Frame Classification
Virtually every LAN about-face provides the adequacy to configure a concrete anchorage as an access
port or block port. An admission anchorage belongs to one—and alone one—VLAN, while a block port
can circuitous several VLANs (up to 4096) on one concrete link.
Destination MAC Source MAC Dot 1Q EtherType Data
2 Bytes
4 Bytes
EtherType 0 × 8100
802.1Q Tag
Pri CFI VID
Ethernet Frame with 802.1Q Tag (Not to Scale)
2 Bytes
3 Bits 1 Bit 12 Bits
IEEE 802.1Q Overview 69
Access and Block Anchorage Terminology
Not all vendors accede on a accepted port-naming convention. As a amount of fact, the 802.1Q
specification itself doesn’t accredit to admission or block ports. It is, therefore, accessible that your
particular about-face doesn’t use the admission and block terminology. Nevertheless, you are
almost consistently acceptable to arise beyond ports that accelerate and acquire untagged cartage (what this
book calls an admission port) and ports that backpack tagged frames through the IEEE 802.1Q
encapsulation (what this book calls a block port).
End users are about consistently assigned admission ports whose VLAN associates is statically
encoded in the switch’s agreement file. For example, a accustomed agreement could specify
that interface FastEthernet5/3 is assigned to VLAN 20. Frames beatific out on admission ports
toward end stations do not backpack 802.1Q tags, because best end stations either acquire no need
to be allotment of assorted VLANs or artlessly acquire no clue how to adapt the added 4 bytes of
information. If you run a LAN analyzer on your PC, you are absurd to arise beyond tagged
traffic. Although it’s accessible to actualize a block amid a about-face and a host, as a aphorism of
thumb, it is safe to say trunks are about accustomed alone amid LAN switches.
Although there exists a common barring to this, in the anatomy of ports providing
connectivity to Cisco IP phones, if you anticipate of the IP buzz as a miniature LAN switch
(which it absolutely is), the aphorism still holds true.
When cartage enters a LAN about-face on an admission port, an centralized apparatus ensures that the
traffic charcoal bedfast to that admission port’s VLAN. This is accomplished through various
means, depending on the switch’s vendor. On Cisco high-end LAN switches (Catalyst 6500
and 7600), this ascribe allocation is performed by agency of slapping an centralized attack to
the packet. That centralized attack charcoal bounded to the switch; it doesn’t arise on the wire.
This ensures VLANs accommodate a way to abstract cartage at Layer 2.
You ability admiration what happens back an admission anchorage receives tagged traffic. The answer
depends on the switch, the adaptation it runs, and the blazon of anchorage ASIC that is employed.
Generally, Cisco switches acquire 802.1Q-tagged cartage if—and alone if—the tag matches
the VLAN configured on the admission port. If the admission anchorage is a affiliate of VLAN 20, it
accepts 802.1Q frames if the VLAN ID corresponds to 20. Other tagged cartage is silently
dropped at the anchorage level. This acreage entails cogent ramifications, which you learn
about in the section, “Attack of the 802.1 Tag Stack.”