Looking at a Frame
This is going to be a pretty short post because Layer 2 is actually pretty simple. For this post I don’t really want to get into any of the frame header information, I really just want to take a look at the IEEE 802.1Q “shim”. If you think back to your first few CCNA classes, you might remember your instructor mentioning that switches really only have two type of ports: access ports and trunk ports. Access ports have one VLAN (Virtual Local Area Network) per port, where trunk ports have the ability to carry many VLANs by placing an additional “tag” on the frame. Let’s take a quick look at that tag:
If you look at the bottom portion, specifically the “802.1Q Virtual LAN” portion. The main parts you want to pay attention to are the “Priority” field and the “ID” field. The priority field is the 802.1P bits, which is used for Layer 2 QoS marking. I explain here why I don’t generally use this, but your environment might be different. This is a three bit field, meaning your marking possibilities are 0-7.
The ID field is used for the VLAN ID, which is the VLAN a specific port is assigned to. As you can see above, this is a 12 bit field, which gives you 4096 different VLANs.
Like I said, Layer 2 is not particularly complicated, and trunk ports using the 802.1Q shim are not anymore difficult to understand. Anytime I’ve had to troubleshoot a trunk port, I’ve simply visualized the fields in the Wireshark capture and worked my way through all of the different possibilities about why something wouldn’t be working. More often than not, the issue is one side of a cable run is an access port and the other end is a trunk port. The trunk port is sending the 802.1Q shim, but the access port is not expecting to see that.