802.1q VLANS allow different ports on a switch to be in different broadcast domains. They also specifiy a new frame format which can be used to extend VLAN (broadcast domain) information between switches.
Normal Ethernet II frame
--------------------------------------------------------------------------------------------------
| DA = 6 octets | SA = 6 octets | Type = 2 octets | DATA = 46-1500 Octets | FCS = 4 octets |
--------------------------------------------------------------------------------------------------
802.1q tagged frame
----------------------------------------------------------------------------------------------------------------
| DA | SA | TY = 0x8100 | 802.1q info = 2 bytes | Original TYPE | DATA = 46-1500 Octets | FCS = 4 octets |
----------------------------------------------------------------------------------------------------------------
The 802.1q info is
-----------------------------------------------------
| prio = 3bits | 0 | vlan number = 12 bits (0-4095) |
-----------------------------------------------------
3 bits priority (can be used for QOS)
1 bit CFI (canonical format indicator 0 usually)
12 bits vlan number (0-4095)
A normal switch/bridge port that talks to a normal workstation is called an access port and only accepts normal Ethernet II frames. The switch will have been programmed to assign a vlan ID to all frames that come in from a access port. It will only send frames that are tagged with the vlan ID out the port, though it will remove all vlan information. This allows each VLAN to be a separate broadcast domain, IE a separate network at layer 3.
Trucked ports are used between switches and each frame contains all the 802.1q tag information. So as a frame travels between switches it maintains all vlan information. A truck port can carry all vlans or only a subset of available vlans, as needed.
Two switches each with 4 ports. They have two vlans configured on them. They have workstations on the access ports and they each have one port configured a a trunck linking bewteen them. I have added colors to make the VLAN membership of the ports more clear.
And lets start with a empty 802.1d learning bridge table on both switches
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | 2 | 2 | 3 | 3 | 4 | 4 |Now workstation with ethernet addesss ....c3:35 sends a normal ethernet frame to the broadcast ethernet address (ff:ff:ff:ff:ff:ff). How does the table change?
....c3:35 is on port 3 of switch 2. That port is set as a access port for vlan 50. So it accepts the normal frame. Switch 2 learns that ....c3:35 is reachable through port 3. Now the forward tables look like this:
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | 2 | 2 | 3 | 3 | ....c3:35 4 | 4 |It will then send it out all ports of switch 2 *that are on the same VLAN* (except the port it received it on). That would only be port 1. And port one is configured as a Tagged Truck port, so it sends it out port one with the 802.1q tag saying it belongs to vlan 50.
It arrives at switch 1 on port 4, and switch one learns that ....c3:35 is reachable via port 4. Now the tables look like:
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | 2 | 2 | 3 | 3 | ....c3:35 4 | ....c3:35 4 |
Switch 1 sees it is tagged with VLAN 50. It sees the destination address is broadcast. So it sends it out all ports that a programmed for vlan 50 (except the port it received it on). That would be ports 1 and 3. Those ports are configured as access ports so it send it out as a normal ethernet frame. Stations ....c3:23 and ....c3:21 receive the broadcast sent by ....:c3:35
Note that only when a switch receives a frame does it update the 802.1d forwarding table.
Now lets look at another scenario. Station with ethernet address ....:c3:23 sends with a destination ethernet address of ....:c3:d5.
....:c3:23 is on port 3 of switch 1. This port is configured as a access port for VLAN 50. When switch 1 receives the frame on port 3 it adjusts its learned table.
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | 2 | 2 | 3 | ....c3:23 3 | ....c3:35 4 | ....c3:35 4 |it then looks at the destination ethernet address ....c3:35. Switch one sees that ....c3:35 is know to be reachable via port 4. So it forwards the frame out port 4 only. Since port 4 is configured as a tagged trunk, it adds the 802.1q tag to the frame indicating this frame is on VLAN50.
Switch 2 receives the frame on port 1. The tag says VLAN50. Switch 2 then makes note that the source ethernet address of the frame, ....c3:23 is reachable on port 1.
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | ....c3:23 2 | 2 | 3 | ....c3:23 3 | ....c3:35 4 | ....c3:35 4 |Now switch 2 looks at the destination ethernet address. ....:c3:35 and sees that it knows this address is reachable through port 3. So switch 2 only sends the frame out port 3. Since port 3 is configured as a access port, it sends it out as a normal frame.
Now lets watch what happens when station ....:c3:22 sends to ....c3:34. The frame arrives at switch one on port 2. Switch one makes note that ....:c3:22 is reachable through port 2.
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | ....c3:23 2 | ....c2:22 2 | 3 | ....c3:23 3 | ....c3:35 4 | ....c3:35 4 |And since port 2 is configured as a access port for VLAN60, the switch notes that too. The destination of the ethernet frame is ....c3:34, and thisi is not in the switch 1 forwarding table. So switch 1 has to treat this frame the same as if it was destined for the broadcast ethernet address. It sends it out all ports that carry VLAN60, except the port it received it on. So it sends it out port 4. Since port 4 is configured as a tagged trunk port, it sends it out with the 802.1q format frame, which includes the vlan number.
Switch 2 receives the frame on port 1. It adds the source address of the frame to the learned bridge table for switch 2.
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | 1 | ....c3:23, ....c3:22 2 | ....c2:22 2 | 3 | ....c3:23 3 | ....c3:35 4 | ....c3:35 4 |Switch two then looks for the destination ethernet address of this frame in it's table. I doesn't find it, so switch 1 has to treat this frame the same as if it was destined for the broadcast ethernet address. It sends it out all ports that carry VLAN60, except the port it received it on. It will send it out port 2 and port 4 switch 2. In both cases the ports are configured as access ports, so the frame is sent in the normal format.
Two interesting things happened here. First, the frame DID reach its destination. Station ....:c3:34 on port 2 received it. But so did ....:c3:c6 on port 4. Second, niether switch has yet learned where ....:c3:34 is. Switches only learn where a station is when that station transmits.
Now lets assume that all stations on the switch have transmitted at least one frame and the forwarding tables is fully populated.
Switch 1 Switch 2 Port | Ethernet addresses seen Port | Ethernet addresses seen 1 | ....c2:21 1 | ....c3:21, ....c3:22, ....c3:23 2 | ....c2:22 2 | ....c3:34 3 | ....c3:23 3 | ....c3:35 4 | ....c3:34, ....c3:35, ....c3:36 4 | ....c3:36What happens now when station with address ..c3:34 sends to the broadcast address ff:ff:ff:ff:ff:ff? The frame arrives at switch two port 2. Switch two will update the forwarding table. ..c3:34 is still reachable via port 2. Then since the destination ethernet address is the broadcast address, switch two will forward it out all ports on the same VLAN, VLAN 60. It forwards it out port 4 as a normal frame since port 4 is configured as a access port. It forwards it out port 1 as a 802.1q tagged frame since port 1 is confgiured as a tagged trunk.
Switch one port 4 receives the tagged frame, and since the destination ethernet address is the broadcast address, switch one will forward it out all ports on the same VLAN, VLAN 60. So it forwards it out port 2 as a normal frame since port 4 is configured as a access port.