VLAN Identification – Your Ultimate Guide to Master VLAN Tagging (Updated 2025)

/ /

VLAN Identification – Your Ultimate Guide to Master VLAN Tagging (Updated 2025)

Virtual Local Area Networks (VLANs) are a cornerstone of modern network design, enabling segmentation, security, and efficient traffic management in Ethernet networks. For CCNA and CCNP students, mastering VLAN tagging for VLAN identification, particularly the IEEE 802.1Q standard, is essential for configuring and troubleshooting Cisco switches. This article explores VLAN tagging, native VLANs, and voice VLANs, providing clear explanations, Cisco IOS configuration examples, and practical insights to help you excel in your certification exams and real-world networking tasks.

Table of Contents

The Layer 2 devices use Ethernet frame header information to send packets without having routing tables. Usually, the Ethernet frame header does not contain any information about the virtual local area network (VLAN), so when Ethernet frames arrive in a trunk, the virtual local area network (VLAN) information should be added to the frame.

This method is called tagging. The standard for VLAN tagging is IEEE 802.1Q. The 802.1Q header includes a 32-bit tag inserted inside the original Ethernet frame header, specifying the VLAN to which the frame belongs.

When the switch receives an Ethernet frame on a port in access mode and is assigned a VLAN, the switch inserts a virtual local area network (VLAN) tag into the received frame header, calculates the FCS again, and sends out the tagged frame to the trunk port.

Understanding the 802.1Q VLAN Tag Fields

The IEEE 802.1Q standard defines a 32-bit tag inserted into the Ethernet frame header to identify the VLAN to which a frame belongs. This tag is added when frames traverse a trunk link, enabling switches to differentiate traffic from multiple VLANs. Below are the key fields of the 802.1Q VLAN tag:

A diagram illustrating IEEE 802.1Q VLAN tagging in an Ethernet frame. The frame is divided into segments: Destination Address (6 bytes), Source Address (6 bytes), VLAN Tag (4 bytes), Type/Length (2 bytes), Data (46-1500 bytes), and FCS (4 bytes). The VLAN Tag is highlighted and further broken down into TPID (2 bytes), TCI (2 bytes), which includes PCP (3 bits), DEI (1 bit), and VID (12 bits). The diagram uses orange to emphasize the VLAN Tag and its components against a light blue background.
  • Tag Protocol Identifier (TPID): A 16-bit field set to 0x8100 (hexadecimal) to indicate that the frame carries an 802.1Q tag.
  • Priority Code Point (PCP): A 3-bit field that specifies the frame’s priority level (0–7) for Quality of Service (QoS). Higher values indicate higher priority, crucial for voice or video traffic.
  • Canonical Format Identifier (CFI): A 1-bit field, typically set to 0 for Ethernet networks. It ensures compatibility when carrying Token Ring frames over Ethernet (rarely used today).
  • VLAN Identifier (VID): A 12-bit field that identifies the VLAN (0–4095). Values 0 and 4095 are reserved, leaving 1–4094 for user VLANs.

When a switch receives a frame on an access port, it inserts the VLAN tag (based on the port’s assigned VLAN), recalculates the Frame Check Sequence (FCS), and forwards the tagged frame over a trunk port. The tag is removed when the frame exits an access port on the destination switch.

802.1Q Frame Structure (Text Description for Accessibility):
The Ethernet frame with an 802.1Q tag includes:

  • Destination MAC Address (6 bytes)
  • Source MAC Address (6 bytes)
  • TPID (2 bytes, 0x8100)
  • VLAN Tag (2 bytes: 3-bit PCP, 1-bit CFI, 12-bit VID)
  • EtherType/Length (2 bytes)
  • Payload (variable length)
  • FCS (4 bytes)

Native VLANs and 802.1Q Tagging

Tagged Frames on the Native virtual local area network (VLAN)

In an 802.1Q trunk, the native VLAN typically carries untagged frames. Cisco switches expect untagged frames for the native VLAN and may drop tagged frames with a VLAN ID matching the native VLAN, depending on the configuration. To ensure compatibility, configure devices (e.g., switches, routers) to send untagged frames for the native VLAN. Non-Cisco devices may tag native VLAN traffic, which requires careful configuration to avoid frame drops.

Untagged Frames on the Native VLAN

When a trunk port receives untagged frames, it forwards them to the native VLAN. If no devices are associated with the native VLAN and no other trunk ports are present, the switch drops the frame. When configuring an 802.1Q trunk port, the native VLAN ID is assigned as the default Port VLAN ID.

All untagged traffic coming in and out of the 802.1Q port is forwarded based on the PVID. For example, if VLAN 10 is native, every untagged data is sent to VLAN 10 with a PVID of 10. If the native has not been configured, the PVID value for the native VLAN is 1 because the default native VLAN is 1.

Voice VLAN Tagging

A graphic illustrating a network setup with the phrase ‘Tag Your Voice VLAN’ prominently displayed. The image shows a central server connected to two laptops and a desktop computer via blue arrows indicating network flow, all against a white background. The NetworkTut logo is visible in the bottom right corner.
Voice VLAN Network Configuration Diagram

A separate voice VLAN is required for voice-over IP support. The port connecting the Cisco IP phone can be configured to use two VLANs: voice and data traffic.

The link between the IP phone and the switch works like a trunk to carry voice and data VLAN traffic. The Cisco IP Phone has a three-port 10/100 switch. These ports give dedicated connections to these devices:

  1. Port-1 – Connects the IP phone to the switch or other VoIP (Voice Over Internet Protocol) devices.
  2. Port-2 – This port is an internal 10/100 interface that carries the IP phone traffic.
  3. Port-3 – This access port connects to a PC or other device.

On the switch, the switch port is configured to send CDP (Cisco Discovery Protocol) packets and instruct an attached IP phone to send voice traffic to the switch in one of the following ways, depending on the type of traffic:

  1. In a voice VLAN tagging with a Layer 2 class of service priority value.
  2. In; an access VLAN tagging with a Layer 2 class of service priority value.
  3. In an access VLAN, untagged without a Layer 2 class of service priority value.

Configuring VLAN Tagging, Native VLANs, and Voice VLANs on Cisco Switches

This section provides step-by-step Cisco IOS commands to configure VLAN tagging, native VLANs, and voice VLANs on a Cisco switch. These examples assume a Catalyst switch running IOS.

1. Creating and Assigning VLANs

# Enter global configuration mode
Switch> enable
Switch# configure terminal

# Create VLAN 10 (Data) and VLAN 20 (Voice)
Switch(config)# vlan 10
Switch(config-vlan)# name DATA
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name VOICE
Switch(config-vlan)# exit

2. Configuring an Access Port

# Assign VLAN 10 to an access port (e.g., GigabitEthernet0/1)
Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# exit

3. Configuring a Trunk Port with Native VLAN

# Configure a trunk port (e.g., GigabitEthernet0/2) with VLAN 10 as native
Switch(config)# interface GigabitEthernet0/2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# exit

4. Configuring a Voice VLAN

# Configure a port (e.g., GigabitEthernet0/3) for an IP phone with voice VLAN 20
Switch(config)# interface GigabitEthernet0/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# switchport voice vlan 20
Switch(config-if)# spanning-tree portfast
Switch(config-if)# exit

Verification Commands

# Verify VLAN configuration
Switch# show vlan brief

# Verify trunk port configuration
Switch# show interfaces trunk

# Verify voice VLAN configuration
Switch# show interfaces GigabitEthernet0/3 switchport

Note: Ensure the switch supports Cisco Discovery Protocol (CDP) for voice VLAN functionality, as it is enabled by default.

Troubleshooting VLAN Tagging Issues

Common VLAN issues can disrupt network connectivity. Below are troubleshooting steps for VLAN tagging, native VLANs, and voice VLANs.

1. Native VLAN Mismatch

  • Symptoms: Connectivity issues between switches, error messages in logs.
  • Verification: Use show interfaces trunk to check the native VLAN on both ends of the trunk.
  • Solution:Switch(config)# interface GigabitEthernet0/2 Switch(config-if)# switchport trunk native vlan 10 Ensure both switches use the same native VLAN.

2. Trunk Port Misconfiguration

  • Symptoms: VLAN traffic is not passing over the trunk.
  • Verification: Check allowed VLANs with show interfaces trunk.
  • Solution:Switch(config)# interface GigabitEthernet0/2 Switch(config-if)# switchport trunk allowed vlan add 20

3. Voice VLAN Not Working

  • Symptoms: IP phone not receiving voice VLAN assignment.
  • Verification: Confirm CDP is enabled (show cdp neighbors) and check the voice VLAN with show interfaces switchport.
  • Solution:Switch(config)# interface GigabitEthernet0/3 Switch(config-if)# switchport voice vlan 20

4. Dropped Frames on Native VLAN

  • Symptoms: Untagged traffic not reaching the destination.
  • Verification: Ensure the native VLAN exists (show vlan brief).
  • Solution: Create the native VLAN if missing:Switch(config)# vlan 10 Switch(config-vlan)# name NATIVE

Tip: Use debug vlan or debug cdp packets for advanced troubleshooting, but enable with caution in production environments.

Conclusion – VLAN Identification

Mastering VLAN tagging, native VLANs, and voice VLANs is critical for CCNA and CCNP students aiming to excel in Cisco certifications and real-world network administration. The IEEE 802.1Q standard enables efficient network segmentation, enhances security, and supports quality of service for voice traffic, making it a cornerstone of modern Ethernet networks. By understanding the 802.1Q frame structure, configuring trunk ports, managing native VLANs, and setting up voice VLANs for Cisco IP phones, you’ll build a strong foundation for designing and troubleshooting enterprise networks.

FAQs

  • What is VLAN tagging, and why is it used?

    VLAN tagging, based on the IEEE 802.1Q standard, adds a 32-bit tag to Ethernet frames to identify the VLAN they belong to. It’s used on trunk links to allow switches to differentiate traffic from multiple VLANs, enabling network segmentation and efficient traffic management.

Asad Ijaz

NetworkUstad's lead networking architect with CCIE certification. Specializes in CCNA exam preparation and enterprise network design. Authored 2,800+ technical guides on Cisco systems, BGP routing, and network security protocols since 2018. Picture this: I'm not just someone who writes about tech; I'm a certified expert in the field. I proudly hold the titles of Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). So, when I talk about networking, I'm not just whistling in the dark; I know my stuff! My website is like a treasure trove of knowledge. You'll find a plethora of articles and tutorials covering a wide range of topics related to networking and cybersecurity. It's not just a website; it's a learning hub for anyone who's eager to dive into the world of bits, bytes, and secure connections. And here's a fun fact: I'm not a lone wolf in this journey. I'm a proud member and Editor of Team NetworkUstad. Together, we're on a mission to empower people with the knowledge they need to navigate the digital landscape safely and effectively. So, if you're ready to embark on a tech-savvy adventure, stick around with me, Asad Ijaz Khattak. We're going to unravel the mysteries of technology, one article at a time!"

→ Asad Ijaz

1 Comment

  1. jon
    August 26, 2019 @ 10:14 am

    Large amount of simdatabase collected from all cellular service providers
    in Pakistan, India, and Afghanistan. Check the name of the owner,
    address and all details of owner of the sim.