VLAN IDs are associated with only those frames that traverse a trunk link. When a frame enters or exits the switch on an access switch port, no VLAN ID is present. The Application Specific Integrated Circuits (ASICs) on the switch port physically assign the VLAN ID to a frame as it is placed on a trunk link and also strips off the VLAN ID if the frame exits an access switch port. When we speak of ASICs we are in the realm of hardware architecture of the switch, performing frame tagging in hardware which allows us to match wire speeds.
There are two different ways to tag frames: ISL and 802.1Q. Although the basic concept of frame tagging is the same with both methods, there are differences in how it is accomplished. If two devices are to perform trunking, they must agree to use either ISL or 802.1Q as there are several differences between the two.
Table 7-2 Comparison of ISL and 802.1Q
Feature | ISL | 802.1Q |
Supported VLANs | Normal and extended range | Normal and extended range |
Protocol defined by | Cisco | IEEE |
Eapsulates original frame or inserts tag | Encapsulates | Inserts tag |
Native VLAN support | No | Yes |
ISL and 802.1Q Concepts
Inter-switch Link (ISL) is a Cisco proprietary protocol that maintains VLAN information in Ethernet frames by encapsulating the whole Ethernet frame. In the case of ISL, the tag is external to the Ethernet frame, which is the same as encapsulating the Ethernet frame. ISL adds a 26-byte header (containing a 15-bit VLAN identifier) and a 4-byte CRC trailer to the frame. ISL is supported only on Cisco switches and even some newer Cisco switches don’t support it any more. ISL cannot be used to connect a Cisco switch to a switch by another vendor like HP and its use is being depreciated even by Cisco in favor of IEEE 802.1q which happens to be the more popular choice among trunking protocols.
IEEE 802.1q is a standard developed by the Institute of Electrical and Electronics Engineers (IEEE) to carry traffic belonging to multiple VLANs across a trunk. In contrast to ISL, 802.1Q does not actually encapsulate the original frame. Instead, it adds a 32-bit field between the source MAC address and the Ether Type/Length fields of the original frame. This 32-bit field carries the information used to deterministically identify the VLAN the Ethernet frame belongs to.
The extra VLAN header used by both ISL and 802.1Q uses the VLAN identifier or VLAN ID field to identify the VLAN the frame belongs to. VLAN ID is a 12-bit field specifying the VLAN to which the frame belongs. The range of hexadecimal values is from 0x000 to 0xFFF for a 12-bit number. The hexadecimal values of 0x000 and 0xFFF are reserved while all other values in the range can be used as VLAN identifiers, allowing up to 4,094 VLANs. Please see the graphic to understand how IEEE 802.1Q tag is inserted in a regular Ethernet frame.
Figure 7-7 IEEE 802.1Q Tag Insertion
The IEEE 802.1Q standard can create a very interesting scenario with Ethernet frames of maximum size. Please recall that the maximum size of an Ethernet frame is 1518 bytes as specified by IEEE 802.3 standard. Now, if such frame gets tagged the resulting frame size will be 1522 bytes, a number that exceeds the maximum size specified in IEEE 802.3 standard. In order to resolve this issue the maximum Ethernet frame size was extended to 1522 bytes by the 802.3ac subgroup of the IEEE 802.3 committee. Still some network devices that do not support the larger frame size will process the frame successfully but may report these larger frames as baby giant.
IEEE 802.1Q and ISL are used to multiplex VLANs over single link by adding VLAN tags for identification. However, it is possible to send Ethernet frames either tagged or untagged across an IEEE 802.1Q trunk. Cisco uses the concept of native VLAN to help explain which frames will be sent with or without tags. An IEEE 802.1Q trunk port sends and receives tagged frames for all VLANs, except the native VLAN if one is configured. Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Similarly, if an untagged frame is received on a trunk port, the frame is associated with the native VLAN configured on that port. The concept of native VLAN is not important for ISL as all frames including the ones for native VLAN are tagged. The default native VLAN on Cisco switches is 1. Also please note that the native VLAN is specific to a single trunk port and not to the whole switch. In fact different trunk ports on a Cisco switch can have different native VLANs. Both the trunk ports at the two ends of a trunk should have the same native VLAN configured.
On a side note, many Network Interface Cards (NICs) for PCs and printers are not 802.1Q compliant. If they receive a tagged frame, they will not understand the VLAN tag and will drop the frame. From a practical standpoint, a PC should get one and only one VLAN so it does not matter if your PC NIC supports dot1Q or not. However NICs on server machines may support 802.1Q and there are situations where this capability is useful. You may provide access to applications on server to different VLANs still providing traffic isolation. As the server NIC is 802.1Q capable it can receive traffic from different VLANs on the same physical interface by establishing an 802.1Q trunk link with the switch it is directly connected to.
0 comments:
Post a Comment