Knowledge Base Common Questions About 802.1Q VLAN
The topic was originally posted by Clive_A in Common Questions About 802.1Q VLAN
Background:
We hope this article can be helpful in your understanding of 802.1Q VLAN.
This Article Applies to:
All Omada devices that support 802.1Q VLAN.
Common Terms and Explanations:
Concepts:
1. What is VLAN
This technology allows network devices (such as switches and routers) to assign ports to different broadcast domains, creating independent virtual networks. Even if devices are physically connected to the same switch, they can belong to different VLANs.
2. Broadcast Domain
In a network, broadcast frames are sent to all devices within the same broadcast domain. VLAN technology can divide a large broadcast domain into several smaller ones, reducing network congestion caused by broadcasts.
3. Segmentation Terms: Tag and Untag
VLANs can be segmented based on different needs, including by port, by tag, and by protocol. We will be discuss this later in the article.
Commonly, we discuss the tagged VLAN. It uses the 802.1Q standard to insert a VLAN identifier (VLAN ID) into Ethernet frames, distinguishing different VLANs. This method allows data from different VLANs to be transmitted through the same physical port.
Purposes:
1. Data Isolation: VLANs can logically isolate parts of a network, ensuring that data in different VLANs does not interfere with each other. Devices within one VLAN cannot directly communicate with devices in another VLAN unless routed through a router or a Layer 3 switch.
2. Enhanced Security: Since VLANs isolate data flows between them, they significantly enhance network security. For example, network resources of sensitive departments can be allocated to an independent VLAN.
3. Flexibility and Scalability: The flexibility of VLAN configurations allows network administrators to quickly adjust network architecture based on business needs without changing physical wiring.
4. Cost-effectiveness: By using VLAN technology, the need for physical networking equipment can be reduced, lowering the costs of network construction and maintenance.
Understanding the Tag and Untag:
For the VLAN, we have to know that tag and untag and what does it do. In the context of VLANs, "tagging" and "untagging" are methods for handling VLAN identifiers on network packets, which dictate how data is routed through different segments of a network. Additionally, concepts like "PVID" and "trunk port" are important for understanding how VLANs operate more deeply. Let's explore these concepts:
Tagging: This involves inserting a VLAN tag into Ethernet frames. This tag is used to identify which VLAN the frame belongs to. The 802.1Q standard is commonly used for tagging, which inserts a 4-byte header into the Ethernet frame. This header contains a VLAN ID (VID), which ranges from 1 to 4095. Tagging is essential for frames that traverse multiple switches and networks, ensuring that the frames remain associated with the correct VLAN.
Untagging(Egress): This refers to the removal of the VLAN tag from the frame before it is sent to a device that is not VLAN-aware (like most end-user devices). The untagging process ensures that the receiving device processes the packet normally without needing to understand VLAN tags.
PVID(Ingress): The Port VLAN ID is assigned to each port on a switch and determines the VLAN ID that will be assigned to incoming untagged traffic on that port. Essentially, if a switch receives a frame without a VLAN tag on a port, it will treat that frame as belonging to the VLAN specified by the PVID of that port.
Trunk Port: A trunk port on a network switch is used to carry traffic for multiple VLANs across a single network link, using VLAN tagging. This is in contrast to an "access port," which is configured to carry traffic for only one VLAN. Trunk ports are typically used between switches or between a switch and a server/router capable of understanding tagged frames.
In the setup of trunk ports, you often specify which VLANs are allowed to pass over the trunk. This configuration is important for maintaining the security of VLANs and managing network traffic efficiently.
Trunk ports and PVID configurations play crucial roles in managing how data is routed and segregated across a network with multiple VLANs. They ensure that data traffic can be correctly categorized and directed to the appropriate destinations while maintaining network security and efficiency.
Appendix:
Note:
1. The difference between VLAN Interface and 802.1Q VLAN has been explained in this guide, in the Note area: How to Set Up VLAN Interface on the Omada Router
2. Commonly, we think computers are not VLAN-aware. That's why in the Configuration Guide we provided we configure the port for the computers to untagged.
VLAN-aware devices are mostly routers, switches, and APs.
3. Please note that Switch only deals with tagged data packets inside. If a switch receives an untagged data packet, the switch will add an 802.1Q tag to this data packet, and then deal with this tagged data packet. To add an 802.1Q tag, we need to set the PVID for the port. The value of PVID is the same as the number of the VLAN you want this packet to go to. For example, if you set the PVID as 1, this packet will be transferred within VLAN 1(in the switch). If the switch receives a tagged data packet, the switch will allow it to go to the corresponding VLAN.
4. Each port has only one PVID value.
5. TP-Link unmanaged switches can forward the packet with the VLAN-tagged packets. It does not process them at all but forward. Which means in the Access Layer, you can use the unmanaged switch.
6. TP-Link router/switch/EAP does not support deleting default VLAN 1.
Update Log:
Apr 28th, 2024:
Add note.
Apr 19th, 2024:
Release of this guide.
Recommended Threads:
Howto - A Guide to Use Forum Effectively. Read Before You Post.
How to Set Up VLAN Interface on the Omada Router
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.