The relevant knowledge points of VLAN frame format:
The four-byte 802.1Q tag header contains 2 bytes of tag protocol identification (TPID) and 2 bytes of tag control information (TCI).
TPID (Tag Protocol Identifier) is a new type defined by IEEE, indicating that this is a frame with an 802.1Q tag. TPID contains a fixed value of 0x8100.
TCI contains the control information of the frame. It contains the following elements:
Priority: These 3 bits indicate the priority of the frame. There are 8 priority levels, 0-7. The IEEE 802.1Q standard uses these three bits of information.
Canonical Format Indicator (CFI) (more information about computer exams can be found at http://pc.kaoshibaike.com/): A CFI value of 0 means a standard format, and 1 means a non-standard format. Format. It is used in the token ring/source-routed FDDI media access method to indicate the bit order information of the address carried in the encapsulated frame.
VLAN Identified( VLAN ID ):
This is a 12-bit field that indicates the ID of the VLAN. There are 4096 in total, each of which supports 802.1Q The data packets sent by the protocol switch will contain this field to indicate which VLAN it belongs to.
In a switched network environment, Ethernet frames have two formats: some frames are not marked with these four bytes, called untagged frame (ungtagged frame). ), some frames are marked with these four bytes, which are called tagged frames.
I. Related definitions
span>
1. Trunk port, trunk port can allow multiple VLANs to pass, and can receive and send packets of multiple VLANs, generally used for links between switches.
2. Hybrid port. The Hybrid port can transmit multiple VLAN packets at the same time, which is generally used for the link between switches or the link between switches and servers.
3. Access port, Access port can only belong to 1 VLAN, generally used to connect to the computer port.
4. Tag and Untag, tag refers to the vlan tag, that is, the id of the vlan, which is used to name the vlan that the data packet belongs to, and untag refers to the vlan that the data packet belongs to. Belongs to any vlan, there is no vlan mark.
5. pvid, which is the port vlan id number (Port VLAN ID), is the vlan id setting of the untagged port. When the untagged data packet enters the switch, the switch will check the vlan setting and decide whether to forward it. When an ip packet enters the switch port, if there is no tag header, and pvid is configured on the port, then the data packet will be marked with the corresponding tag header! If the incoming ip packet already has a tag header (vlan data), then the switch will generally not add a tag header, even if the port is configured with a pvid number; when an unmarked data packet enters the switch.
When the Hybrid port and Trunk port receive data, the processing method is the same , The only difference is when sending data: Hybrid port can allow multiple VLAN packets to be sent untagged, while Trunk port only allows packets of the default VLAN to be sent untagged.
Here everyone needs to understand the concept of port’s default VLAN
Access port belongs to only 1 VLAN, so its default VLAN is the VLAN it is in, no need to set;
Hybrid port and Trunk port belong to multiple VLAN, so you need to set the default VLAN ID. By default, The default VLAN of Hybrid port and Trunk port is VLAN 1
If the default VLAN of the port is set ID, when the port receives a message without a VLAN tag, it will forward the message to the port belonging to the default VLAN; when the port sends a message with a VLAN tag, if the VLAN ID of the message is missing from the port If the VLAN ID of the province is the same, the system will remove the VLAN Tag of the message, and then send the message.
Note: For Huawei switches, the default VLAN is called “Pvid Vlan “, the default VLAN for Cisco switches is called “Native Vlan“ span>
Second, Port Tag and Untag
If certain A port is designated as an untagged port in the VLAN setting, and all packets forwarded from this port are not tagged (untagged). If a tagged packet enters the switch, the tag will be removed when it passes through an untagged port. Because many devices currently do not support marked data packets, and they cannot recognize marked data packets, therefore, the port connected to it needs to be set as non-marked.
If a port is designated as a tagged port in the VLAN settings, all packets forwarded from this port All will be tagged. If an untagged packet enters the switch, the tag will be added when it passes through the tagged port. At this time, it will use the pvid setting on the ingress port as the vlan id number in the added tag.
Three, the package type of the port: ISL, 802.1Q
All packages on ISL Trunk are tagged (Cisco strong>dedicated);
802.1q was designed for compatibility and Hybrid deployment of switches that support VLANs is specially designed to be untagged: but only one VLAN is allowed to be untagged, so N VLANs, (N-1) are all tagged, and untag packets must come from that special VLAN, so Will not mess around. (Of course, all VLANs can be tagged)
Four. The difference between the data received and sent by each port
Port type | Transceiving | Description< /strong> |
Access | Receive message | Determine whether there is VLAN information: if not, type the PVID of the port and perform exchange and forwarding, if there is, discard it directly (default) |
Send message | Strip the VLAN information of the message and send it directly | |
Trunk | Receive message | When receiving a message, judge whether there is VLAN information: If not, add the PVID of the port and perform exchange and forwarding. If there is one, judge whether the trunk port allows the data of the VLAN to enter: forward if possible, otherwise discard it. |
Send message | compare the PVID of the port with the VLAN information of the message to be sent, if the two are equal, strip the VLAN information , Then send, if not equal, send it directly | |
Hybrid | Receive message | Receive a message to determine whether there is VLAN information: if not, type the PVID of the port and proceed Switch and forward, if yes, judge whether the hybrid port allows data in the VLAN to enter: if yes, then forward, otherwise discard |
Send message | Determine the attributes of the VLAN on this port (disp interface can see which VLANs are untagged for the port and which VLANs are tagged). If it is untagged, strip the VLAN information and send it again. If it is a tag, send it directly |
Vlan meaning and frame format
On the Wiki, VLAN (Virtual Local Area Network) definition:
In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN or VLAN.
VLAN is used to divide independent broadcast domains in the link layer of the OSI model , Play a role in network isolation. To ensure network security, flexibly build virtual workgroups, etc.
VLAN is defined in the IEEE 802.1Q of RFC; Cisco proprietary protocol ISL is also defined, but it is not the same as the former, which will be mentioned below.
Link layer frame format with VLAN
IEEE 802.1Q adds a 4-byte VLAN tag between DA and Type of the original Ethernet protocol.
Explain the terms:
SA, source MAC address;
DA, destination MAC address;< /p>
TPID (Tag Protocol Identifier), indicating that this is a frame with an 802.1Q tag. TPID contains a fixed value of 0x8100;
TCI (Tag Control Information), contains 3 fields to indicate VLAN specific information;
CFI (Canonical Format Indicator), a CFI value of 0 means the standard format, and 1 means the non-standard format. It is used in the token ring/source routing FDDI medium access method to indicate the bit order information of the address carried in the encapsulated frame;
PCP (Priority Code Point), as IEEE 802.1p Priority reference, from 0 (lowest) to 7 (highest), the priority used to transmit data streams (audio, video, files, etc.);
VID (VLAN ID ), a total of 4096, indicating which VLAN the data frame belongs to;
Note: whether the data frame contains this VLAN tag, It is the tagged/untagged mentioned later.
Native VLAN
By default. All interfaces on the switch are under VLAN1 (Native VLAN);
< /p>
The difference between 802.1Q and ISL protocol lies in whether to mark the Native VLAN. ISL is all tagged, and IEEE 802.1Q protocol is tagged with all VLANs except VLAN1 without tagging. Its function is the same, it can make Trunk recognize different VLAN.
Three working modes of access trunk hybrid
When configuring the switch, you can There is no port configuration for these three working modes. The difference between these modes lies in how to treat tagged frames with VLAN tags.
Through different processing of tagged frames, different modes of switch networking can be achieved.
For each port of the switch, there are two important attributes:
1, there is a pvid (Port VLAN ID), which identifies the Which VLAN the port belongs to.
2. There is a list of allowed vids (the list is not available in access mode), which is used to determine whether those tagged frames are allowed to pass through this interface.
The following is the difference between these three modes when processing tagged/untagged frames:
VLAN —— Virtual Local Area Network