would use a tagged port to carry traffic which is already tagged such as when connecting devices which already tag their traffic or when connecting switches together in order to carry multiple VLANs between switches. You can also get other types of devices that produce tagged traffic such as VoIP phones (which can tag their traffic to differentiate it from traffic from a connected PC, see below) or from a wireless access point which may broadcast multiple different networks on different VLANs. You would configure the VLANs that the device should tag traffic with in the settings on the device itself.

    To give a rough example of how these may work together.  Say you're in an office with a pair of switches which should be connected together to act as one big switch.  You have two VLANs - VLAN 100 is for "office PCs" and VLAN 200 is for "voip phones" in order to keep VoIP traffic separate from PC traffic.  Quite often with VoIP phones, in order to save ports on the switch, you can plug the phone into the switch and then plug your PC into the phone. In this sort of environment, the phone will tag its own traffic with a VLAN ID (200 in this example) and pass traffic from the PC without modifying it (so it won't have a vlan ID). You would then configure the switch port that the phone (and therefore the PC) is connected to to be untagged for VLAN 100 and tagged for VLAN 200. This means that the traffic originating from the PC (which doesn't have a vlan tag, i.e. it's untagged) will be tagged with VLAN 100, traffic from the phone (which will already be tagged with VLAN 200) will be allowed to pass. If the port wasn't tagged with VLAN 200, the traffic from the phone wouldn't be allowed to pass and would be dropped. Then, the ports that link the two switches together would be set up as tagged for all VLANs on both switches so that traffic for all VLANs will be carried between the switches, this is often known as a "trunk" port.

    What you would then often do is configure a port to be "tagged" for all VLANs and connect this to the router.  The router would then be configured so that each VLAN would show up as a separate network interface on the router.  The router can then be configured to route between VLANs and to firewall traffic from each VLAN as appropriate.



      Thanked: 3
      • Experience: Beginner
      • OS: Windows 7
      Re: vLAN questions
      « Reply #2 on: January 05, 2019, 01:40:46 AM »
      access links are presented to any device without tags. when traffic leaves that vlan going into the switch for a destination not on the same vlan it gets a tag of the vlan added to each frame, to allow the switch to forward it correctly. When you speak of a native vlan, it is the common vlan that two devices agree to send non tag packets. the default vlan on cisco switches is vlan 1. Devices need a common untag network to communicate on. Tags are for forwarding purposes. They provide no value within a vlan.