By marking data packets in a particular way, the data traffic in a virtual LAN can be concealed from the other network participants and, if required, the traffic can be prioritized. This mechanism relies on the marking of the MAC frames with an additional "tag". The procedure is referred to as "frame tagging".
Frame tagging must be implemented so as to meet the following requirements:
- Data packets both with and without frame tagging must be able to exist in parallel on a physical LAN.
- Stations and switches on the LAN that do not support the VLAN technology need to ignore packets with frame tagging and treat them just like "normal" data packets.
Tagging is implemented by an additional field in the MAC frame. This field contains two pieces of information that are essential for the virtual LAN:
- VLAN-ID: The virtual LAN is distinguished by a unique number. This ID determines which logical (virtual) LAN the data packet belongs to. This 12-bit value allows up to 4094 different VLANs to be specified (the VLAN IDs 0 and 4095 are reserved or not permissible).
Note: Many devices use the VLAN ID 1 as the default VLAN ID. On an unconfigured device, all ports belong to this default VLAN. This assignment can be changed again during the configuration.
- Priority: The priority of a VLAN-tagged packet is set with a 3-bit value. 0 stands for the lowest priority and 7 for the highest. Data packets without a VLAN tag are handled with a priority of 0.
This additional field makes the MAC frames longer than is actually allowed. These oversized packets can only be correctly recognized and processed by VLAN-enabled stations and switches. For network users without VLAN support, frame tagging rather incidentally still results in the desired behavior:
- Switches that do not support VLAN simply forward these packets while ignoring the additional fields in the MAC frame.
- Stations that do not support VLAN are unable to recognize the packets' protocol and drop them silently.
