Terminology » Switching Routing » VLAN Tagging vs. Untagging: Key Differences Explained

VLAN Tagging vs. Untagging: Key Differences Explained

vlan tagging untagging network ethernet

This article delves into the differences between VLAN tagging and VLAN untagging. Configuring a port as “tagged” involves placing or inserting an 802.1q compliant tag into the Ethernet frame. The IEEE 802.1q standard defines the following specifications:

  • Supports VLANs on Ethernet.
  • Defines VLAN tagging used for Ethernet frames.
  • Maintains procedures used by switches and bridges to handle and manage 802.1q frames.
  • Maintains QoS priority schemes (separately defined in IEEE 802.1p).
  • Defines GARP (Generic Attribute Registration Protocol).

VLAN Ethernet Frame

The VLAN tag is a 32-bit field placed between the source MAC address and the Ethernet type/length fields. This process is known as VLAN tagging. Switches use the VLAN ID to determine which ports or interfaces to send broadcast packets to. Tagging doesn’t change the minimum frame size (remains 64 bytes), but the maximum frame size increases from 1518 bytes to 1522 bytes. The VLAN tag is 4 bytes (or octets) and contains the TPID and TCI fields, as described below:

VLAN Tag FieldDescription
TPIDTag Protocol Identifier (2 bytes)
TCITag Control Information (2 bytes). Contains: PCP (Priority Code Point, 3 bits); DEI (Drop Eligible Indicator, 1 bit); VID (VLAN Identifier, 12 bits)

The VLAN Identifier specifies which VLAN a frame belongs to. The values 0x000 and 0xFFF are reserved, leaving 4094 VLAN IDs available.

VLAN operation

Unlike standard switches where subnets are hardwired to physical connections, ports are grouped and configured into different VLANs. The diagram above illustrates a switch configured for four different VLANs. This enables the configuration of multiple virtual switches on a single Ethernet switch. As a result, clients can be organized logically instead of being restricted to a subnet per physical switch. Consider VLAN-1 as a collection of hosts configured as a similar group of ports on the Ethernet switch, all sharing the same VLAN ID.

VLANs are crucial for managing increased network traffic. Moving a port from one VLAN port group to another is straightforward, requiring only a simple software command instead of physical reconnection.

VLAN Tagging and VLAN Untagging

VLAN tagging vs VLAN untagging

As mentioned earlier, the process of inserting tags in VLAN is known as VLAN tagging. Conversely, the process of removing tags in VLAN is known as VLAN untagging. The above diagram depicts a typical VLAN network featuring VLAN switches, VLAN-10, VLAN-20, hosts, and servers. Hosts are configured with VLAN-10, while servers are configured with VLAN-20.

In the example above, one switch has ports 1 to 10 configured as VLAN10, while the other switch has ports 11 to 22 configured as VLAN20. The goal is to have PCs on VLAN10 and Servers on VLAN20. Therefore, inter-switch links need to be tagged, while hosts and servers need to be untagged. Packets moving between switches are tagged so that the next switch in line knows the destination VLAN of the packet.

The following commands configure interface or port 24 to both VLANs on switch-1 and switch-2:


VLAN10 tag port 24
VLAN20 tag port 24

When a packet is forwarded between switches, the forwarding switch determines the VLAN to which the packet belongs and inserts the appropriate VLAN ID into the packet header. When a packet with a VLAN tag is received at a switch:

  • If the VLAN ID of the packet is the same as the native VLAN ID of the port on which the packet is being forwarded, the tag is removed before the packet is forwarded.
  • If the VLAN ID does not match, the packet is forwarded out of the interface, keeping the VLAN ID or VLAN tag unchanged.