Configuring 802.1q VLANs
Tagged vs Untagged
Untagged
If a port is marked as untagged on a VLAN ID, then this denotes the port is an access port on that VLAN.
- For example:
- The native VLAN ID is 1
- You have a VLAN ID of 1028
- Port 24 on a switch has been untagged on VLAN 1028
- This "access port" gives the device plugged into the port access to the network on VLAN 1028
- If we remove tagged or untagged markings entirely:
- This port is neither a trunk port nor an access port
- There will be no associations with any VLAN traffic in any form on the port
Tagged
If a port is marked as tagged on a VLAN ID, this denotes that we should expect this VLAN ID to traverse the port.
[Internet] --- WAN [Firewall] LAN
igb0 igb1 (Native) - 172.16.32.1/24
igb1.100 (VLAN 100) - 10.100.100.1/24
igb1.107 (VLAN 107) - 10.107.107.1/24
igb1.1028 (VLAN 1028) - 10.128.128.1/24
igb1.3000 (VLAN 3000) - 10.30.30.1/24
|
|
| [SWITCH]
[1] [2] [3] [4] [5] [6] [7] [8]
U U U U U U U U
1 1 107 100 1 1 1 1
T T T T T
100 100 100 100 100
107 107 107 107 107
1028 1028 1028 1028 1028
3000 3000 3000 3000 3000
| | | |
| | | |
| | | |
[ ] [ ] [ ] [ ]
---------------------
| |
| |
| VIRTUALIZATION |
| SERVER |
| [VSWITCH] |
| | | |
-------|-----|-------
| |
[VM1] [VM2]
VLAN VLAN
1028 3000Using the diagram as a reference, the following statements would be true:
- Port 1
- Untagged with VLAN ID: 1
- We want the managed switch to have an IP address and access on the native VLAN
- Tagged with VLAN IDs: 100, 107, 1028, 3000
- We expect these VLAN tags to flow across this port (trunk)
- Untagged with VLAN ID: 1
- Port 2
- Untagged with VLAN ID: 1
- The device plugged into this port should have an IP address and access on the native VLAN
- Untagged with VLAN ID: 1
- Port 3
- Untagged with VLAN ID: 107
- The device plugged into this port should have an IP address and access on 10.107.107.0/24
- Untagged with VLAN ID: 107
- Port 4
- Untagged with VLAN ID: 100
- The device plugged into this port should have an IP address and access on 10.100.100.0/24
- Untagged with VLAN ID: 100
- Port 5-8
- Untagged with VLAN ID: 1
- We want the virtualization server to have an IP address and access on the native VLAN
- Tagged with VLAN IDs: 100, 107, 1028, 3000
- We expect these VLAN tags to flow across this port (trunk), as VMs running on [VSWITCH] may be tagged with the VLAN IDs in question
- Untagged with VLAN ID: 1