VLAN Tagging vs Untagged vs Native in Networking (Explained)
VLAN Tagging vs Untagged vs Native in Networking (Explained). In this post, we introduce VLAN, its advantages and their different types in detail.
Earlier, hubs were the best source to connect Ethernet networks together. The only problem with the design was each host was on the same collision domain. As a result, if two or more hosts transmitted data at the same time, chances were high that the data could collide. Hence, to resolve the issues, Switches came into practice.
In switches, each port was on its own collision domain. As a result, it does not matter if multiple connected devices were sending packets at the same time.
Subsequently, switches are of many types; unmanaged or basic switches offer limited capabilities. They do not support customizable VLANs, i.e., all hosts on the switch remain in the same broadcast domain.
However, managed switches use VLANs to separate traffic. Let us discuss VLANs in detail, their benefits, drawbacks, types, and characteristics.
Shall we start with VLAN Tagging vs Untagged vs Native in Networking (Explained).
What is a VLAN?
Image source: YouTube
A Virtual Local Area Network (VLAN) is a logical grouping of devices on a physical network. Surely, it creates groups for devices and give them their own network ID, separate from the rest of the network.
VLANs help divide large networks into smaller segments. In effect, they are mostly used in conjunction with other networking technologies like switches and routers.
In effect, a VLAN operates at Layer 2 of the network and isolates the traffic. Surely, these are mostly used in Ethernet networks, FDDI, and other network types like Asynchronous Transfer Mode (ATM). In order to create a VLAN, you need to add a tag or header to every Ethernet frame.
Specifically, with VLAN, things have become much simpler and easy to administer. Since, these are cost effective and also help deliver better performance. Let us learn more about how VLAN works and what are its types.
What is the Purpose of a VLAN?
Overall, VLANs help in separating the traffic and reduce the incidence of collisions. Also, they offer increased data security and logical partition. Using VLANs, you can send data packets on broadcasts to every network device without colliding.
Earlier, each group of hosts had a separate switch, but as networks evolved it became difficult to manage separate switches. With VLANs, we have multiple LANs on the same physical network switch but still keep the traffic separate. Therefore, VLANs are a better option.
Also, they are cost effective, ease administration, tighten security, and decrease overall network latency. Further, they reduce the number of broadcasts across the network.
How VLANs Work?
Image source: Afrozahmad
In order to create a VLAN, you need to add a tag or header (assigned VLAN ID) to every Ethernet frame.
Given that, each VLAN has a number or VLAN ID for identification that provides data link access to all connected hosts. A switch has multiple ports and each one can have one or more than one VLAN IDs. In case, a port has no assigned VLAN ID, it will land in a default VLAN.
For this purpose, switches transfer the tagged frames or packets only to the ports associated with similar VLAN.
You can also create VLANs on a single device like a computer. All you need to do is assign IP addresses from different subnets to different interfaces on the device and configure routing between them. This way, they act as separate networks with their own broadcast domains and collision domains.
Characteristics of a VLAN
- Reduces the size of broadcast domains and security risk.
- All you need is a new port level configuration to change hosts on a VLAN.
- Allows connecting multiple switches without collision.
- No matter if the networks differ, VLANs allow a connecting group of devices.
- Reduces congestion and the incidence of collision.
Advantages of VLAN
- VLANs reduce the amount of traffic and improve performance.
- Offers a higher degree of control over devices and restricts management access with improved security.
- Allows making a logical grouping of devices based on functions.
- VLANs reduce the number of other hosts connected to the broadcast domain.
- Allows creating a geographical structure of the network.
- Reduces network latency and eliminates physical boundaries.
- Allows keeping hosts separated and reduces the incidence of collisions.
Disadvantages of VLAN
- Chances of data leak are possible.
- An injected data packet can also lead to cyber attacks.
- A virus in a single system can ruin the whole logical network
- Interoperability problems.
- Additional routers might be necessary to manage the workload in a large network.
Types of VLAN
Image source: Eduba
Virtual LANs (VLANs) are a layer 2 technology that allows the virtualization of a physical LAN. VLANs use switches to create logical networks that exist within a physical one.
With VLANs support, you also divide an organization into multiple broadcast domains. These are further used to provide network services like firewalls and load balancing. Here are the different types of VLANs
1. Untagged VLANs
Untagged VLANs are a type of Virtual Local Area Network (VLAN) that do not carry any specific VLAN tag. This type of VLAN is also called “native” or “access” ports on a Cisco Switch.
Using Untagged ports for connecting hosts to the network is possible, but they cannot be used as trunks. The connected hosts have no idea of any VLAN configuration. They basically send traffic without any VLAN ID or tag. The minute the packet reaches the switch port, it inserts a VLAN tag into it.
Here is how the traffic flows:
Image source: NetworkDirection
Host A forwards the traffic without a VLAN tag. As the packet reaches port 1 of the switch, it inserts or configures a VLAN tag into the frame.
Then the switch decides to forward the frame out of port 2, which is also an untagged port. So, to deliver the untagged frame as normal to Host B, it strips out the VLAN tag from the frame.
2. Tagged VLANs
Tagged VLANs are a type of Virtual Local Area Network (VLAN) that are identified with a specific VLAN tag. These help identify traffic that belongs to a particular network. Also, it allows tagging different types of traffic on a network.
Tagged VLANs also help in preventing broadcast storms and reduce congestion on networks. All you need to do is insert an extra header in the packet to tag a packet or frame.
Tagged VLANs are also known as “trunk” ports on a Cisco Switch.
Here is how the traffic flows:
Image source: NetworkDirection
Host A sends a packet without a tag on an untagged port on switch A. The switch configures it and inserts a VLAN tag into the packet. Now, Switch A decides to forward the frame to Switch B out of port 1, which is a tagged port. So, it verifies if the VLAN tag has the access to transfer on the selected port. If it matches then the switch forwards the packet. But, if the tag does not match or has the access, the switch drops the frame.
Again, Switch B determines if the tagged VLAN has the access to transfer packet on port 2. If not, it drops the frame, but if matches, it sends the packet.
Since port 2 is an untagged port, it will strip out the VLAN tag from the frame and deliver it as untagged to Host B.
3. Native VLANs
There are a few cases when an untagged frame accidentally reaches a tagged port. In such a case, tagged ports configure a special VLAN called Native VLANs. Native VLANs are a Layer 2 technology that provides a way for the same physical switch port to belong to more than one logical VLAN.
The switch assigns the untagged frame received on a tagged port to the native VLAN. If the frame leaves the trunk port, the switch strips out its VLAN tag.
In simple terms, the native VLAN is the best way to carry untagged traffic across several switches within the same broadcast domain.
Here is how the traffic flows:
Image source: NetworkDirection
Host A forwards the packet without any VLAN tag. But, Switch A receives the packet on a trunk port with no tag on it. So, it adds a VLAN ID or tag to it.
The switch now determines the port and sends the packet out with a tag that matches the native VLAN. So, it strips out the tag and delivers it to Host B.
Tagged vs Untagged vs Native VLANs - Key Difference
Image source: Pcwdld
Native VLAN
The VLAN header is an Ethernet header and is typically used to identify the VLAN that the packet belongs to. A native VLAN is one which has been assigned to a port on a switch, and all packets transmitted on that port are tagged with this VLAN ID.
Native VLANs help segregate traffic from different networks without requiring configuration at each end of the link. But, they can cause problems if there are multiple switches between two devices. In this case, it becomes difficult to determine which switch a frame should be forwarded to.
Native VLAN You can configure a native VLAN for each port. The native VLAN is like a default VLAN for untagged incoming packets. Outgoing packets for the native VLAN are sent as untagged frames. The native VLAN is assigned to any untagged packet arriving at an ingress port. At an egress port, if the packet tag matches the native VLAN, the packet is sent out without the VLAN header.
Tagged and Untagged VLAN
Tagged VLANs are those where the packet’s VLAN ID is explicitly specified in the packet’s header. Untagged packets are those which do not have an explicit tag for their VLAN ID.
A VLAN tagged port can be configured to carry multiple VLANs simultaneously. While Untagged port can carry One Data VLAN and one Voice VLAN at maximum.
Only tagged packets can pass; other or untagged packets will be dropped. On the otherhand, the switch must be configured with VLAN Tag to mark the Untagged packet coming from the end device.
In tagged VLAN, more than one VLAN can be configured in trunk port. While only switch port can be configured in access port.
Tagged and untagged packets can be good option for more complex network configurations. An ideal option for cases where it is necessary for packets from different networks to cross paths before passing to their correct route.
Thank you for reading VLAN Tagging vs Untagged vs Native in Networking (Explained). We should now conclude.
VLAN Tagging vs Untagged vs Native in Networking (Explained) Conclusion
It helps create logical segments on the same physical network. The benefits of this are that it reduces the amount of broadcast traffic. At the same time, increases the number of collision domains because there are fewer devices on each VLAN.
The best part about VLANs is it offers a higher degree of control over devices and restricts management access. Learn more about the different types of VLANs.
