User Guide
Key Concepts 503
Tagged and untagged VLAN membership
Switches typically allow ports to be either untagged or tagged members
of a VLAN. If a port is an untagged member of a VLAN, packets
transmitted on the port contain no VLAN information. If a port is a
tagged member of a VLAN, packets transmitted on the port contain the
VLAN ID as specified in the 802.1Q standard. Tagged and untagged ports
can coexist in the same VLAN group. When setting up VLANs, you need
to understand when to use untagged and tagged membership of VLANs.
Ports should be untagged if they are connected to devices that do not
support 802.1Q VLAN tagged packets. Typically, end-stations will drop
VLAN tagged packets and so should be connected to untagged ports.
A port can also be an untagged member of a VLAN if the port is a
member of one VLAN only. However, if a port needs to be a member of
multiple VLANs, tagged membership must be defined. For example, if
multiple VLANs need to be carried over an inter-switch link, the ports at
each end of the link should be defined to be tagged members of the
VLANs. When a port needs to be a member of multiple VLANs, it can still
be an untagged member of one of these VLANs but it has to be defined
to be a tagged member of all other VLANs.
In a network where the VLANs are distributed amongst more than one
switch, you must use 802.1Q tagged connections so that all VLAN traffic
can be passed along the links between the switches. 802.1Q tagging can
only be used if the devices at both ends of a link support IEEE 802.1Q.
In Figure 260
, the simple example below, each switch has end-stations in
VLAN 1 and VLAN 2. All end-stations in VLAN 1 need to be able to
connect to the server in VLAN 1 that is attached to Switch 1 and all
end-stations in VLAN 2 need to connect to the server in VLAN 2 that is
attached to Switch 2. The two VLANs are distributed between the two
switches by making the ports at each end of the link that connects Switch
1 to Switch 2 tagged members of VLANs 1 and 2.