IEEE 802.1Q
Encyclopedia
IEEE 802.1Q is the networking
standard that supports Virtual LAN
s (VLANs) on an Ethernet
network. The standard defines a system of VLAN tagging for Ethernet frame
s and the accompanying procedures to be used by bridges
and switches
in handling such frames. The standard also provides provisions for a quality of service
prioritization scheme commonly known as IEEE 802.1p
and defines the Generic Attribute Registration Protocol
The standard was developed by IEEE 802.1
, a working group
of the IEEE 802
standards committee and continues to be actively revised with notable revisions including IEEE 802.1ak, IEEE 802.1Qat and IEEE 802.1Qay.
802.1Q does not actually encapsulate the original frame. Instead, for Ethernet frames
, it adds a 32-bit field between the source MAC address
and the EtherType
/Length fields of the original frame. Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI). The TCI field is further divided into PCP, CFI, and VID.
For frames using IEEE 802.2
/SNAP
encapsulation with an OUI field of 00-00-00 (so that the protocol ID field in the SNAP header is an EtherType), as would be the case on LANs other than Ethernet, the EtherType value in the SNAP header is set to 0x8100 and the aforementioned extra 4 bytes are appended after the SNAP header.
Because inserting the VLAN tag changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS
field in the Ethernet trailer. It also increases the maximum frame size by 4 bytes.
, double-tagging can be useful for Internet service providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged. The outer (next to source MAC and representing ISP VLAN) S-TAG (service tag) comes first, followed by the inner C-TAG (customer tag). In such cases, 802.1ad
specifies a TPID of 0x88a8 for service-provider outer S-TAG.
Non-standard triple-tagging is also possible. The third tag of 4 bytes allows extended addressing and also a small hop-count. The 66-bit addressing plan now uses a fixed (non-stacking) QinQinQ format. The result is three 32-bit tags plus the 16-bit EtherType
/Length for a total of 112 bits. The two 48-bit (MAC) address fields add another 96 bits. The total header is 208-bits compared to a 320-bit IPv6 header. The 66-bit addressing is 18+48. The 18-bits are encoded 6-bits per 32-bit tag in the 12-bit VID fields. The 16-bit EtherType
/Length field can contain the Payload Size or an EtherType
for Payloads that contain their own Length, such as IPv4.
The contents of TPID0+TPID1+TPID2 contain the 48-bit MAC Address of the Source Device.
VLANs over a single link, by adding VLAN tags. However, it is possible to send frames either tagged or untagged, so to help explain which frames will be sent with or without tags, some vendors (most notably Cisco
) use the concepts of a) trunk ports and b) the native VLAN for that trunk.
The concept of a trunk port is that once a port is designated as a trunk port, it will forward and receive tagged frames.
Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the Native VLAN for this port.
For example, if an 802.1Q port has VLANs 2, 3 and 4 assigned to it with VLAN 2 being the Native VLAN, frames on VLAN 2 that egress (exit) the aforementioned port are not given an 802.1Q header (i.e. they are plain Ethernet frames). Frames which ingress (enter) this port and have no 802.1Q header are put into VLAN 2. Behaviour of traffic relating to VLANs 3 & 4 is as to be expected - frames arriving for VLANs 3 & 4 are expected to be carrying tags that identify them so, and frames leaving the port for VLANs 3 & 4 will carry their respective VLAN tag.
Note that in this case, frames received on the port and tagged with VLAN ID 2 shall still be assigned to VLAN 2, but since the VLAN configuration shall be symmetric between emitting and receiving bridges, the distant bridge may not process the returning frames : it shall expect a tagged VLAN 2 frame, but will receive only untagged frames for it, then either discard them or distribute them in the wrong VLAN (the one defined as the "untagged" one on his side).
Not all vendors use the concept of trunk ports and native VLANs. Annex D to the 1998 802.1Q standard uses the concept of trunk links, but the current (IEEE Std 802.1D- 2004) standard does not use the terms trunk or native. Some use the term "Qtrunk" to avoid confusion with 802.3ad "link aggregation" that is often named a trunk as well.
, allowing bridges to negotiate the set of VLANs to be used over a specific link.
MVRP replaced the slower GARP VLAN Registration Protocol (GVRP) in 2007 with the IEEE 802.1ak-2007 amendment.
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
standard that supports Virtual LAN
Virtual LAN
A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location...
s (VLANs) on an Ethernet
Ethernet
Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies....
network. The standard defines a system of VLAN tagging for Ethernet frame
Ethernet frame
A data packet on an Ethernet link is called an Ethernet frame. A frame begins with Preamble and Start Frame Delimiter. Following which, each Ethernet frame continues with an Ethernet header featuring destination and source MAC addresses. The middle section of the frame is payload data including any...
s and the accompanying procedures to be used by bridges
Bridging (networking)
Bridging is a forwarding technique used in packet-switched computer networks. Unlike routing, bridging makes no assumptions about where in a network a particular address is located. Instead, it depends on flooding and examination of source addresses in received packet headers to locate unknown...
and switches
Network switch
A network switch or switching hub is a computer networking device that connects network segments.The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer of the OSI model...
in handling such frames. The standard also provides provisions for a quality of service
Quality of service
The quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements...
prioritization scheme commonly known as IEEE 802.1p
IEEE 802.1p
IEEE P802.1p is the name of a task group active during 1995–98 responsible for adding traffic class expediting and dynamic multicast filtering to the IEEE 802.1D standard. Essentially, they provided a mechanism for implementing Quality of Service at the Media Access Control level...
and defines the Generic Attribute Registration Protocol
The standard was developed by IEEE 802.1
IEEE 802.1
IEEE 802.1 is a working group of the IEEE 802 project of the IEEE Standards Association.It is concerned with:* 802 LAN/MAN architecture* internetworking among 802 LANs, MANs and other wide area networks* 802 Link Security* 802 overall network management...
, a working group
Working group
A working group is an interdisciplinary collaboration of researchers working on new research activities that would be difficult to develop under traditional funding mechanisms . The lifespan of the WG can last anywhere between a few months and several years...
of the IEEE 802
IEEE 802
IEEE 802 refers to a family of IEEE standards dealing with local area networks and metropolitan area networks.More specifically, the IEEE 802 standards are restricted to networks carrying variable-size packets. IEEE 802 refers to a family of IEEE standards dealing with local area networks and...
standards committee and continues to be actively revised with notable revisions including IEEE 802.1ak, IEEE 802.1Qat and IEEE 802.1Qay.
Example application
A company wishes to provide data separation and security between network traffic from its various departments by creating separate logical networks for each of its departments dispersed throughout the enterprise, while using only one corporate physical network. A network administrator assigns a unique VLAN to each department. Edge switches on the corporate network are configured to insert an appropriate VLAN tag into all data frames arriving from equipment belonging to a given department. After the frames are transmitted on their respective VLANs through the corporate network, the VLAN tag is stripped before the frame is sent to another computer belonging to the same department.Frame format
Ethernet frame
A data packet on an Ethernet link is called an Ethernet frame. A frame begins with Preamble and Start Frame Delimiter. Following which, each Ethernet frame continues with an Ethernet header featuring destination and source MAC addresses. The middle section of the frame is payload data including any...
, it adds a 32-bit field between the source MAC address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
and the EtherType
EtherType
EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the PayLoad of an Ethernet Frame. This field was first defined by the Ethernet II framing networking standard, and later adapted for the IEEE 802.3 Ethernet networking standard.EtherType...
/Length fields of the original frame. Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI). The TCI field is further divided into PCP, CFI, and VID.
| 16 bits | 3 bits | 1 bit | 12 bits |
|---|---|---|---|
| TPID | TCI | ||
| PCP | CFI | VID | |
- Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the same position as the EtherTypeEtherTypeEtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the PayLoad of an Ethernet Frame. This field was first defined by the Ethernet II framing networking standard, and later adapted for the IEEE 802.3 Ethernet networking standard.EtherType...
/Length field in untagged frames, and is thus used to distinguish the frame from untagged frames.
- Tag Control Identifier (TCI)
- Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1pIEEE 802.1pIEEE P802.1p is the name of a task group active during 1995–98 responsible for adding traffic class expediting and dynamic multicast filtering to the IEEE 802.1D standard. Essentially, they provided a mechanism for implementing Quality of Service at the Media Access Control level...
priority. It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest); 1 represents the lowest priority. These values can be used to prioritize different classes of traffic (voice, video, data, etc). See also Class of ServiceClass of service-Class of service :As related to network technology, CoS is a 3-bit field within an Ethernet frame header when using 802.1Q tagging. The field specifies a priority value of between 0 and 7 inclusive that can be used by quality of service disciplines to differentiate traffic.While CoS operates only...
or CoSClass of service-Class of service :As related to network technology, CoS is a 3-bit field within an Ethernet frame header when using 802.1Q tagging. The field specifies a priority value of between 0 and 7 inclusive that can be used by quality of service disciplines to differentiate traffic.While CoS operates only...
. - Canonical Format Indicator (CFI): a 1-bit field. If the value of this field is 1, the MAC address is in non-canonical format. If the value is 0, the MAC address is in canonical format. It is always set to zero for Ethernet switches. CFI is used for compatibility between Ethernet and Token Ring networks. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be bridged to an untagged port.
- VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4094 VLANs. The reserved value 0x000 indicates that the frame does not belong to any VLAN; in this case, the 802.1Q tag specifies only a priority and is referred to as a priority tag. On bridges, VLAN 1 (the default VLAN ID) is often reserved for a management VLAN; this is vendor-specific.
- Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p
For frames using IEEE 802.2
IEEE 802.2
IEEE 802.2 is the IEEE 802 standard defining Logical Link Control , which is the upper portion of the data link layer of the OSI Model. The LLC sublayer presents a uniform interface to the user of the data link service, usually the network layer...
/SNAP
Subnetwork Access Protocol
The Subnetwork Access Protocol is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point fields. SNAP supports identifying protocols by Ethernet type field values; it also supports vendor-private protocol...
encapsulation with an OUI field of 00-00-00 (so that the protocol ID field in the SNAP header is an EtherType), as would be the case on LANs other than Ethernet, the EtherType value in the SNAP header is set to 0x8100 and the aforementioned extra 4 bytes are appended after the SNAP header.
Because inserting the VLAN tag changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS
Frame Check Sequence
A frame check sequence refers to the extra checksum characters added to a frame in a communication protocol for error detection and correction. Frames are used to send upper-layer data and ultimately the user application data from a source to a destination. The data package includes the message...
field in the Ethernet trailer. It also increases the maximum frame size by 4 bytes.
Double tagging
With the IEEE standard 802.1ad802.1ad
IEEE 802.1QinQ is an Ethernet networking standard formally known as IEEE 802.1adStandard approved 8 December 2005 and published May 26, 2006. and is an amendment to IEEE standard IEEE 802.1Q-1998. It is for Ethernet frame formats...
, double-tagging can be useful for Internet service providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged. The outer (next to source MAC and representing ISP VLAN) S-TAG (service tag) comes first, followed by the inner C-TAG (customer tag). In such cases, 802.1ad
802.1ad
IEEE 802.1QinQ is an Ethernet networking standard formally known as IEEE 802.1adStandard approved 8 December 2005 and published May 26, 2006. and is an amendment to IEEE standard IEEE 802.1Q-1998. It is for Ethernet frame formats...
specifies a TPID of 0x88a8 for service-provider outer S-TAG.
EtherType
EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the PayLoad of an Ethernet Frame. This field was first defined by the Ethernet II framing networking standard, and later adapted for the IEEE 802.3 Ethernet networking standard.EtherType...
/Length for a total of 112 bits. The two 48-bit (MAC) address fields add another 96 bits. The total header is 208-bits compared to a 320-bit IPv6 header. The 66-bit addressing is 18+48. The 18-bits are encoded 6-bits per 32-bit tag in the 12-bit VID fields. The 16-bit EtherType
EtherType
EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the PayLoad of an Ethernet Frame. This field was first defined by the Ethernet II framing networking standard, and later adapted for the IEEE 802.3 Ethernet networking standard.EtherType...
/Length field can contain the Payload Size or an EtherType
EtherType
EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the PayLoad of an Ethernet Frame. This field was first defined by the Ethernet II framing networking standard, and later adapted for the IEEE 802.3 Ethernet networking standard.EtherType...
for Payloads that contain their own Length, such as IPv4.
| 16 bits | 3 bits | 1 bit | 12 bits |
|---|---|---|---|
| TPID0 | PCP | CFI | VID0 |
| TPID1 | CONTENT RATING | CFI | VID1 |
| TPID2 | HOP | CFI | VID2 |
The contents of TPID0+TPID1+TPID2 contain the 48-bit MAC Address of the Source Device.
Trunk ports and the native VLAN
Clause 9 of the 1998 802.1Q standard defines the encapsulation protocol used to multiplexMultiplexing
The multiplexed signal is transmitted over a communication channel, which may be a physical transmission medium. The multiplexing divides the capacity of the low-level communication channel into several higher-level logical channels, one for each message signal or data stream to be transferred...
VLANs over a single link, by adding VLAN tags. However, it is possible to send frames either tagged or untagged, so to help explain which frames will be sent with or without tags, some vendors (most notably Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
) use the concepts of a) trunk ports and b) the native VLAN for that trunk.
The concept of a trunk port is that once a port is designated as a trunk port, it will forward and receive tagged frames.
Frames belonging to the native VLAN do NOT carry VLAN tags when sent over the trunk. Conversely, if an untagged frame is received on a trunk port, the frame is associated with the Native VLAN for this port.
For example, if an 802.1Q port has VLANs 2, 3 and 4 assigned to it with VLAN 2 being the Native VLAN, frames on VLAN 2 that egress (exit) the aforementioned port are not given an 802.1Q header (i.e. they are plain Ethernet frames). Frames which ingress (enter) this port and have no 802.1Q header are put into VLAN 2. Behaviour of traffic relating to VLANs 3 & 4 is as to be expected - frames arriving for VLANs 3 & 4 are expected to be carrying tags that identify them so, and frames leaving the port for VLANs 3 & 4 will carry their respective VLAN tag.
Note that in this case, frames received on the port and tagged with VLAN ID 2 shall still be assigned to VLAN 2, but since the VLAN configuration shall be symmetric between emitting and receiving bridges, the distant bridge may not process the returning frames : it shall expect a tagged VLAN 2 frame, but will receive only untagged frames for it, then either discard them or distribute them in the wrong VLAN (the one defined as the "untagged" one on his side).
Not all vendors use the concept of trunk ports and native VLANs. Annex D to the 1998 802.1Q standard uses the concept of trunk links, but the current (IEEE Std 802.1D- 2004) standard does not use the terms trunk or native. Some use the term "Qtrunk" to avoid confusion with 802.3ad "link aggregation" that is often named a trunk as well.
Multiple VLAN Registration Protocol
In addition, IEEE 802.1Q defines the Multiple VLAN Registration Protocol (MVRP), an application of the Multiple Registration ProtocolMultiple Registration Protocol
Multiple Registration Protocol , which replaced Generic Attribute Registration Protocol , is a generic registration framework defined by the IEEE 802.1ak amendment to the IEEE 802.1Q standard...
, allowing bridges to negotiate the set of VLANs to be used over a specific link.
MVRP replaced the slower GARP VLAN Registration Protocol (GVRP) in 2007 with the IEEE 802.1ak-2007 amendment.
Multiple Spanning Tree Protocol
The 2003 revision of the standard included the Multiple Spanning Tree Protocol (MSTP) which was originally defined in IEEE 802.1s.See also
- VLAN Trunking Protocol (VTP), a Cisco proprietary VLAN management protocol
- Cisco Inter-Switch LinkCisco Inter-Switch LinkCisco Inter-Switch Link is a Cisco Systems proprietary protocol that maintains VLAN information in Ethernet frames as traffic flows between switches and routers, or switches and switches....
(ISL), an older VLAN trunking protocol that is proprietary to CiscoCiscoCisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore... - Dynamic Trunking ProtocolDynamic Trunking ProtocolThe Dynamic Trunking Protocol is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used. It works on the Layer 2 of the OSI model...
another Cisco proprietary networking protocol.