802.1Q Native VLAN concept Explained

802.1Q trunking protocol supports two types of frames: tagged and untagged. A tagged frame carries VLAN identification information. An untagged frame does not carry any VLAN identification information.

802.1Q is a trunking protocol. IEEE developed it for trunk connections. A trunk connection carries traffic of multiple VLANs. 802.1Q adds VLAN information in each frame to identify its VLAN. To add VLAN information, it uses a 4-byte field called a tag. It inserts the tag into the header of the Ethernet frame.

A frame with a tag is called a tagged frame. A frame without a tag is called an untagged frame. Only truck ports understand the tagging concept. End devices do not understand tagged frames. They neither send a tagged frame nor process it.

A trunk port must convert a tagged frame into an untagged frame before forwarding it to an end device. Since a trunk port removes the tag from frames before forwarding them to end devices, this mechanism does not create any issues if two trunk ports are directly connected.

Let us take an example. The following image shows a network. In this network, PC-A and PC-C are members of VLAN-10. PC-B and PC-D are members of VLAN-20. S1 and S2 have a trunk connection.

The following steps explain the broadcast communication in VLAN-10.

• PC-A sends a broadcast frame.
• The broadcast frame reaches S1.
• S1 adds a tag to the frame and forwards it from the trunk port.
• The tag contains VLAN information.
• The tagged frame reaches S2 on the trunk port.
• S2 reads VLAN information from the tagged frame, removes the tag, and forwards the frame from the ports configured in VLAN-10.

Since PC-C is connected to a port configured in VLAN-10, it receives the broadcast frame.

VLAN-10 has two PCs. As the above steps explain, both can communicate through broadcast messages. This network topology has no issue.

Now, let us take another example. The following image shows a network. In this network, PC-A and PC-C are members of VLAN-10. PC-B, PC-D, and Server1 are members of VLAN-20. In it, S1 and S2 have a trunk connection through a hub. A hub is a layer-1 device. It does not understand frames. When it receives frames on a port, it forwards them from all other ports.

The following steps explain the broadcast communication between PC-B, PC-D, and Server1.

• PC-B sends a broadcast frame.
• The broadcast frame reaches S1.
• S1 adds a tag to the frame and forwards it from the trunk port.
• The tag contains VLAN information.
• The broadcast frame reaches Hub.
• Hub forwards it from all other ports.
• The tagged frame reaches Server1 and S2 on the trunk port.
• Server1 does not understand the tagged frame. It drops the frame.
• S2 reads VLAN information from the tagged frame, removes the tag, and forwards the frame from the ports configured in VLAN-20.
• Since PC-D is connected to a port configured in VLAN-20, it receives the broadcast frame.

VLAN-20 has two PCs and one Server. As the above steps explain, only PCs can communicate through broadcast messages. Broadcast messages do not reach Server1. This network has a layout problem.

To solve this problem, you have the following options.

1. Connect trunk ports directly and move Server1 to S2.
2. Change the trunking protocol to 802.1Q.

The first option is complex and needs a change in the physical layout of the network. The second option is easy and does not need any change in the physical layout. You only need to set the default trunking protocol to 802.1Q. On Cisco switches, 802.1Q is the default trunking protocol.

Native VLAN concept of 802.1Q

802.1Q allows us to configure a native VLAN. A native VLAN is a VLAN that you configure on the trunk port. For example, if you configure VLAN-20 on the trunk port, VLAN-20 becomes the native VLAN.

802.1Q does not insert VLAN identification tags into frames that belong to the native VLAN. It forwards them in their original condition. It inserts a VLAN identification tag into a frame only if the frame does not belong to the native VLAN.

For example, if you configure VLAN-20 on a trunk port, it does not tag frames that the switch receives on ports having VLAN-20. It will tag frames that the switch receives on ports not having VLAN-20.

How native VLANs work

Let us take the preceding example to understand the workflow of native VLANs. Suppose we configured VLAN-20 as the native VLAN on trunk ports.

The following steps explain the broadcast communication between PC-B, PC-D, and Server1.

• PC-B sends a broadcast frame.
• The broadcast frame reaches S1.
• Since S1 receives this broadcast frame on a port that belongs to the native VLAN, it forwards the frame in its original condition from the trunk port.
• The broadcast frame reaches Hub.
• Hub forwards it from all other ports.
• The broadcast frame reaches Server1 and S2 on the trunk port.
• Since the frame is in its original condition, Server1 accepts and processes it.
• Since S2 receives the frame in its original condition, it assumes the frame belongs to the native VLAN.
• We configured VLAN-20 as the native VLAN.
• S2 forwards the frame from the ports configured in the native VLAN.
• Since PC-C is connected to a port configured in VLAN-20, it receives the broadcast frame.

This way, the native VLANs concept solves layout problems without changing the physical layout or disturbing the trunking functionality of the trunk port. The following image shows how 802.1Q forwards both tagged and untagged frames.

Key points:-

• 802.1Q trunks support two types of frames: tagged and untagged.
• An untagged frame does not carry any VLAN identification information in it.
• A tagged frame carries VLAN identification information in it.