Forum Discussion
CirrusVLAN ID and tag
Hi Anyone can make it clear the concept with relation between VLAN ID and its tag in f5. In Cisco switch, vlan id is vlan number, such as vlan 10, vlan 20, vlan 30 etc. And tag is used when two switches are connected with trunk. Once vlan message pass through trunk port and go into the switch the tag not exist. So in f5, the VLAN ID is like vlan number such as vlan 10, vlan 20 etc, can we say it like that? Thank you
27 Replies
HarshaPotharajuNimbostratus
In F5, Trunk means Ether channel in switch. When you are setting up a new F5, add all existing interfaces into trunk and then go to VLAN section and add switch VLAN number as 'tag' in F5. For example: If 2.1 interface is in swtich VLAN20, add '20' as tag in F5.
Then add 'Trunk' as an interface in the VLAN section as untagged.
Thanks,
Harsha Potharaju.
eesun_276598Thank you for your reply. In f5, the VLAN ID is vlan number such as vlan 10, vlan 20 etc, can we say it like that?
Harsha_PotharajWhere do you see VLAN ID in F5?
- eesun_276598
I see vlan id is mentioned in F5 document
Gonzalex_330537Cirrostratus
Vlan ID and VLAN tag are the same thing - not only in F5 but across all vendors. This is a networking concept not bound to a specific vendor.
On the F5, when you configure a VLAN, there is a field where you specify the Tag - that's an integer and it's exactly the same as the VLAN ID.
I hope this answers your question.
- eesun_276598
So, when we configure vlan, we could have two choices, one is tagged and other is untagged interface. For example, the tag is 10, then we put it under untagged interface 1.1, the tag 10 means vlan10 will be created, but why we have choice to put it under untagged interface? That would remove tag 10? or if so, what that means after removing tag10? Thank you
- Gonzalex_330537
Basically, strictly within the networking concept itself, you can have trunk interfaces (tagged ports) and access ports (untagged ports).
When you specify a tag of X, vlan X is created. What dictates further the choice of tagged vs untagged is the device and configuration at the other end of the link.
So you could then have two cases:
a) The port is tagged - meaning, it is a trunk port. Furthermore, it accepts incoming tagged frames and tags frames before sending them out. You setup a trunk port if your F5 connects to another trunk port - normally on another switch. In this configuration you are basically aggregating traffic from all vlans, on a single port.
b) The ports is untagged - in this case, you are configuring an access port in vlan X - simple as that. You could have more than one port in the same VLAN - think of it as a switch with more than one port in the same vlan ... so hosts connected to those two ports can communicate directly as they will be in the same broadcast domain. Unlike with trunk ports, here you are segregating the traffic into multiple vlans.
- eesun_276598
I agree on this comment. but in your first comment, you mentioned " Vlan ID and VLAN tag are the same thing - not only in F5 but across all vendors. This is a networking concept not bound to a specific vendor". "tag" should be concept regarding trunk port. Only when frame enter trunk port, the tag will be added to the frame. While VLAN ID is vlan mark, which identify different vlan. How can you say the two are the same things? Can you explain? Thank you
PK_Bhatia_13533It is due to 802.1Q tagging also called Dot1q tagging. It is required to tag the VLANs in hardware f5 but not in VE. Try searching for 802.1q.
- eesun_276598
You are right. In VE, when configuring vlan as untagged, the vlan interface can work well, but if it configured as tagged, it cannot work(no connection). Can you tell why? Thanks
- PK_Bhatia_13533
Because you are already assigning VLAN to the network interface you assign to VE f5. I think VMWare workstation support it if you assign interface with VLAN 4096 (cisco), not sure about other virtualization vendors.
- eesun_276598
Right, but if configuring it as tagged in F5, why it cannot have connection? Can I say it is becuase VMWare workstation interface is not trunk? Thank you
PK_BhatiaIt is due to 802.1Q tagging also called Dot1q tagging. It is required to tag the VLANs in hardware f5 but not in VE. Try searching for 802.1q.
- eesun_276598
You are right. In VE, when configuring vlan as untagged, the vlan interface can work well, but if it configured as tagged, it cannot work(no connection). Can you tell why? Thanks
- PK_Bhatia
Because you are already assigning VLAN to the network interface you assign to VE f5. I think VMWare workstation support it if you assign interface with VLAN 4096 (cisco), not sure about other virtualization vendors.
- eesun_276598
Right, but if configuring it as tagged in F5, why it cannot have connection? Can I say it is becuase VMWare workstation interface is not trunk? Thank you
- Hannes_Rapp
I see others already did a pretty good job at explaining this (upvotes given as credit). I'll just summarize bits and pieces into one answer and elaborate.
As you seem familiar with Catalyst NS, I'll use this as point of reference. In Catalyst switches, your default VLAN is VLAN 1 which is also the default
. In a dot1q Ethernet link, just one VLAN can be untagged, otherwise the switch that receives a frame wouldn't be able to tell to which VLAN the received frame belongs to. So in case of Cisco Catalyst switches, all VLAN 1 traffic is untagged by default for any dot1q links you create. It's also a common security practice to change native VLAN to something other than VLAN 1.Native VLANIn a Catalyst NS, you can change your native (aka untagged) VLAN with
command (if-config). So if you type inswitchport trunk native vlan
, your VLAN10 traffic on that dot1q link would become untagged, and VLAN 1 traffic would become tagged as a result. In case of BigIP LTM, moving VLAN 10 to untagged is the exact same thing.switchport trunk native vlan 10
isUntagged VLAN
.Native VLANAs you are familiarizing yourself with BigIP L2 terminology, keep in mind that F5 has a tendency to vandalize commonly accepted networking terminology. I.e., "Trunk" term here means something completely different. It is used to describe
(known as EtherChannel in Cisco world).Link Aggregation
Stanislas_Piro2Cumulonimbus
As you are familiarizing yourself with BigIP L2 terminology, keep in mind that F5 has a tendency to vandalize commonly accepted networking terminology.
I should replace commonly accepted with Cisco
When searching over Internet the definition of Trunk in networking terminology, I found several articles with this kind of explanation (this one is from wikipedia):
In computer networking, port trunking is the use of multiple concurrent network connections to aggregate the link speed of each participating port and cable, also called link aggregation. Such high-bandwidth link groups may be used to interconnect switches or to connect high-performance servers to a network.
Cisco made some weird choices all other vendors can disallow...
How many times I heard some network engineers talking about Source NAT and calling it PAT!!!
Why Cisco named source NAT with the name of the workaround?- Hannes_Rapp
Hahah
The way I see it, F5 would ideally use "Port Aggregation" or "Link Aggregation" for absolute clarity. Or by minimum, "Port Trunk" over "Trunk". "Trunk" word alone is vandalized so much in networking that it's stripped of any meaning. Another word must at all times stand next to it. Cisco is so big that if they are first to vandalize a term, the vandalized variant almost always becomes the new norm. Possibly thats why when talking about "Trunk", the first thing that comes to a network guy's mind is the Cisco's VTP protocol and VLAN trunking. As you pointed out, "Port trunking" is also a real deal. Not a completely made up thing, but also no longer the winning candidate for it's shorter abbreviation "trunk".
If we add another vendor to mix, CheckPoint, things get really exciting! They use term "bond" which stands for an aggregated link and "bonding" which stands for link aggregation. Complete mess! Maybe the network tech guys will one day come to senses and stop inventing new terms for link aggregation. As the saying goes, a good kid has many names but this is being taken too far!
- Hannes_Rapp_162
Nacreous
I see others already did a pretty good job at explaining this (upvotes given as credit). I'll just summarize bits and pieces into one answer and elaborate.
As you seem familiar with Catalyst NS, I'll use this as point of reference. In Catalyst switches, your default VLAN is VLAN 1 which is also the default
. In a dot1q Ethernet link, just one VLAN can be untagged, otherwise the switch that receives a frame wouldn't be able to tell to which VLAN the received frame belongs to. So in case of Cisco Catalyst switches, all VLAN 1 traffic is untagged by default for any dot1q links you create. It's also a common security practice to change native VLAN to something other than VLAN 1.Native VLANIn a Catalyst NS, you can change your native (aka untagged) VLAN with
command (if-config). So if you type inswitchport trunk native vlan
, your VLAN10 traffic on that dot1q link would become untagged, and VLAN 1 traffic would become tagged as a result. In case of BigIP LTM, moving VLAN 10 to untagged is the exact same thing.switchport trunk native vlan 10
isUntagged VLAN
.Native VLANAs you are familiarizing yourself with BigIP L2 terminology, keep in mind that F5 has a tendency to vandalize commonly accepted networking terminology. I.e., "Trunk" term here means something completely different. It is used to describe
(known as EtherChannel in Cisco world).Link Aggregation- Stanislas_Piro2
As you are familiarizing yourself with BigIP L2 terminology, keep in mind that F5 has a tendency to vandalize commonly accepted networking terminology.
I should replace commonly accepted with Cisco
When searching over Internet the definition of Trunk in networking terminology, I found several articles with this kind of explanation (this one is from wikipedia):
In computer networking, port trunking is the use of multiple concurrent network connections to aggregate the link speed of each participating port and cable, also called link aggregation. Such high-bandwidth link groups may be used to interconnect switches or to connect high-performance servers to a network.
Cisco made some weird choices all other vendors can disallow...
How many times I heard some network engineers talking about Source NAT and calling it PAT!!!
Why Cisco named source NAT with the name of the workaround? - Hannes_Rapp_162
Hahah
The way I see it, F5 would ideally use "Port Aggregation" or "Link Aggregation" for absolute clarity. Or by minimum, "Port Trunk" over "Trunk". "Trunk" word alone is vandalized so much in networking that it's stripped of any meaning. Another word must at all times stand next to it. Cisco is so big that if they are first to vandalize a term, the vandalized variant almost always becomes the new norm. Possibly thats why when talking about "Trunk", the first thing that comes to a network guy's mind is the Cisco's VTP protocol and VLAN trunking. As you pointed out, "Port trunking" is also a real deal. Not a completely made up thing, but also no longer the winning candidate for it's shorter abbreviation "trunk".
If we add another vendor to mix, CheckPoint, things get really exciting! They use term "bond" which stands for an aggregated link and "bonding" which stands for link aggregation. Complete mess! Maybe the network tech guys will one day come to senses and stop inventing new terms for link aggregation. As the saying goes, a good kid has many names but this is being taken too far!
- Lee_Sutcliffe
The concept is the same. F5 uses the same 802.1q tag in the Ethernet frame. What is different is the nomalacture. A trunk in Cisco is a connection allowing many VLANS. A Trunk in F5 is an Etherchannel. So to configure muliple VLANS on an interface on F5, you have by default configured a Cisco trunk.
