IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality of service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol.
Portions of the network which are VLAN-aware (i.e., IEEE 802.1Q conformant) can include VLAN tags. Traffic on a VLAN-unaware (i.e., IEEE 802.1D conformant) portion of the network will not contain VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership of the frame's port or the port/protocol combination, depending on whether port-based or port-and-protocol-based VLAN classification is being used. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native (or default) VLAN.
The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee and continues to be actively revised with notable revisions including IEEE 802.1ak, IEEE 802.1Qat and IEEE 802.1Qay.
A company wishes to provide data separation and security between network traffic from its various departments by creating separate logical networks for each of its departments dispersed throughout the enterprise, while using only one corporate physical network, which is VLAN-aware. A network administrator assigns a unique VLAN to each department. Edge switches on the corporate network are configured to insert an appropriate VLAN tag into all data frames arriving from equipment belonging to a given department. After the frames are transmitted on their respective VLANs through the corporate network, the VLAN tag is stripped before the frame leaves the VLAN-aware corporate network, and is sent to its destination, which is another computer belonging to the same department.
802.1Q does not actually encapsulate the original frame. Instead, for Ethernet frames, it adds a 32-bit field between the source MAC address and the EtherType/Length fields of the original frame, extending the minimum and maximum frame sizes from 64 and 1,518 bytes (octets) to 64 and 1,522 bytes (42 octet minimum applies when 802.1Q is present. When absent, 46 octet minimum applies. IEEE 802.3-2005 Clause 3.5). Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI). The TCI field is further divided into PCP, DEI, and VID.
|16 bits||3 bits||1 bit||12 bits|
For frames using IEEE 802.2/SNAP encapsulation with an OUI field of 00-00-00 (so that the protocol ID field in the SNAP header is an EtherType), as would be the case on LANs other than Ethernet, the EtherType value in the SNAP header is set to 0x8100 and the aforementioned extra 4 bytes are appended after the SNAP header.
Because inserting the VLAN tag changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
The 802.1Q standard can create an interesting scenario on the network. Recalling that the maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if a maximum-sized Ethernet frame gets tagged, the frame size will be 1522 bytes, a number that violates the IEEE 802.3 standard. To resolve this issue, the 802.3 committee created a subgroup called 802.3ac to extend the maximum Ethernet size to 1522 bytes. Some network devices that do not support a larger frame size will process the frame successfully but may report these anomalies as a "baby giant."
With the IEEE standard 802.1ad, double-tagging can be useful for Internet service providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged. The outer (next to source MAC and representing ISP VLAN) S-TAG (service tag) comes first, followed by the inner C-TAG (customer tag). In such cases, 802.1ad specifies a TPID of 0x88a8 for service-provider outer S-TAG.
Non-standard triple-tagging is also possible. The third tag of 4 bytes allows extended addressing and also a small hop-count. The 66-bit addressing plan now uses a fixed (non-stacking) QinQinQ format. The result is three 32-bit tags plus the 16-bit EtherType/Length for a total of 112 bits. The two 48-bit (MAC) address fields add another 96 bits. The total header is 208-bits compared to a 320-bit IPv6 header. The 66-bit addressing is 18+48. The 18-bits are encoded 6-bits per 32-bit tag in the 12-bit VID fields. The 16-bit EtherType/Length field can contain the Payload Size or an EtherType for Payloads that contain their own Length, such as IPv4.
|16 bits||3 bits||1 bit||12 bits|
The contents of TPID0+TPID1+TPID2 contain the 48-bit MAC Address of the Source Device.
Clause 9. of the 1998 802.1Q standard defines the encapsulation protocol used to multiplex VLANs over a single link, by adding VLAN tags. However, it is possible to send frames either tagged or untagged, so to help explain which frames will be sent with or without tags, some vendors (most notably Cisco) use the concepts of a) trunk ports and b) the native VLAN for that trunk.
A trunk port is a port that sends and receives tagged frames on all VLANs, except the native VLAN, if one is configured.
Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the native VLAN configured on that port.
For example, if an 802.1Q port has VLANs 2, 3 and 4 assigned to it, with VLAN 2 being the native VLAN, frames on VLAN 2 that are sent from the aforementioned port are not given an 802.1Q header (i.e. they are plain Ethernet frames). Frames that are received on that port and have no 802.1Q header are assigned to VLAN 2. Tagging of frames sent to or received from VLANs 3 & 4 is the same as if no native VLAN had been configured - all frames on those VLANs must carry tags to identify their VLAN membership.
Note that unexpected results may occur if the native VLAN configuration is not the same on all sending and receiving ports on a link. Continuing the above example, if VLAN 2 is not configured as the native VLAN on some other 802.1Q port, that port will send tagged frames on VLAN 2. When the local port, on which VLAN 2 is configured as the native VLAN, receives these unexpectedly tagged frames, it will still assign them to VLAN 2, but it will send only untagged frames for VLAN 2. On receipt, the distant port will either associate the untagged frames with a different VLAN ID (the one locally configured as the native VLAN) or it will discard the untagged frames if it has no native VLAN configured. (Symmetrically, this remote port will send only untagged frames on its configured native VLAN, which will be associated with a different VLAN ID by the local port.)
Not all vendors use the concept of trunk ports and native VLANs. Annex D to the 1998 802.1Q standard uses the concept of trunk links, but the current (IEEE Std 802.1D- 2004) standard does not use the terms trunk or native. Some use the term "Qtrunk" to avoid confusion with 802.3ad "link aggregation" that is often named a trunk as well.
In addition, IEEE 802.1Q defines the Multiple VLAN Registration Protocol (MVRP), an application of the Multiple Registration Protocol, allowing bridges to negotiate the set of VLANs to be used over a specific link.
MVRP replaced the slower GARP VLAN Registration Protocol (GVRP) in 2007 with the IEEE 802.1ak-2007 amendment.
Here you can share your comments or contribute with more information, content, resources or links about this topic.