Here is full info

Tagged port: what is it?

A tagged port is obtained after a VLAN tagging operation, also known as Frame Tagging. This is a method developed by Cisco for available packets passing through the trunk. When an Ethernet frame crosses this link, the receiving side does not have any information about the use of virtual networks.

History of the standard

History of the standard

In the old days, when there were no switches and VLANs, the network was connected through hubs and was located on all network hosts in one Ethernet segment. This was one of the main limitations of reliability, because all hosts were in the same collision house, and if two hosts worked simultaneously, the data “collided” and were redirected again. Switches have been introduced into the system to solve this problem.

There are two types of switches for tagged and untagged ports:

  1. Basic, called "unmanaged" with simple functionality. They do not have custom VLAN support. This means that all hosts on it are part of the same broadcast domain.
  2. Managed, allowing you to share traffic using the VLAN. They are widespread today, although unmanaged switches are still numerous.

Achieving the reliability goals of a transmission system involves connecting all host groups to its own switch. Sometimes this is done to manage traffic. Unfortunately, this is still too expensive, so users often prefer VLANs. The concept of VLAN is a virtual switch. The main function is traffic separation. Hosts in one cannot communicate with hosts in another without additional services. An example of a service is a router for transmitting packets over a virtual line.

Frame marking principle

One reason for hosting hosts and tagged ports on separate VLANs is to limit the number of broadcast messages on the network. IPv4, for example, relies on translation. Separation of these hosts will be limited.

The following is a regular Ethernet frame, the availability of required data:

  • MAC address of sources and their assignments;
  • field, type / length;
  • payload;
  • FCS for integrity.

A four-byte tagged VLAN port including a virtual line identifier has been added to the frame. It is located immediately after the original MAC and has a length of 12 bits, which provides a theoretical maximum - the ability to create 4096 virtual lines. In practice, there are several reserved VLANs depending on the provider.

802.1 Q is the current IEEE VLAN (Virtual LAN) standard that labels and tags traffic to transmit data over a specific virtual Internet network. OSI 802.1 Q level for working on the technology of tagged ports - channel, the frame sets the tag (vlanid), which determines the affiliation of the tagged traffic. On the contrary, it is untagged, which does not have a token and VLAN ID set to a l2-frame of 12-bit field size. The limits of readings are from 0 to 4096.

Where:

  • 0 and 4096 - data reserve for application by the system;
  • 1 - default.

VLAN Tagging Basics

VLAN Tagging Basics

Tagged ports with VLAN support are usually classified in one of two ways: with or without tags. They may also be referred to as “trunk” or “access”. The destination of a labeled or “trunk” port consists of traffic with several virtual lines, while unmarked port has access to traffic for only one. Trunk ports connect switches and end users, and require more procedures for tagged ports. Both ends of the link must have common parameters:

  1. Encapsulation.
  2. Allowed VLANs.
  3. Native VLAN.

Although the channel can be successfully configured, it is necessary that both sides of the channel are configured the same way. Inconsistency with your own or allowed virtual line can have unintended consequences. Lines that do not match on opposite sides can inadvertently create a VLAN hop. Often this is a method of deliberate attack, it is an open security threat.

Cisco Method

The main channels transmitting frames (packets) of the VLAN allow you to connect several switches together and independently configure each port for a virtual line. VLAN tagging is a method developed by Cisco to help identify packets passing through the trunk.

Cisco Method

For example, when using two Catalyst 3500 series switches and one Cisco 3745 router connected through trunk lines. Trunks provide a choice of virtual lines. Workstations are connected directly to the access channel. Ports are configured for only one membership.

Calling the port Link Access (Trunk Link) or Trunk Link (Trunk Link), it is given certain settings, for example, an access channel or a Trunk channel in the case when it is 100 Mbps or more. Thus, the uplink of the switch is always a trunk connection, and any ordinary connection to which a workstation is connected is an access port.

The differences between the access line and the trunk line are shown below:

  1. An access line is a link that is part of a single VLAN and is usually available to end users.
  2. Any device connected to the channel does not know about participation in the VLAN.
  3. Available connections understand strict standard Ethernet frames, routers remove any VLAN information from the frame before it is sent to the access line device.
  4. The backbone channel handles multiple VLAN traffic and is usually used to connect switches to routers.

For a VLAN frame, the Cisco switch offers various methods for marking a VLAN frame, with no trunk being assigned a virtual line. Most VLAN traffic is transported between switches using a single physical trunk.

Adding a tag to an Ethernet frame

Many users do not fully understand that this is a tagged port. In fact, the VLAN tag arrives at the Ethernet frame at the MAC address. Frame marking is a technology used for existing packages. The Frame tag is placed in a frame that is a member of a virtual line. If it has a trunk port, then the frame is redirected through the trunk line. This allows a particular switch to see to which VLAN the tag belongs. Passing the personnel switch deletes the identifier, therefore membership information is closed to end devices.

Adding a tag to an Ethernet frame

There are various trunking technologies - these are tagged VLAN ports in Cisco technology:

  1. Inter-Switch Link (ISL) - Cisco Network Frame Labeling. The system offers support from other suppliers of older router models.
  2. IEEE 802.1Q - IEEE industry standard tagging.
  3. LANE Emulation - Used to communicate with existing VLANs.
  4. 802.10 (FDDI) - A protocol for sending VLAN information through FDDI.

ISL Labeling Protocol

ISL (Gateway Switch) is Cisco’s proprietary protocol used only for Gigabit Ethernet channels as switches and routers, and is called “external marking”. This means that the Ethernet protocol does not change the frame, it has a VLAN tag, and it includes a new 26-byte header, adding a sequence of 4-byte frame checks (FCS) at the end of the field. Despite this additional load, ISL supports up to 1000 VLANs and does not cause delays in transferring data between the trunk lines.

Cisco, when configured to use ISL, uses trunk marking as the protocol. ISL and FCS fields can have a length of 1548 bytes at the maximum possible frame size of 1518 bytes, which makes ISL a "giant" frame. In addition, it uses a link network (PVST) in each virtual line. This method allows you to optimize the placement of the root switch for an available line.

IEEE 802.1Q standard

IEEE 802.1Q standard

It was created by the IEEE team to solve the problems of splitting large networks into smaller and managed networks using VLANs. This standard is an alternative to Cisco ISL for interoperability and full integration with existing network infrastructure. IEEE 802.1Q is the most popular and widely used in Cisco-oriented network installations, which allows you to rely on compatibility and the possibility of future updates. Beyond compatibility issues, there are several more reasons why engineers prefer this tagging method. They include:

  1. Support for up to 4096 VLANs.
  2. Insert a 4-byte tag without encapsulation.
  3. Smaller final frame sizes compared to ISL.
  4. A 4-byte tag inserted into an existing Ethernet frame immediately after the source MAC address. Due to the extra 4-byte tag, the minimum Ethernet II frame size is increased from 64 bytes to 68 bytes, and its maximum size is now 1,522 bytes.

The maximum Ethernet size is significantly smaller (26 bytes) when using the IEEE 802.1Q tag parameters, so it will be much faster than ISL. However, Cisco recommends using ISL tagging in your own environment. This means if the user has 10 VLANs, then there will also be 10 STP instances participating in the switches. In the case of non-Cisco, for all only 1 instance of STP will be supported. It is imperative that the VLAN for the IEEE 802.1Q trunk is the same for both ends of the trunk.

LANE emulation

LANE emulation

LAN emulation was introduced to make decisions about the need to create VLANs over WAN channels, allowing the network administrator to define work groups based on a logical function, rather than based on location. There are virtual LANs between remote offices, regardless of their location. LANE is not very common, however, users should not ignore it.

LANE was created by Cisco in 1995 with the release of iOS 11.0. When implemented between two point-to-point connections, a WAN becomes completely transparent to end users:

  1. Each local network or its own ATM node, for example, a switch or router, indicates that it is connected to the network through a special software interface called the “LAN Emulation Client”.
  2. The LANE client works with a LAN emulation network (LES) to process all messages and packets.
  3. The LANE specification defines a local area network network configuration server (LECS), services running inside an ATM switch or a server connected to an ATM that resides on the network and allows the administrator to control which local area networks are combined to form the VLAN.

Windows 2012 Server Setup Algorithm

Windows 2012 Server Setup Algorithm

Previously, if the user wants to configure one VLAN for interfaces, you need to go to the "Network Connections" -> "Properties" -> "Advanced" section, select the VLAN I field and add the appropriate value. If you need to configure multiple VLANs for the same interface, you must specify the VLAN ID value, the set value is 0, otherwise the line will not work.

When using Windows 2012 Server, the user needs to configure several tagged ports. It is possible to implement this on the same network interface with connecting a local server and combining network cards.

The order of operations:

  1. Create a new command with a single interface (TEAMS-> TASKS-> New TEAM), select the desired interface, for example, 40GbE, and give it a name.
  2. Select the "Adapter and Interfaces" windows, click "Set" -> Add an interface.
  3. Configure a specific VLAN and click OK to add another VLAN interface.
  4. Assign an IP address to the new interface, search for "Network Connections" and search for the desired VLAN interface.
  5. Then configure IP.

Thus, it can be summarized that tagged VLAN ports are a standard that is used to identify a packet by its MAC address. The operation is completely transparent to the end devices and provides the level of necessary security on the network.

Source: https://habr.com/ru/post/K10536/

More articles:


All Articles