802.1Q Encapsulation Explained

Lessons Discussion
39

Hello Azm.

The order of operations will always be in the same order as the de-encapsulation that occurs when the switch receives the frame. Let’s go through the process assuming that the SVIs for VLAN 10 and VLAN 20 are both configured on Switch 1.

Host A sends a packet to Host B

  1. Host A encapsulates the packet at the Network layer (layer 3) with a destination IP address of 10.10.20.2.
  2. To encapsulate the Data link layer (layer 2), it has to find the destination MAC address. Because the destination IP address is in a different subnet, and because MAC addresses only have significance within the current subnet, Host A will place the MAC address of the local default gateway (which is the SVI on Switch 1) into the destination MAC address field. If Host A does not know this MAC address it will send an ARP request for the 10.10.10.1 address. The SVI of Switch 1 will respond with its MAC address.
  3. The frame is placed on the medium and sent to Switch 1
  4. The switch receives the frame, de-encapsulates it and determines the destination MAC address to be that of its VLAN 10 SVI. It continues to de-encapsulate and determines that the destination IP address is 10.10.20.2. It then looks at the routing table and sees that for the destination IP address, the packet should be sent out of the VLAN 20 SVI.
  5. To send it out of this SVI, the switch re-encapsulates the packet and has to populate the destination MAC field in the frame header. To do this, it looks in its ARP table and checks to see if the MAC address that corresponds with the destination IP address is there. (Notice that the destination IP address is now in the subnet of the VLAN 20 SVI.) If the address is there, then the MAC address is taken and placed in the frame. If not, an ARP request is sent out and Host B responds with its MAC address and that address is placed within the frame.
  6. Next, in order to determine which switch port the frame should be sent out, it looks up the destination MAC address learned in the previous step in the MAC address table. It should find that the Host B MAC address corresponds with the trunk port that connects to switch B. (if not it sends it out all the ports where VLAN 20 is allowed)
  7. When the frame exits this port, a VLAN tag is added to the frame header to indicate that this frame belongs to VLAN 20.
  8. When the frame enters the trunk port of Switch 2, the VLAN tag is removed.
  9. The frame is de-encapsulated and the destination MAC address is looked up in the MAC address table. The port where Host B is connected should show up as that corresponding to the destination MAC. (Note here that there is no additional de-encapsulation to layer 3 since no routing takes place for these VLANs at switch 2.)
  10. The frame exits the port where Host B is connected and reaches the host.
  11. The frame is de-encapsulated all the way up to layer 7 and used accordingly.

I believe that this step by step description will give you a better idea of the order of operations that occur when routing (layer 3 de-encapsulation) and when switching (layer 2 de-encapsulation).

I hope this has been helpful!

Laz

3 Likes