The most surprising thing about 802.1Q VLAN tagging is that it doesn’t really add a new field to the Ethernet frame; it inserts a 4-byte tag between the source MAC address and the EtherType/Length field.
Let’s see it in action. Imagine a standard Ethernet frame without a VLAN tag:
+-----------------+-----------------+-----------------+---------------+----------------+
| Destination MAC | Source MAC | EtherType/Length| Data | CRC |
+-----------------+-----------------+-----------------+---------------+----------------+
Now, when we apply an 802.1Q VLAN tag, it’s inserted right here:
+-----------------+-----------------+-----------------+-----------------+---------------+----------------+
| Destination MAC | Source MAC | 802.1Q Tag | EtherType/Length| Data | CRC |
+-----------------+-----------------+-----------------+-----------------+---------------+----------------+
The 802.1Q tag itself is 4 bytes (32 bits) and has a specific structure:
- TPID (Tag Protocol Identifier): 2 bytes (16 bits). This field has a fixed value of
0x8100. This is crucial because it tells the receiving network device that this frame has a VLAN tag. Without this identifier, the device wouldn’t know to interpret the following bits as VLAN information. - TCI (Tag Control Information): 2 bytes (16 bits). This is where the actual VLAN information resides. It’s further broken down:
- PCP (Priority Code Point): 3 bits. This is used for Quality of Service (QoS) prioritization. A value of
000is lowest priority, and111is highest. This allows switches to prioritize certain types of traffic (like voice or video) over less time-sensitive data (like file transfers). - DEI (Drop Eligible Indicator): 1 bit. Previously known as the Canonical Format Indicator (CFI), this bit is used in congestion management. If a network is congested, frames with DEI set to
1are candidates for being dropped before frames with DEI set to0. - VLAN ID (VID): 12 bits. This is the core of VLAN tagging, allowing for up to 4096 VLANs (though 0 and 4095 are reserved, so typically 1 to 4094 are usable). This 12-bit field uniquely identifies which VLAN the frame belongs to.
- PCP (Priority Code Point): 3 bits. This is used for Quality of Service (QoS) prioritization. A value of
So, when a switch receives a frame with the EtherType 0x8100, it knows to parse the next 4 bytes as the 802.1Q tag. It then looks at the VLAN ID to decide which port(s) to forward the frame to. If the frame is destined for a port that’s part of the same VLAN, it’s forwarded. If it’s destined for a port in a different VLAN, it’s dropped (unless it’s a trunk port configured to carry that VLAN).
This mechanism allows a single physical network link to carry traffic for multiple, logically separated VLANs. When traffic leaves a switch on a trunk port, the 802.1Q tag is kept in the frame so that the next switch knows which VLAN the traffic belongs to. When traffic arrives at an access port (typically connected to an end device like a PC), the switch usually strips the VLAN tag before forwarding it to the end device, as most end devices don’t understand VLAN tags natively.
The EtherType field in the original Ethernet frame is crucial here. For untagged frames, this field indicates the protocol being carried (e.g., 0x0800 for IPv4, 0x86DD for IPv6). When the 802.1Q tag is inserted, the original EtherType/Length field is pushed back by 4 bytes, and the TPID 0x8100 takes its place. The original EtherType/Length information is preserved after the TCI.
The most common mistake people make is thinking that the 802.1Q tag replaces the EtherType field. It doesn’t. It’s inserted before it, and the TPID 0x8100 becomes the new EtherType value that the switch looks for to identify tagged frames. The original EtherType is then found 4 bytes further into the frame.
This ability to carry multiple VLANs over a single link is what enables network segmentation without needing separate physical cables for each logical network.
The next concept to explore is how these tagged frames traverse trunk links and how switches manage the allowed VLANs on those trunks.