Mac Address table on a switch will have info for you: vlan id = port = and MAC address of course;
Access ports do not tag frames; Trunk ports add trunking tag;
Packet arrives at Access port fa0/1, switch looks at Source MAC first, adds if necessary, then looks at destination MAC;
Next step depends on whether MAC is in table or not ; lets say destination is Trunk port;
Switch checks if VLAN id is in allowed group of VLans over that trunk;
SW adds trunk tag (or not in case of native vlan) and send it out;
receiving switch gets frame; looks at destination MAC; strips tag if destination MAC is access port; passes over to outgoing access port
the mac-address-table keeps track of that information. When a frame leaves the switch out accross a trunk, an ISL tag is added to the frame, or if 802.1Q trunking is used, then the tag is inserted within the frame. Frames are only tagged when crossing a trunk.
By default, when using 802.1Q trunking, the native vlan is never tagged. ISL however has no concept of the native vlan, and all frames are tagged.
-Frames are tagged when going over a trunk
-Frames are not tagged when going over an access port
-802.1Q uses the concept of a Native VLAN, no tagging for the native VLAN
-ISL does NOT use the concept fothe Native VLAN...
Thank you Martin and Joshua for clearing up the how and the when of tagging.
More on native VLAN though. Am I right to say that the native VLAN is never tagged as it is sent across a trunk? When the receiving switch receives an untagged frame, does it send the frame across all ports that are in the native VLAN or only the port for that destination mac address (assuming that is in native VLAN)?
First of all, it is possible for traffic on native VLAN to be tagged. And the technique is used specifically to avoid an attack known as double tagging, also called VLAN hopping. But to keep things clear here, let's first think about these traffic (for native VLAN) is always untagged.
Now, these traffic follows the rules that you learn earlier about how switching traffic works (I presume). So, if there is a matching MAC address for the packet in that VLAN, then the switch will forward it without a question. However, if the source is forwarding packet to an unknown destination, then we are talking about broadcast ARP messages within that subnet to get the MAC address, etc, etc. In short, a switch will always forward a frame if it's destination MAC address is known.
You've got it! Frames are never tagged when crossing a dot1q-trunk if they belong the native VLAN of the trunk.
The receiving switch will only forward the untagged native vlan frames to a specific port if the destination MAC is in its CAM or will flood the frame to all ports belonging to that VLAN, if the destination is NOT in its CAM.
So you've got it straight!
Please see the 802.1q erhernate frame In vlan tag u can see the vlan id & it can get by the port configeration for switchports (Vlan assinged to the port) thats how the traunk port comes to know from which vlan it came.
The secound question in trunking their is option to allow Vlan specifically u want, but by default it tags all the vlans
I got it Chris I'm very weak with VLANs :-/ I'm having to go through a lot of stuff just to get a good basic understanding of it before I even think of going into more complicated VLAN scenrios.
Keith, thank you for the video! A good simple way of helping me understand when the packet is tagged and how basic trunking works!
Well you commented
The native VLAN is one where all traffic travels unlabeled
untagged traffic is all that traffic that belongs to the switch such as DTP, STP, CDP, VTP, IGMP Etc.
That's not to say that this is not a dot1q frame, if at all in the label field is empty now
Additional as you say if the switch places the label only when you send the link Trocal.