contact@embeddedgeeks.com
Embedded World

IEEE 802.1Q & ISL

IEEE 802.1Q is one of the VLAN tagging protocols supported by Cisco switches. This standard was created by the Institute of Electrical and Electronics Engineers (IEEE), so it an open standard and can be used on non-Cisco switches.

To identify to which VLAN a frame belongs to, a field is inserted into the frame’s header.

Original frame:

normal frame


802.1Q frame:

802.1Q frame

An example will attempt to clarify the concept. Let’s say that we have a network of 2 switches and 4 hosts. Hosts A and host D are in VLAN 2, while hosts B and C are in VLAN 3.


On the segment between two switches, a process called VLAN trunking is used. Let’s say that host A sends a broadcast frame. SW1 “tags” the frame by inserting the VLAN ID in the header of the frame before sending the frame to SW2. SW2 receives the frame and knows that the frame belongs to VLAN 3, so it sends the frame only to host D, since that host is in VLAN 3.

Inter-Switch Link (ISL)

Another VLAN tagging protocol is Inter-Switch Link (ISL). This protocol is Cisco proprietary, which means that, unlike 802.1Q, it can be used only between Cisco switches. It is considered to be deprecated, and newer Cisco switches don’t even support it.

ISL works by encapsulating a frame in an ISL header and trailer. The encapsulated frame remains unchanged. The VLAN ID is included in the ISL header.

Original frame:

normal frame

ISL frame:

ISL frame

Configuring voice VLANs

Most corporate networks today use IP telephony. This means that the phones are connect to the same network and use the same cabling as other network devices, such as workstations or routers. Since offices usually have only a single UTP cable to each desk, most of the IP phones today include a small switch that enable you to connect your PC to the phone sitting on the desk, and then connect the phone to the local network.

Consider the backside of an IP telephone Yealink T21:

Yealink T21 backside

As you can see from the picture, this phone has two UTP ports. One port is connected to the local network, while the other port can be connected to the PC.

The port on the phone connected to the switch can carry both data and voice traffic. To enable this, we need to define two VLANs on the switch port – data VLAN and voice VLAN. Here is how we can do that:

SW1(config)#vlan 5
SW1(config)#vlan 20
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5
SW1(config-if)#switchport voice vlan 20

We’ve created two VLANs – VLAN 5 that will be used for data sent by the PC and VLAN 20 for IP phone’s voice traffic. We’ve then placed the port into both VLANs. The keyword voice indicates that the VLAN 20 will be a voice VLAN.

To verify that the interface indeed carries data from both VLANs, we can use the show interfaces Fa0/1 switchport command:

Switch#show interfaces fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 5 (VLAN0005)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 20
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
...

The lines Access Mode VLAN: 5 (VLAN0005) and Voice VLAN: 20 indicate that the interface is indeed carrying traffic from both VLANs.NOTE
Some IP phones can be automatically configured with appropriate VLANs using protocols such as LLDP or CDP. However, on some models you will need to manually configure data and voice VLANs on the phone using its web interface.

Configuring allowed VLANs

By default, all VLANs are allowed across a trunk link on a Cisco switch. We can verify that using the show interfaces trunk command:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,5,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1,5,10

In the output above you can see that all VLANs (1 through 1005) are allowed on the trunk by default.

We can prevent traffic from certain VLANs from traversing a trunk link using the following interface mode command:

(config-if)#switchport trunk allowed vlan {add | all | except | remove} vlan-list

For example, to prevent traffic from VLAN 5 to traverse the trunk link, we would use the following command:

SW1(config)#int fa0/1
SW1(config-if)#switchport trunk allowed vlan remove 5

The same command needs to be entered on the switch on the other end of the link.

To verify that the traffic from VLAN 5 will indeed be blocked from traversing a trunked link, we can enter the show interfaces trunk command again:

SW1#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       1-4,6-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,10

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

Notice how now only VLANs 1-4 and 6-1005 are allowed on trunk.NOTE
You can use the switchport trunk allowed vlan all interface mode command to reset the switch port to its original default setting (permitting all VLANs on the trunk).

situs toto https://itasoft.co.id/blog/ https://toto.ibufoundation.or.id/ toto slot toto togel situs toto situs toto toto slot toto togel https://www.kimiafarmabali.com/
situs toto situs toto