📖 What is 802.1Q (VLAN Tagging)?
802.1Q is the industry-standard protocol for VLAN tagging on an Ethernet network. It inserts a tag into the Ethernet frame header to identify which VLAN the traffic belongs to, allowing multiple VLANs to share a single physical link, known as a trunk.
"Be careful with the term 'Native VLAN.' Traffic on the native VLAN is sent untagged across the trunk link by default."
📚 Certification: CompTIA Network+ Certification Exam (N10-009)
🔑 What are the Key Concepts of 802.1Q (VLAN Tagging)?
- ▸ The 802.1Q protocol adds a 4-byte tag to the Ethernet frame header, containing a VLAN ID to identify the specific broadcast domain for that traffic.
- ▸ Trunking allows a single physical link to carry traffic for multiple VLANs, significantly reducing the cabling required between switches in a corporate network.
- ▸ The Native VLAN is a unique configuration where frames belonging to that specific ID are sent across a trunk link without any 802.1Q tag.
- ▸ VLAN IDs are 12-bit fields, allowing for a range of 1 to 4094 usable VLANs, providing extensive scalability for logical network segmentation.
- ▸ Access ports are used for end-devices and strip the 802.1Q tag before delivery, while trunk ports maintain tags for switch-to-switch communication.
🎯 How does 802.1Q (VLAN Tagging) appear on the N10-009 Exam?
You may be asked to identify the correct port configuration when connecting two switches that must pass traffic for multiple different departments over a single physical link.
A scenario might describe a 'Native VLAN mismatch' error between two switches, requiring you to ensure both ends of the trunk link are configured with the same untagged VLAN ID.
Expect questions where you must analyze a packet capture and identify 802.1Q as the protocol when an extra 4-byte field is present in the Ethernet header.
❓ Frequently Asked Questions
What is the primary difference between an access port and a trunk port regarding 802.1Q?
Access ports belong to one VLAN and strip tags before sending data to end-devices. Trunk ports use 802.1Q to carry multiple VLANs, keeping tags intact so the receiving switch knows where to route the traffic.
Why is it a security risk to leave the native VLAN as the default VLAN 1?
Using the default native VLAN can make a network susceptible to 'VLAN hopping' attacks. Security best practices recommend changing the native VLAN to an unused ID and ensuring it matches on both ends of the trunk.