Hmm, trying to understand vlans a bit more. Please correct me where I'm wrong.

**I think this is right**
1. vlan tagging is used for vlan trunking
2. vlan trunking is when you want the host to be able to talk to more than 1 network.

**Questions**
3. If a switch has 2 vlans configured (vlan 1, vlan 2) and the port that the host is connected to wants to talk to those 2 vlans, then no trunking is needed. However, if 1 switch is set to vlan 1 and another set to vlan 2, then trunking is needed for the host to talk to both. Correct?

4. What does vlan tagging really do and it's only use is when you need trunking?


I think that's how it works but not really quite sure. Just need someone with better networking skills to verify these statements. Thanks!

I think we need to clear up the concept of VLAN.s A VLAN on a swich is a self contained Ethernet (OSI Layer2)broadcast domain. When you take a switch with all ports in the default VLAN which is one broadcast domain, and move say 4 ports into a separate VLAN, what you have just done is created a separate broadcast domain, in effect a new 4 port switch. None of the ports on the new vlan can interact with any of the ports on the default vlan at Layer 2. The 4 ports might as well be on a different physical switch (with no interconnection).

If you now want communications between these vlans it would need to be on a higher layer. If you connect a router between the two vlan then they can communicate at L3 while all L2 broadcast traffic remains contained. The most efficient form of this is L3 switching where the switch hardware itself performs the routing. Don't get confused though, even though a L3 switch is called a switch communication between the vlans is done by L3 rules not L2 rules. L3 might be IP or IPX or Appletalk or Decnet depending on the network.

If you want say vlan2 to exist on another switch with members able to communicate on a L2 basis on both, then you can hook a vlan 2 port on one switch into another switch and off you go. All ports on the second switch are by implicitly members of vlan2. The port on the primay switch would be a "member port" so traffic to it and from it is isolated to vlan2 and is perfectly normal ethernet frames.

However if you want both vlans to exist on both switches you now have to have two interconnecting ports yes? Otherwise how will the receiving switch know which frame is from which vlan?

802.1q frame tagging rides to the rescue with a plan so cunning you could put whiskers on it and call it a weasel. By modifying the ethernet header we can add explicite vlan tags onto each frame signifying which vlan a frame belongs to. Now as long as both switch ports agree they are talking 802.1q modified ethernet they can exchange frames between switches on a single interconnect while maintaining vlan separation.

So we can now have switches in different buildings with users belonging to a vlan distributed around the place without havving multiple interconnects to keep traffic separated.

The only way your host can communicate with more than one vlan is either via a router interconnecting the vlans, or if the host itself understands 802.1q. Normally this might be implemented on servers but I've never seen it used in a commercial application on workstations. Routers also understand 802.1q and can route between vlans on a switch with a single ethernet connection. ISL is cisco's proprietary equivalent to 802.1q, does the same job in a similar way.

Hope this helps

Thanks baldy! I get it now, I appreciate the response!

Pleasure, after all the help I've received from this board its nice to get the occasional question that land slap bang in my field, so I can give a little back.