A VLAN tag is a piece of tag information added to the MAC frame header that is used in tagged VLANs (Virtual LANs). VLAN technology enables a single physical Layer 2 (L2) switch to be divided into multiple virtual L2 switches (L2 segments). By assigning VLAN identification numbers (VLAN IDs) to specific ports of the L2 switch, the devices connected to those ports can be identified as being part of particular VLANs (virtual L2 segments). This is known as "Port VLAN." In Port VLANs, it is common to connect a management terminal like a computer to the management port of the L2 switch and use terminal software to input commands for VLAN configuration.
However, with this setup, VLANs are restricted to configuration within a single physical switch. To use VLANs in larger networks spanning multiple physical switches, it is necessary to establish VLANs that extend across multiple switches. These switches must be capable of recognizing which VLAN a frame belongs to by communicating information in a specific format. Tagged VLANs provide this functionality.
L2 switches that support tagged VLANs can configure some ports as "tagged ports." Tagged ports are used to connect with other VLAN-compatible L2 switches. Frames sent from these ports are appended with VLAN tags. L2 switches receiving these frames use the information in the VLAN tags to determine which VLAN the frame belongs to and forward the frame to the appropriate ports.
The definition of VLAN tags is standardized under IEEE 802.1Q. A VLAN tag consists of 4 bytes, where the first 2 bytes indicate that the frame is an IEEE 802.1Q frame (represented as "0x8100" in hexadecimal), and the remaining 2 bytes contain information for VLAN identification, such as frame priority and a 12-bit VLAN ID.