802.1ad is a protocol for carrying VLAN traffic on an Ethernet. It is based upon 802.1Q, but allows for VLANs to be nested by adding two tags to each frame instead of one (a technique commonly known as VLAN stacking or QinQ). This is useful when a network service provider and users of that service both wish to use VLANs. It also makes it possible to have more than the 4094 separate VLANs allowed by 802.1Q.
There are three ways in which a machine can be connected to a network carrying double-tagged 802.1ad traffic:
- via an untagged port, where both inner and outer VLANs are handled by the switch or switches (so the attached machine sees ordinary Ethernet frames);
- via a single-tagged (tunnel) port, where the outer VLAN only is handled by the switch (so the attached machine sees single-tagged 802.1Q VLAN frames); or
- via a double-tagged (trunk) port, where both inner and outer VLANs are handled by the attached machine (which sees double-tagged 802.1ad VLAN frames).
The advantage of a trunk or tunnel port is that it allows multiple VLANs to be carried by a single physical bearer. The disadvantage is that the machine in question must support the relevant VLAN protocol and be configured to use it. Typical practice is to use a tunnel or trunk for machines that need to talk to multiple VLANs and untagged ports for everything else.
VLANs are numbered from 1 to 4094 inclusive (the values 0 and 4095 are reserved). Some manufacturers (including Cisco) additionally recommend that VLAN 1 be reserved for management purposes. When VLANs are nested using 802.1ad, the outer VLAN is known as the Service VLAN (S-VLAN) and the inner one the customer VLAN (C-VLAN). Physically, the S-VLAN tag appears first in the Ethernet frame and the C-VLAN tag second.
A standard implementation of 802.1ad uses EtherTypes of 0x8100 and 0x88a8 for the inner and outer VLANs respectively, however there are extant pre-standard QinQ implementations which use a different EtherType for the outer VLAN. Common choices are 0x8100 (the same as the inner VLAN) and 0x9100 (with the option of using 0x9200 if triple tagging is needed).