IEEE 802.1Q defines a VLAN frame by adding a 4-byte 802.1Q tag between the source MAC address field and the Length/Type field in an Ethernet frame, as shown in Figure 1.
An 802.1Q tag contains four fields:
The 2-byte Type field indicates a frame type. If the value of the field is 0x8100, it indicates an 802.1Q frame. If a device that does not support 802.1Q frames receives an 802.1Q frame, it discards the frame.
The 3-bit Priority field indicates the frame priority. A greater the PRI value indicates a higher frame priority. If a switch is congested, it preferentially sends frames with a higher priority.
The 1-bit Canonical Format Indicator (CFI) field indicates whether a MAC address is in the canonical format. If the CFI field value is 0, the MAC address is in canonical format. If the CFI field value is 1, the MAC address is not in canonical format. This field is mainly used to differentiate among Ethernet frames, Fiber Distributed Digital Interface (FDDI) frames, and token ring frames. The CFI field value in an Ethernet frame is 0.
The 12-bit VLAN ID (VID) field indicates to which VLAN a frame belongs. VLAN IDs range from 0 to 4095. The values 0 and 4095 are reserved, and therefore VLAN IDs range from 1 to 4094.
VLAN links can be divided into the following types:
Access link: a link connecting a host and a switch. Generally, a PC does not know which VLAN it belongs to, and PC hardware cannot distinguish frames with VLAN tags. Therefore, PCs send and receive only untagged frames. In Figure 2, links between PCs and the switches are access links.
Trunk link: a link connecting switches. Data of different VLANs is transmitted along a trunk link. The two ends of a trunk link must be able to distinguish frames with VLAN tags. Therefore, only tagged frames are transmitted along trunk links. In Figure 2, links between switches are trunk links. Frames transmitted over trunk links carry VLAN tags.
Some ports of a device can identify VLAN frames defined by IEEE 802.1Q, whereas others cannot. Ports can be divided into four types based on whether they can identify VLAN frames:
An access port connects a switch to a host over an access port, as shown in Figure 2. An access port has the following features:
Allows only frames tagged with the port default VLAN ID (PVID) to pass.
Adds a PVID to its received untagged frame.
Removes the tag from a frame before it sends the frame.
A trunk port connects a switch to another switch over a trunk link. A trunk port has the following features:
Allows tagged frames from multiple VLANs to pass.
Directly sends the frame if the port permits the VLAN ID carried in the frame.
Discards the frame if the port denies the VLAN ID carried in the frame.
A hybrid port connects a switch to either a host over an access link or another switch over a trunk link. A hybrid port allows frames from multiple VLANs to pass and can remove VLAN tags from some outgoing VLAN frames.
An 802.1Q-in-802.1Q (QinQ) port refers to a QinQ-enabled port. A QinQ port adds an outer tag to a single-tagged frame. In this manner, the number of VLANs can meet the requirement of networks.
Figure 4 shows the format of a QinQ frame. The outer tag is a public network tag for carrying a public network VLAN ID. The inner tag is a private network tag for carrying a private network VLAN ID.
For details on the QinQ protocol, see QinQ.
VLANs are classified based on port numbers. In this mode, VLANs are classified based on the numbers of ports on a switching device. The network administrator configures a port default VLAN ID (PVID) for each port on the switch. When a data frame reaches a port which is configured with a PVID, the frame is marked with the PVID if the data frame carries no VLAN tag. If the data frame carries a VLAN tag, the switching device will not add a VLAN tag to the data frame even if the port is configured with a PVID. Different types of ports process VLAN frames in different manners.