2.4. Working with Tagged Traffic

Note

The article doesn’t cover all possible ways to configure VLAN interfaces for all distributives. In case you didn’t find the appropriate way, please consult your distributive’s documentation.

The Object of Tagged Traffic

VLAN stands for Virtual Local Area Network, which connects a group of devices that can communicate directly at the channel level, even though they are connected to different network switches. VLAN offers a wide range of features and capabilities:

  • Using a single physical channel to transmit multiple networks.

  • Logical division of the switch into multiple networks that do not communicate with each other.

  • Flexible grouping of devices.

  • Reducing the amount of broadcast traffic on the network.

Switch ports that support VLAN networks can be divided into two groups:

  1. Trunk ports

  2. Access ports

Trunk ports are designed to carry traffic for multiple VLANs through a single switch port. As a result, trunk ports can receive data from some VLANs to a specific port. To receive data, the device should have hardware or software VLAN support.

An access port receives the traffic of only one VLAN, but this data does not contain any tags. In other words, the port is used to connect the end device that doesn’t need the presence of the VLAN.

Tagged traffic contains a tag that allows the traffic to be associated with the specific VLAN. Without a tag, the switch cannot define traffic of different VLAN connections. The most popular way of representing tags is described in the open standard IEEE 802.1Q.

../_images/Tag802_ru.png

How Boro Works With Tagged Traffic

Boro is not capable of working directly with tagged traffic, so you will need to configure the OS network subsystem to receive VLAN data. To do this, create a virtual network adapter to which the probe will then connect to receive data. Select a required interface when starting a task.

Note that the probe can receive data from the trunk port in Sniffing mode without creating a virtual adapter. However, multicast packets should be present on the port when sniffing, as the probe cannot send the IGMP join request.

Configuring VLAN interfaces

Linux support

For the Linux operating system, VLAN support is implemented in most distributives. The most common configuration methods are described below:

  • Ubuntu 20.04 - nmcli
  • Rocky 8 - nmtui
  • Ubuntu - Network Manager

Configuring VLAN interfaces from the command line.

To create a VLAN connection named “test” based on the physical interface enp2s0 with the VLAN interface name “enp2s0.203” and ID 203, you should run the following command in the terminal:

nmcli con add type vlan con-name test ifname enp2s0.203 dev enp2s0 id 203
../_images/creatingVlanConnection.png
nmcli con - creating connection,
add type vlan - creating a VLAN connection,
con-name - a name for the created interface,
ifname - a VLAN interface name,
dev enp2s0 - a parent interface name,
id 203 - VLAN id

The response should include a connection name:

../_images/receivedConectionName.png

Check with the ip a command that the created VLAN has received an IP address:

../_images/checkingRecievedIP.png

Windows support

Windows Desktop operating systems don’t fully support VLAN technology. However, some adapters have hardware support for virtualization. In such cases, vendors recommend the use of special utilities. Review your adapter driver vendor’s documentation.

The Windows Server OS has native VLAN support, more detailed information can be found in the article How to Configure Multiple VLANs on Windows Server 2022/2019/2016 (external source).