I have few questions regarding the functioning of VLANs:
1) Do end hosts (e.g my laptop) would ever see a VLAN ID when it is connected to a trunked or Access port ?
2) As a follow-up to 1, in the normal VLAN setup do endhosts tag the packet or is tagging done by the switches only?
3) Finally, do access ports ever use VLAN tags or are the tags required only when sending traffic through trunked links. If access ports don't use VLAN tags then why how does it handles packets?
Thanks!
Best Answer
1) Yes, when it's connected to a trunk port, and no when it's connected to an access port. Access port is a "normal" port, so it's meant for untagged traffic to go through. Trunk port is for tagged traffic, and usually acts as an "uplink". It is also possible to send untagged data via trunk port, and it will be trated as "default vlan" data.
2) In a "normal" setup, the switches do the tagging. So the PC sends an untagged packet, and the switch adds the tag. But since you usually have the router connected to a trunk port, the router has to do the tagging too. But end-user pc's (connected to access ports) only use untagged traffic. Also some servers are connected to trunk ports, and send tagged packets (usually virtualization servers, or simmilar)
3) Access port is meant for end-devices. For example, you set the port to vlan100, and connect a pc. Computer sends a packet to the switch, and the switch knows the port is in vlan100, and tags the packet accordingly, and sends it where needed. When a packet is going to the pc, the switch knows it's an access port, and strips the vlan tag from the packet.