Interpreting L2 Ethernet ports and link types with experience

Interpreting L2 Ethernet ports and link types with experience

L2 Ethernet port

Vswitches include Access, Trunk, Hybrid, and QinQ layer-2 Ethernet ports. In this section, the Ethernet ports of the first three L2 switches can be added to a specific VLAN Based on the port VLAN division method. However, only the Hybrid ports can be added to all other VLAN division methods. The QinQ port is only used to support the QinQ protocol and cannot be used for VLAN division.

1. layer-2 Ethernet port type

The following describes the basic features and data frame sending and sending rules of the Access, Trunk, Hybrid, and QinQ ports of the vswitch.

● Access Port

The Access port is primarily used to connect to the user's host's L2 Ethernet port. It has a major feature: only allows frame passing through a VLAN, which in turn means that the Access port can only be added to one VLAN, the Ethernet frame sent from the Access port is always Untagged (without tags.

● Trunk Port

The Trunk port is a layer-2 Ethernet port used to connect to other switches. Its main feature is to allow frames of multiple VLANs to pass through, and the Ethernet frames sent are all tagged, except for the vlan id and PVID (Port Default vlan id, the default vlan id of the port.

● Hybrid Port

The Hybrid port is a mixture of the above Access port and Trunk port. It has common characteristics and is a special layer-2 Ethernet port. Because of this, the Hybrid port can connect both the user host and other switches and router devices. At the same time, the Hybrid port allows one or more VLAN frames to pass through, and you can choose to send data frames with or without tags.

● QinQ Port

The QinQ port is a layer-2 Ethernet port dedicated to the QinQ protocol. It can add a two-layer VLAN tag to the data frame, that is, add a new tag to the frame based on the original tag, so as to support up to 4094 × 4094 VLANs, this satisfies the needs of enterprise user networks for a higher number of VLANs. S1700 and S2700SI do not support QinQ ports.

Experience: although theoretically speaking, the link between a vswitch and a vro can also be of the Access type, the actual networking application is usually of the tag type, it can be a Trunk type or a tagged Hybird type. On the one hand, communication between different network devices usually involves communication between multiple VLANs, while Access ports only allow data passing through one VLAN. On the other hand, the Access type and the non-tagged Hybrid type do not contain tags when sending data. As a result, after the peer device interface receives data from any VLAN of the local device, It tags the VLAN corresponding to the PVID of the interface and is mistakenly forwarded to the VLAN, this obviously does not meet the actual needs, resulting in failure to communicate normally.

In addition, the ports connected to users' PCs, server hosts, or silly L2 switches can only be Access or unlabeled Hybrid, because these devices cannot recognize data frames with VLAN tags, these two types of ports do not contain VLAN tags when sending data. All devices connected to the second-layer switch will be added to a VLAN added to the peer switch port.

2. default VLAN for L2 Ethernet ports

You can configure a default VLAN for the Access, Trunk, and Hybrid L2 Ethernet ports. The corresponding vlan id is PVID. However, the default VLAN has different meanings for different port types. The default vlan of the Aceess port is the VLAN added to the Access port, because the Aceess port can only be added to one VLAN. However, the default VLANs of the Trunk and Hybrid ports must be specified through command configuration, because they are equivalent to adding multiple VLANs and the default VLAN is vlan1. The specific configuration methods for the default VLAN will be reflected in the Trunk and Hybrid port configurations later in this chapter.

3. Two-layer Ethernet port data receiving and receiving rules

The preceding Access, Trunk, and Hybrid layer-2 Ethernet ports have different rules for frame processing when receiving and sending data frames. These rules directly affect the success or failure of data communication and must be remembered. See table 6-2.

Experience: The data frame "receive" here refers to the data frame sent from the peer device by the switch port, rather than the data frame sent from another port inside the switch, because the data frames transmitted inside the vswitch carry VLAN tags, no matter which port of the vswitch sends data frames. Similarly, the data frame "send" refers to sending data frames from the switch port to the peer device, rather than sending data frames from one port of the local switch to another port. Pay special attention to this. Otherwise, it is difficult to understand the data receiving and sending rules of these ports.

Table data frame processing rules for L2 Ethernet ports

Experience] One of the most controversial issues here is whether the switch tags the frames when they reach the Access port. Many think that since the frames sent by the Access port are not tagged by VLAN, it is meaningless to label the Access port in the frame, in this case, the Access port is not labeled in the frame. This is actually wrong.

Although the Access port does not contain VLAN tags when sending data to the peer device, a forwarding process is required after the data is sent to the switch, in the internal transmission of a switch, all data is labeled with VLAN (of course, the switch must support VLAN). In addition, in many cases, data is not directly forwarded to the target node, instead, you need to perform some processing on the switch (such as VLAN-Based Policy Routing, VLAN-based ACL, etc.), or manage port images, etc, all of these users need to identify the VLAN from which the data comes from. After all, so many ports of a switch can be divided into different VLANs.

L2 ingress Link

The links formed by the Access, Trunk, and Hybrid Ethernet ports described in the previous section can be classified into two types: Access Link and Trunk Link ). They are divided based on the number of VLAN data frames allowed in the link.

L Access Link: This is the Link that the switch directly connects to the user host. Generally, the host does not need to know which VLAN it belongs to. host hardware usually cannot recognize frames with VLAN tags. Therefore, the data frames sent and received by the host through the access link are Untagged frames. However, you must note that the Access link does not only allow data frames from one VLAN to pass through, but only the Access port link allows data frames from one VLAN to pass through, data frames (without tags) from multiple VLANs are also allowed on the Hybrid port link connecting to the user host.

L Trunk Link (Trunk Link): This is used for the interconnection between switches or the connection between switches and routers. The trunk link can carry multiple different VLAN data. When data frames are transmitted over the trunk link, the devices at both ends of the trunk link must be able to identify which VLAN the data frame belongs, therefore, Tagged frames are transmitted on the trunk link, except for the VLAN frames of the PVID of The Link (VLAN1 by default ).

Figure 6-6 shows the above two link types and the frame types transmitted (frame with Tag and Untagged frame). It can be found that the links between switch devices belong to the trunk link, A frame with a Tag is transmitted. The access link or trunk link between the switch and the host device depends on the port type of the switch connected to the host, however, all Untagged frames are transmitted.

Two link types and transmission frame types

Note: After a frame is received, the switch receives and sends data based on the corresponding port type. If the frame needs to be forwarded through another switch, the frame must be transmitted to the peer switching device through the trunk link Reuters. To ensure that other switching devices can correctly process VLAN information in frames, VLAN tags must be applied to all frames transmitted on the trunk link.

After the switch finally determines the frame exit port, it needs to delete the VLAN label from the frame before sending the frame to the host. In this way, all frames received by the host are Ethernet frames without VLAN tags, only in this way can the host be identified. Therefore, generally, the trunk links transmit frames with VLAN tags, and the access links upload frames without VLAN tags. The advantage of this solution is that the VLAN information configured in the network can be correctly processed by all switching devices, and the host does not need to know VLAN information.