VLANs can span multiple connected switches, which (as we stated earlier) Cisco calls a switch- fabric. Switches within the switch-fabric must keep track of frames as they are received on the switch ports, and they must keep track of the VLAN they belong to as the frames traverse the switch-fabric. Switches use frame tagging to perform this function. Switches can then direct frames to the appropriate port.
There are two types of links in a switched environment:
Access link An access link is a link that is part of only one VLAN, which is referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN membership. This device just assumes it is part of a broadcast domain, with no understanding of the physical network. Switches remove any VLAN information from the frame before it is sent to an access-link device. Access-link devices can not communicate with devices outside of their VLAN unless the packet is routed through a router.
Trunk link Trunks can carry multiple VLANs. Originally named after the trunks of the telephone system, which carry multiple telephone conversations, a trunk link is used to connect switches to other switches, to routers, or even to servers. Trunk links are supported on FastEthernet or Gigabit Ethernet only. To identify the VLAN that a frame belongs to, Cisco switches support two identification techniques: Inter-Switch Link (ISL) and 802.1Q. Trunk links are used to transport VLANs between devices and can be configured to transport all VLANs or just a few VLANs. Trunk links still have a native VLAN, and that VLAN is used if the trunk link fails.
The switch in an internetwork needs a way to keep track of users and frames as they travel the switch-fabric and VLANs. Frame identification, called frame tagging, uniquely assigns a user- defined ID to each frame. This is sometimes referred to as a VLAN ID or color.
Frame tagging is used to identify the VLAN that the packet belongs to. The tag is placed on the frame as it enters the first switch it runs into. As long as the frame does not exit out a non- trunk port, the frame keeps the identifying tag. This enables each switch to see what VLAN the frame belongs to, and each switch that the frame reaches must identify the VLAN ID and then determine what to do with the frame based on the filter table. If the frame reaches a switch that has another trunk link, the frame can be forwarded out the trunk link port. After the frame reaches an exit to an access link, the switch removes the VLAN identifier. The end device receives the frames without having to understand the VLAN identification.
If you are using NetFlow switching hardware on your Cisco switches, this enables devices on different VLANs to communicate after taking just the first packet through the router. This means that communication can occur from port to port on a switch, instead of from port to router to port, when traversing VLANs.
To keep track of frames traversing a switch-fabric, VLAN identification is used to identify which frames belong to which VLAN. There are multiple trunking methods:
Inter-Switch Link (ISL) Proprietary to Cisco switches, ISL is used for FastEthernet and Gigabit Ethernet links only. It can be used on switch ports and router interfaces as well as server interface cards to trunk a server. Server trunking is good if you are creating functional VLANs and don’t want to break the 80/20 rule. The server that is trunked is part of all VLANs (broadcast domains) simultaneously. The users do not have to cross a layer 3 device to access a company-shared server.
IEEE 802.1Q Created by the IEEE as a standard method of frame tagging. It actually inserts a field into the frame to identify the VLAN.
LAN Emulation (LANE) Used to communicate with multiple VLANs over ATM.
802.10 (FDDI) Used to send VLAN information over FDDI. Uses a SAID field in the frame header to identify the VLAN. This is proprietary to Cisco devices.
The Cisco Switching exam covers only the ISL and 802.1Q methods of VLAN identification.
It is possible for a packet to move from one type of network, such as FDDI, to another, such as Ethernet. Ethernet, FDDI, Token Ring, and ATM have standards enabling the switch to translate one type into a different type. The configuration on the switch requires specifically stating that VLAN 53 is the same thing as ATM ELAN 953, for example. The code for this is derived from translational bridging.
Inter-Switch Link Protocol (ISL) is a way of explicitly tagging VLAN information onto an Ethernet frame. This tagging information enables VLANs to be multiplexed over a trunk link through an external encapsulation method. By running ISL, you can interconnect multiple switches and still maintain VLAN information as traffic travels between switches on trunk links.
Cisco created the ISL protocol, and therefore ISL is proprietary to Cisco devices only. If you need a nonproprietary VLAN protocol, use the 802.1Q, which is covered next in this chapter.
ISL is an external tagging process, which means that the original frame is not altered but instead is encapsulated with a new 26-byte ISL header and a 4-byte frame check sequence (FCS) field at the end of the frame. Because the frame is encapsulated with information, only ISL- aware devices can read the frame. Token Ring devices can also be connected with the appropriate ports, if VTP version 2 is being used. The size of the frame can be up to 1548 bytes long for Ethernet and 17,878 bytes for Token Ring.
On multi-VLAN (trunk) ports, each frame is tagged as it enters the switch. ISL network interface cards (NICs) enable servers to send and receive frames tagged with multiple VLANs, so the frames can traverse multiple VLANs without going though a router, which reduces latency. This technology can also be used with probes and certain network analyzers. In addition, it enables users to attach to servers quickly and efficiently without going through a router every time they need to communicate with a resource. Administrators can use the ISL technology to simultaneously include file servers in multiple VLANs, for example.
It is important to understand that ISL VLAN information is added to a frame as soon as that frame enters the switch. The ISL encapsulation is removed from the frame if the frame is forwarded out an access link.
Preventing communication from one VLAN to another might be desirable, but the network design might still require that some devices have access to all VLANs. In addition to configuring a filter on a router, you can install a network card that is ISL or 802.1Q capable. This enables an e-mail server or database server to be directly connected to all VLANs without a router being involved.
Unlike ISL, which uses an external tagging process and encapsulates a frame with a new ISL encapsulation, 802.1Q uses an internal tagging process by modifying the existing internal Ethernet frame. To access both links and trunk links, the frame looks as if it is just a standard Ethernet frame because it is not encapsulated with VLAN information. The VLAN information is added to a field within the frame itself.
Like ISL, the purpose of 802.1Q is to carry the traffic of more than one subnet down a single cable. 802.1Q tags the frame in a standard VLAN format, which allows for the VLAN implementations of multiple vendors. The standard tag allows for an open architecture and standard services for VLANs and a standard for protocols in the provision of these services. Because adding VLAN information to a frame affects the frame length, two committees were created to deal with this issue: 802.3ac and 802.1Q.
The VLAN frame format defined in both the 802.1Q and 802.3ac is a 4-byte field that is inserted between the original Ethernet frame Source address field and the Type or Length field. The CRC of the frame must be recomputed whenever the VLAN information is inserted or removed from the frame. The Ethernet frame size can now be up to 1522 bytes if a tag is inserted.
The VLAN Tag Protocol Identifier (TPID) is globally assigned and uses an EtherType field value of 0x81-00. The Tag Control Information (TCI) is a 16-bit value and has three fields contained within:
User Priority A 3-bit field used to assign up to eight layers of priority. The highest priority is 0, and the lowest is 7 (specified in 802.1Q).
Canonical Format Indicator (CFI) A 1-bit field that is always a 0 if running an 802.3 frame. This field was originally designed to be used for Token Ring VLANs, but it was never implemented except for some proprietary Token Ring LANs.
VLAN ID (VID) The actual VLAN number that the frame is assigned upon entering the switch (12 bits). The reserved VLAN IDs are as follows:
0x0-00 Null, or no VLAN ID, which is used when only priority information is sent
0x0-01 Default VLAN value of all switches
Because Ethernet frames can not exceed 1518 bytes, and ISL and 802.1Q frames can exceed 1518 bytes, the switch might record the frame as a baby giant frame.