IEEE 802.1Q Overview
What is a VLAN? The acknowledgment is simple: It is a advertisement domain. In added words, a VLAN
defines how far a advertisement packet can radiate. Assuming no acquisition is involved, traffic
entering a concrete LAN about-face anchorage configured to be allotment of a accustomed VLAN is constrained
to added ports that are additionally associates of that VLAN. VLANs action a applied and accessible way
to apparatus arrangement analysis at Band 2 of the Open Systems Interconnection (OSI)
model.
A VLAN is primarily articular by a user-defined number, which usually ranges from 1 to
4096. Concrete links can backpack assorted VLANs, in which case, they are accepted as trunk
ports. Packets traveling on block ports are articular as acceptance to a assertive VLAN by
means of a abstracts articulation band tag. Two protocols are acclimated for that purpose:
• Cisco Inter-Switch Articulation (ISL)
• IEEE 802.1Q
ISL absolutely encapsulates the aboriginal Ethernet anatomy by absolutely wrapping it central another
frame comprised of a new antecedent and destination MAC address, a new Ethertype, and a new
frame analysis arrangement (FCS). For all applied purposes, accede that the added “recent”
802.1Q tag replaced ISL. (The chat “recent” is in citation marks because the IEEE
802.1Q blueprint was ratified as a accepted in February 1998.1) Figure 4-1 shows the
structure of an 802.1Q tag.
68 Chapter 4: Are VLANS Safe?
Figure 4-1 802.1Q Tag
A complete 802.1Q tag is comprised of two genitalia that are anniversary 2 bytes long. The aboriginal part
is the Ethertype, which is begin in every 802.3/DIX-format Ethernet frame. It identifies the
protocol agitated in the frame. In the case of 802.1Q, the Ethertype amount is consistently 0x8100.
The attendance of this amount instructs the about-face to break the 2 bytes afterward the Ethertype
as an 802.1Q tag. The tag itself is fabricated up of three fields:
• Three $.25 of priority
• One bit for the approved banderole indicator
• Twelve $.25 for the absolute VLAN number
The aboriginal three $.25 are almost agnate to the IP’s antecedence $.25 begin in the blazon of
service (ToS) byte. At Band 2, they accommodate altered levels of account in case of congestion.
The abutting bit is acclimated for affinity amid Ethernet and Token Ring environments. For
Ethernet, it is set to 0. The aftermost 12 $.25 analyze the VLAN ID, which is from area the 4096
figure comes. (212 yields 4096 accessible values.) Technically speaking, the 802.1Q tag is
2-bytes long. However, because it doesn’t abide after an Ethertype that announces its
presence, abstract frequently lists it as 4-bytes continued in total. The basal allotment of Figure
4-1 represents an 802.1Q-tagged 802.3 Ethernet frame. For example, in the case of a frame
carrying an IP datagram, a additional Ethertype (0 x 0800 for IP) anon follows the
2-byte 802.1Q tag, followed by the IP attack and the blow of the frame.
Destination MAC Antecedent MAC Dot 1Q EtherType Data
2 Bytes
4 Bytes
EtherType 0 × 8100
802.1Q Tag
Pri CFI VID
Ethernet Anatomy with 802.1Q Tag (Not to Scale)
3 $.25 1 Bit 12 Bits
2 Bytes