What's Trunk and IEEE 802.1Q

[guest]

The IEEE 802.1Q standard for VLAN tagging was created to simply allow you to take a physical network connection and transmit multiple streams of network traffic. Each stream is virtually isolated from each other so that a machine on VLAN1 and a machine on VLAN2 cannot see each other’s packets unless there is a router connected to both VLANs and is performing routing between the VLANs. This is referred to as “trunking”.

How do trunks work? There are basically two approaches, Static VLAN configuration and dynamic VLAN tagging. The first involves statically configuring the VLAN on physical network at the port level of a network switch. For example, switchport trunk allowed vlan 1,800. In this configuration, you assign the VLAN to the switch port and any traffic that flows through that port is tagged with the VLAN identification number (the VLAN ID). This approach prevents the device connected to the port from changing the VLAN ID value, but means that if the device moves from one port to another, that the new port must be properly configured for the correct VLAN. This approach prevents multiple devices connected to the port to be members of different VLANs.
The second approach involves the end device to dynamically assigning the VLAN ID before it transmits the packets. for example, switchport trunk encapsulation dot1q. In this approach the end device can easily be moved from one VLAN to another without requiring any modifications to the physical switch port. This requires the device to have complete knowledge of IEEE 802.1Q VLAN tagging. It needs to know how to tag, transmit a tagged packet, and how to open a packet that has been tagged.
Static VLAN configuration is more secure than dynamic VLAN tagging, because the network device cannot easily switch from one VLAN to another without moving switch ports which are usually behind a locked door.