802.1q is a standard to support Virtual LANs (VLAN) in a network of interconnected switches. The frames have an additional identifier called VLAN tag or Identifier. It is not necessary that all the switches in the network, support 802.1q standard. The switches that support 802.1q can work with those that do not.
There can be two kinds of frames in the network;
- untagged frames.
- VLAN tagged frames.
The untagged frames are considered to be tagged with the default VLAN Identifier that is defined to be 1. Within the switch, the untagged frames are treated as if they are associated with a VLAN tag of 1.
Frames having the same VLAN tag belong to an equivalence class and are treated similarly. VLAN tagging can happen at the ingress of a switch. Each port is associated with a Port VLAN Identifier (PVID). The untagged frames that arrive at this port will then be tagged with a VLAN Identifier equal to the PVID. When a computer is directly connected to a switch, it may be desirable to assign a VLAN Identifier to the frames coming from and to the computer. Typically host computers do not want to bother about VLAN tags, so it is a better solution to let the switch assign VLAN tags based on the port to which the computer is connected. Similarly in the return path, for frames going from the switch to the computer, the switch can strip the VLAN tags at the egress.
A VLAN consists of a VLAN Identifier associated with a set of ports on the switch called the port set. Since the virtual network will span multiple switches, in each switch the same VLAN Identifier has to be associated with the set of ports required. This configuration will have to be done on all the switches from a management entity. Thus a VLAN consists of a set of ports across many switches, mapped to a VLAN Identifier.
A port can belong to any number of VLANs. Each VLAN also has an untagged port list. This is the list of ports on which, the frames belonging to this VLAN will be untagged before being sent out of the switch.
At a port level one can associate the following
● Port VLAN Identifier : VLAN Identifier to be used for VLAN tag insertion for untagged frames coming into the switch on this port
● Accept Only VLAN Tagged frames : If set all untagged frames coming into the switch on this port shall be dropped
● Ingress VLAN Filtering : If set, the frame shall be accepted only if this port belongs to the VLAN port set of the VLAN Identifier associated on the frame.
