Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kush_Patel
Staff
Staff

Created on ‎09-17-2023 07:53 PM Edited on ‎09-19-2023 09:22 PM By Community Manager

Article Id 273939

Technical Tip: Understanding the Difference Between VLAN Protocols 802.1Q and 802.1AD (QinQ)

Description

This article describes that when configuring VLAN interfaces on FortiGate, it is possible to encounter two common VLAN protocols: 802.1Q and 802.1AD, also known as QinQ (Double VLAN and clarifies the differences between these VLAN protocols and how they are configured on FortiGate devices.
Scope FortiGate.
Solution

vlan.PNG

 

VLAN Protocol 802.1Q:

802.1Q is the most widely used VLAN tagging protocol. It allows the insertion of a 4-byte VLAN tag (or VLAN header) within the Ethernet frame.

The VLAN tag consists of a 12-bit VLAN ID (VID), which can represent up to 4096 unique VLANs. (Maximum value is 4094).

 

Key Characteristics:

  • Tagging Method: 802.1Q tags are added to Ethernet frames to identify VLAN membership.
  • Configuration: VLAN IDs are configured directly on network interfaces or sub-interfaces.

 

Use Cases:

  • 802.1Q VLANs are commonly used to segment and isolate traffic in local area networks (LANs).
  • They are ideal for organizing network traffic within an enterprise network, separating departments, or creating isolated guest networks.

 

VLAN Protocol 802.1AD (QinQ):

802.1AD, commonly referred to as QinQ or Double VLAN tagging, extends the capabilities of 802.1Q. It allows the nesting of VLAN tags within another VLAN tag. QinQ effectively creates a 'VLAN within a VLAN', allowing for more extensive network segmentation. Supports a large number of VLANs due to nesting.

The outer VLAN tag and inner VLAN tag each have their VLAN IDs.

 

Key Characteristics:

  • Tagging Method: QinQ adds an additional 4-byte VLAN tag, creating a nested structure.
  • Configuration: QinQ requires the configuration of two sets of VLAN IDs: one for the outer VLAN and another for the inner VLAN.

 

Use Cases:

  • QinQ is primarily used by service providers to offer Layer 2 services to multiple customers over a shared network infrastructure. It is also useful in scenarios
  • where complex VLAN segmentation is required, such as in large-scale carrier networks.

 

Configuring VLAN Interfaces on FortiGate:

  • When configuring VLAN interfaces on a FortiGate, it is possible to choose between 802.1Q and 802.1AD based on the specific networking requirements.
  • FortiGate supports both VLAN protocols, allowing to create VLAN interfaces as needed for the network segmentation and isolation needs.

Related Article:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-802-1ad-QinQ-real-world-scenario/ta-p/2498...
13343
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.