Tagging

Allows a frame to get to the destination machine with muliple switches and VLANs in a network.

  • The VLAN port tags an incoming frame.
  • If the destination device is connected to the same switch, the frame is sent directly to the device’s access port.
  • If the destination device connects to a different switch the initial switch sends the frames out its trunk port.
    • Trunk ports connect to other trunk ports on other switches and allow switches to relay packets between switches.
    • If the trunk port has a native VLAN that differes from the tag placed on the frame as it entered the access port, the switch leaves the tag on the frame and send the tagged frame to the next switch.
    • If the trunk port’s native VLAN is the same as the access port’s VLAN, then the switch drops the tag and sends the untagged frame out the trunk port.
  • Native VLANs
    • Exist to provide compatibility with older/simpler non-VLAN tagging switches.
    • Opens network to a double-tagging attack
    • Modern networks set the native VLAN to an unused VLAN and the trunk port is configured to tag its native VLAN traffic also.