Vlan

Virtual LAN (VLAN)
What is VLAN?
VLANs logically (software) divide the LAN into separate subgroups - broadcast domains. VLAN groups relate users regardless of the physical LAN segment to which the hosts are attached . The logical networks may (but not must) correspond to subnets. Allows traffic to flow more efficiently within populations of mutual interest. VLANs allow broadcast domains to be defined without using routers. Routers are needed for communication between the different VLANs.
.1996-2004 NETGEAR . All rights reserved
Switch with VLANs
VLAN A
VLAN B VLAN C
3
VLAN; Multiple Switches

VLAN Trunk
Switch
#1
Switch
#2
VLA1- N
VLAN-2
VLA1- N
VLAN-2
VLANs;
Multiple VLANs On One Device - One Armed Router
C,D A,B,C
A,B,C, D
Switch
Router
VLAN A VLAN B
VLAN D VLAN C
5
Benefits of VLANs
Improves network performance Reduces the number of routers needed Flexible network segmentation (virtual workgroups) Simplified administration Enhanced network security Reduces network solution cost Better use of server resources
VLAN Solution
Marketing Engineering Administration
Types of VLANs
Membership by 802.1Q tag Membership by port Membership by MAC address Membershipbyprotocol(IP,IPX) Membership by subnet Membership by application or service (telnet, FTP..)
VLAN - Propriety
VLAN multi switch solutions were propriety and vendor based: Cisco: ISL Bay : Lattisspan 3Com: VLT Cabletron: SecureFast
ProprietyVLANareadisadvantagefornetworksthatdont wish to be vendor dependant.

The IEEE 802.1Q standardized VLANs.
Types Of Devices on VLAN
VLAN aware devices

Understands VLAN membership (which user belongs to which VLAN) and format.
Making forwarding decisions based on VLAN
association and not only on destination address Adding (and removing) explicit VLAN identification (tagging) to frames (tag aware)
VLAN unaware devices

Usually unmanaged devices
Does not Understand VLAN membership & format.
10
VLANs;
Frames Sent by Aware\Unaware Devices
Types of Devices
Types of Frames
VLAN unaware device
All connected devices
Untagged frames (implicit)
VLAN aware device
Other VLAN aware devices
Tagged frames (explicit)
11
Type of Links Access Link

Connects VLAN tagged unaware devices to the port of a VLAN tagged aware switch
The VLAN switch adds tags to received frames, and removes tags when transmitting frames
All frames on access links are untagged
VLAN tagged aware switch
Access Link
VLAN A
VLAN tagged unaware
12
Types of Links;
VLANTrunkLink
Attaches 2 VLAN aware switches (or other VLAN tagged aware devices) All frames on VLAN Trunk links must have a special header attached (tagged frames) Allows for multiple VLAN frames to use one link
VLAN tagged aware switch VLAN Trunk Link VLAN Trunk Link VLAN tagged aware switch
13
VLAN tagged aware Workstation
IEEE 802.1Q VLAN
The VLAN Tag Ethernet Frame
Destination Address
Source Address
TPID
TCI
Length /Type
DATA
FSC
2 Bytes
Tag Protocol Identifier TPID
2 Bytes
Tag Control Information TCI
17
The VLAN Tag

Tag Protocol Identifier TPID
Tag Control Information TCI
2 Bytes
2 Bytes
VLAN protocol Id = 0x8100
Tag Priority 3 Bits
CFI 1Bit
VID 12 Bits
Tag priority according to IEEE802.1p

CFI Canonical Format Indicator VID VLAN ID
18
Tag Control Information

Tag Priority
PiggybackonVLANTAG 7 is the highest priority (0 the default)
CFI
Value 1
VLAN tag extended to include embedded Source Routing information which will also contain the canonical format of any embedded MAC address Value 0 VLAN tag not extended + any embedded MAC addresses are in canonical (Little Endian) format
VLAN ID
Between 1 to 4094 (0x000 and 0xFFF reserved)
19
Port VLAN ID (PVID)

Each port in a VLAN has a default VLAN ID called Port VLAN ID (PVID). When an untagged packet comes to the switch, it will be tagged with the PVID value as the VLAN ID for further processing.
20
Switch Filtering Operation Process

Ingress - Takes received frames from a physical port and performs 3 operations: - Acceptable frame filter - ingress rule - ingress filter Progress
- Forwarding decision according to database
Egress - How to transmit frames through the output ports
21
Switch Filtering Operation
22
VLAN; Tagged / Untagged Ports
A port added to a VLAN on a (VLAN aware) device can be in one of 2 states tagged or untagged (for each specific VLAN) A certain VLAN can have both tagged and untagged ports
23
Tagging;
Advantage/Disadvantage
Advantages Disadvantages
The standard way of VLAN

implementation in the networking devices
Tags can be interpreted only

by VLAN aware devices
VLAN association rules need to

be applied only once
Edge switches must strip tags

before forwarding them to VLAN unaware devices
Only edge switches need to know

the VLAN association rules
Insertion or removal of a tag

requires recalculation of CRC
Core switches can get higher

performance by operating on an explicit VLAN identifier
May increase length of frame
VLAN aware end stations can

reduce load from switches
beyondmaximum(oldframe size 1518bytes,newframe size 1522 bytes)
24
Ingress Port Behavior

At the ingress tagged and untagged VLAN
configuration have the same affect:
Tagged frames which have a VID matching that of one of
the VLANs defined on the port are forwarded

Tagged frames which have a VID that does not match any
of the VLANs defined on the port are discarded

Untagged frames are forwarded on the VLAN which is the
PVID and PVID tag is added to the frames
25
Process Behavior
Filtering Database - Either static or dynamic entries - Either unicast or multicast entries Forwarding decisions
-
Known MAC addresses
Lookup in MAC address table. Lookup key is based on both: VLAN tag and destination MAC address leading to the required egress port
-
Unknown Unicast initial lookup in MAC forwarding table, when
entry is not found flooding is performed based on the VLAN Port Table
-
Broadcast frame lookup is done directly at the VLAN Port Table (flooding to all ports of the VLAN)
26
Egress Port Behavior

At the egress tagged and untagged VLAN port configuration have different affects:
Tagged VLANsforwardtheegresstraffic(outof
thedevice)as tagged frames If ingress frame is untagged, tagged with PVID of the port
Un-tagged VLANsforwardtheegresstraffic(outof
thedevice) as un-tagged frames If ingress frame is tagged, strip tag before forwarding
27
VLAN Commands
VLAN Database
This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format Mode vlan database Privileged EXEC
29
Create a VLAN
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094. The no option remove the VLAN.
Format Mode
[no] vlan <2-4094> VLAN Config
30
Name/Rename a VLAN
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4094.
Format Mode Default
[no] vlan name <2-4094> <name> VLAN Config VLAN ID 1 - default; other VLANS - blank string
31
VLAN Accept Frame

This command sets the frame acceptance mode per interface. For specific interface(s)
Format Mode Default
[no] vlan acceptframe {vlanonly | all} Interface Config all
For all interfaces

Format Mode Default
vlan port acceptframe all {vlanonly | all} Global Config all
VLAN Only: untagged frames or priority frames received on this interface are discarded. All: untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
32
VLAN Ingress Filter

This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. For specific interface(s): Format [no] vlan ingressfilter Mode Interface Config Default disabled For all interfaces: Format [no] vlan port ingressfilter all Mode Global Config Default disabled
33
Convert a Dynamic VLAN to Static

This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4094.
Format Mode
vlan makestatic <2-4094> VLAN Config
34
Assign VLAN Membership

For specific interface(s) Format vlan participation {exclude | include | auto} <1-4094> Mode Interface Config For all interfaces Format vlan participation all {exclude | include | auto} <1-4094> Mode Global Config
include The interface is always a member of this VLAN. This is
equivalent to registration fixed.

exclude The interface is never a member of this VLAN. This is
equivalent to registration forbidden.

auto The interface is dynamically registered in this VLAN by GVRP.
The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal.
35
Assign PVID
For all port: Format [no] vlan port pvid all <1-4094> Mode Global Config Default 1 For specific port(s): Format [no] vlan pvid <1-4094> Mode Interface Config Default 1
36
Tagging a port for VLAN

This command configures the tagging behavior for interface(s) in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. For specific interface(s): Format [no] vlan tagging <1-4094> Mode Interface Config Default 1 For all interfaces(s): Format [no] vlan port pvid all <1-4094> Mode Global Config Default 1
37
Web Interface (Firmware version 6.x or Prior)
VLAN configuration
39
VLAN Status
40
VLAN Port Configuration
41
Web Interface (Firmware version 7.x)
VLAN Configuration
43
VLAN Membership
44
Port VLAN ID Configuration
45
VLAN Examples
VLAN example #1 Four standalone VLANs

VLAN1 VLAN2 VLAN3 VLAN4
Create the VLAN

Vlan database Vlan 1 Vlan name 1 vlan1 Vlan 2 Vlan name 2 vlan2 Vlan 3 Vlan name 3 vlan3 Vlan 4 Vlan name 4 vlan4
Assign membership
Config Interface 0/1 Vlan participation include 1 Vlan pvid 1 exit Interface 0/2 Vlan participation include 2 Vlan pvid 2 Exit
47
VLAN Example #2
One arm router
Port 1 belongs to all four VLANs. All the port can access port 1 but not each other. Create VLAN1, 2, 3, 4 as usual. Create common VLAN including all the ports of all four VLANs and the uplink port. PVID of the uplink port will be the VLAN ID of the common VLAN.
48
VLAN Trunking
Propagate VLAN information between switches. VTP (VLAN trunk protocol) proprietary to Cisco. Trunk port connect two switches that share VLAN information. Includes in all the VLANs that need to be trunked. Trunk port must be tagged in all VLAN.
49
VLAN Example #3
VLAN trunking
Include trunk port in all the VLANs. Trunk port is tagged in all the VLANs. PVIDofoftrunkportdoesntmatter.
50
Combining example 1,2,3

Uplink to internet
Trunk port
VLAN1
VLAN2
VLAN3
VLAN4 Trunk port
VLAN1
VLAN2
VLAN3
VLAN4
Create common VLAN in both switch#1 and switch#2. Includes all the ports as member of common VLAN. PVID of uplink port on switch#1 is VLAN ID of common VLAN. PVIDs of the other ports are their own individual VLAN ID. Include trunk ports in every VLAN. Trunk ports need to be tagged in every VLAN. PVID of the trunk port should be VLAN ID of common VLAN.
51
Lab1;
StandaloneVLAN
Create VLAN2 port 2,3,4,5.
Create VLAN3 port 6,7,8,9.
Make sure computers on VLAN2 can ping each other.

Make sure computers on VLAN2 cannot ping computer on VLAN3.
52
Lab2;
OneArmRouter
Create VLAN 2 port 2.3,4,5. Create VLAN3 port 6,7,8,9. Configure port 10 such that computer connected to port 10 can ping computer in VLAN2 and VLAN3. Make sure computers in VLAN2 still cannot ping computers in VLAN2
53
Lab3; VLAN trunking

Create VLAN2 on switch 1 port 2,3,4,5. Create VLAN3 on switch 1 port 6,7,8,9. Configure port 11 on switch 1 to be a VLAN trunk port. Create VLAN2 on switch 2 port 2,3,4,5. Create VLAN3 on switch 2 port 6,7,8,9. Configure port 11 on switch 2 to be a VLAN trunk port. Connect port 11 on switch 1 to port 11 on switch 2. Make sure computer connected to VLAN2 on switch 1 can ping computer connected to VLAN2 on switch 2.
Make sure computer connected to VLAN3 on switch 1 can ping computer connected to VLAN3 on switch 2.
Make sure computer connected to VLAN2 on switch 1 cannot ping computer connected to VLAN3 on switch 2.
54
Lab4; Putting them together

Create VLAN2 on switch 1 port 2,3,4,5. Create VLAN3 on switch 1 port 6,7,8,9. Configure port 10 on switch 1 to be a common port that can access both VLAN 2 and 3.
Configure port 11 on switch 1 to be a VLAN trunk port.

Create VLAN2 on switch 2 port 2,3,4,5. Create VLAN3 on switch 2 port 6,7,8,9. Configure port 11 on switch 2 to be a VLAN trunk port. Connect port 11 on switch 1 to port 11 on switch 2. Make sure computer connected to VLAN2 on switch 1 can ping computer connected to VLAN2 on switch 2. Make sure computer connected to VLAN3 on switch 1 can ping computer connected to VLAN3 on switch 2. Make sure computer connected to port 10 on switch 1 can ping computer connected to both VLAN2 and VLAN3 on switch 2. Make sure computer connected to VLAN2 on switch 1 cannot ping computer connected to VLAN3 on switch 2.
55
MAC address based VLAN (Supported only on GSM7300S)
MAC Address Based VLAN

MAC address based VLAN allow VLAN membership to be defined using MAC address.
Allow VLAN members not to be restricted by port.

Member of MAC address based VLAN can also defined using port. Supported only on GSM7300S.
57
Procedure;
HowToCreateMACAddressBasedVLAN
Create VLAN
Vlan database Vlan <vlan ID>
Add member to the VLAN by MAC address

Vlan association mac <mac address> <vlan ID>
Add member to the VLAN by port (optional)

Vlan participation include <vlan ID>
58
MAC Address Based VLAN GUI
59
Lab 5; MAC address based VLAN

Connect 2 computers to the switch. CreateaMACbasedVLANwithoneofthecomputersMAC addresses.
Test and confirm the two computers cannot ping each other.
Added MAC address of the other computer to the MAC based VLAN.
Test and confirm the two computers can now ping each other.
Add a port to the MAC based VLAN. Remove MAC address of computer#2 from the MAC based VLAN.
Test and confirm the two computers cannot ping each other.
Connect computer#2 to the port belong to the MAC based VLAN. Test and confirm the two computer can now ping each other.
60
Protocol Based VLAN
Protocol Based VLAN

Protocol VLAN allow member of a VLAN to be defined using protocol (IP, IPX, ARP) in addition to port. After create a protocol group, a group ID will be assigned starting with 1. A protocol (IP/IPX/ARP) can be assigned to the created protocol group. A VLAN ID must be associated to the group ID. Interface will be added as member of port. Only packets matching the defined protocol will be forwarded within the protocol group.
62
Create Protocol VLAN Group

This command adds protocol-based VLAN group to the system. The <groupName> is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands.
Format
vlan protocol group <groupname>
Mode
Global Config
To remove a protocol group: Format vlan protocol group remove <groupid> Mode Global Config
63
Add a Protocol To The Protocol Group

This command adds the <protocol> to the protocol-based VLAN identified by <groupid>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx.
Format Mode Default
[no] vlan protocol group add protocol <groupid> <protocol>
Global Config none

64
Attach a VLAN;
ToTheProtocolVLANGroup
This command attaches a <vlanid> to the protocol-based VLAN identified by <groupid>. A group may only be associated with one VLAN at a time, however the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
Format Mode Default
[no] protocol group <groupid> <vlanid>
VLAN Config none

65
Add Interface(s); ToTheProtoclVLANGroup

This command adds the physical interface(s) to the protocol-based VLAN identified by <groupid>.
You can associate multiple interfaces with a group, but you can only associate each interface and protocol combination with one group.
If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command fails and the interface(s) are not added to the group. Create the referenced VLAN before you create the protocol-based VLAN except when you configure GVRP to create the VLAN. For specific interface(s): Format [no] protocol vlan group <groupid> Mode Interface Config For all interfaces: Format [no] protocol vlan group all <groupid> Mode Global Config
66
Procedure;
CreateaProtcolBasedVLAN
Create VLAN
vlan database
vlan <vlan ID>
Create protocol VLAN group

vlan protocol group <group name>
Assign protocol to the protocol VLAN group vlan protocol group add protocol <group ID> [IP | IPX | ARP]
Add an interface as a member of the protocol VLAN group

Interface mode: protocol vlan group <group ID>
Map the protocol VLAN group to a VLAN

VLAN database mode: protocol group <group ID> <VLAN ID>
67
Protocol Based VLAN Configuration
(Firmware version 6.x or Prior)
68
Protocol Based VLAN Group Configuration
(Firmware version 7.x)
69
Protocol Based VLAN Group Membership
(Firmwareversion.7x)
70
GVRP
GARP and GVRP

GARP is a protocol that allows client stations to register with the switch for membership in VLANS (by using GVMP) or multicast groups (by using GMRP). GVRP dynamically create VLAN with neighbor switches enabled for GVRP.
GVRP automatically tag interface connected to neighbor switches enabled for GVRP.
72
Enable GVRP
This command enables GVRP. If GVRP is disabled, the system does not forward GVRP messages.
Format Mode
[no] set gvrp adminmode
Default
Privileged EXEC disabled
73
Enable GVRP; Oninterface(s)

This command enables GVRP on interface(s)
Format Modes
[no] set gvrp interfacemode
Default
Interface Config/Global Config disabled
74
Procedure;
ConfiguringGVRP
Enable GVRP on the switch
set gvrp adminmode
Enable GVRP on the interface(s) Interface mode: set gvrp interface mode
When VLAN is created on one switch, dynamically, same VLAN will be created on the other switches running GVRP and the port connecting the switches together will be added to the VLAN and tagged dynamically.
A VLAN created by GVRP (dynamic VLAN) can be converted to static VLAN.
vlan makestatic <VLAN ID>
75
GARP Switch Configuration

(Firmwareversion.6xandPrior)
76
GARP Port Configuration; (Firmwareversion.6xandPrior)
77
GARP Switch Configuration (Firmwareversion.7x)
78
GARP Switch Configuration (Firmware version 7.x)
79
LAB 6; GVRP
Create VLAN 2 on switch#1. Assign interface 1-5 as member. Connect port 5 of switch#1 to port 5 of switch#2. Enable GVRP on switch#1. Enable GVRP on port 5 of switch#1.
Enable GVRP on switch#2.

Enable GVRP on port 5 of switch#2. Runshowvlanonswitch#2. Observe VLAN2 get automatically created on switch#2. Observe port 5 of switch#2 get automatically added to VLAN2 and tagged.
80
Double VLAN
Double VLAN
Only supported on GSM7300S. Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain.
82
Example;
83
Ingress Logic
For Packet Types Ingressing An Uplink (SP) Port
Packet seen on Packet seen on Uplink (Service egress at another egress at another Provider). Action Uplink port on Access port on taken on ingress. the switch. the switch. Add a SP Tag Add a SP Tag Do Nothing Do Nothing Single Tagged Untagged 802.1Q Tagged Untagged 802.1Q Tagged
Ingress Packet
Untagged 802.1Q Tagged SP Tagged SP+802.1Q Tagged
SP+802.1Q Tagged
SP Tagged SP+802.1Q Tagged
84
Ingress Logic;
ForPacketTypesIngressingAnAccess(Customer)Port Access (Customer). Action taken on ingress.
Ingress Packet
Packet seen on Packet seen on egress at egress at another Uplink another Access port on the port on the switch. switch.
SP Tagged SP+802.1Q Tagged Untagged 802.1Q Tagged
85
Untagged
Add a SP Tag
802.1Q Tagged
Add a SP Tag
Enable DVLAN On Interface(s)

This command is used to enable Double VLAN Tunneling on the specified interface. When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports.
Format Mode Default Format Mode Default
[no] mode dvlan-tunnel
Interface Config disabled

[no] mode dot1q-tunnel
Interface Config disabled
86
Configure Customer ID;
ForTheDVLANTunnel
This command configures the customer identification for the Double VLAN tunnel on the specified interface. The customer ID may have the value 0 to 4095, and the default is 0.
Format
[no] dvlan-tunnel customer-id <0-4095>
Mode
Default
Interface Config
0
87
Configure EtherType of the DVLAN tunnel

This command configures the ether-type for the specified interface. The ether-type may have the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a value from 0 to 65535. Format Mode Default
[no] dvlan-tunnel etherType <802.1Q | vman | custom> [0-65535]
Interface Config vman
88
Self Evaluation Questions

1. If a port is untagged for VLAN3, port PVID is 3, when an untagged packet ingress the port, what should be the VLAN ID on the egress packet? 2. If a port is tagged for VLAN2, port PVID is 3, when a tagged packet with VLAN ID 2 ingress the port, what should be the VLAN ID on the egress packet? 3. If a port is tagged for VLAN2 and PVID is 2, when an untagged packet ingress the port, what should be the VLAN ID on the egress packet? 4. How to make a port a VLAN trunk port on the 7000 series switches?
5. How to make a port to be accessible by both VLAN2 and VLAN3 while ports belong to VLAN 2 still cannot access VLAN3, or vice versa?
90

6. What is the purpose of MAC based VLAN? 7. What is the purpose of protocol VLAN? 8. Which protocols are supported on protocol based VLAN? 9. When GVRP is enabled on two switches, if a VLAN is created on switch#1, what settings will be dynamically created on switch#2?
91
Answers;
1. No, VLAN ID. VLAN ID will be stripped on untagged port. 2. VLAN ID is 2. If port is tagged and ingress packet is tagged, packet egress with tagging intact. 3. VLAN ID is 2. If port is tagged and ingress packet is untagged, packet egress tagged with port PVID. 4. Make that port a tagged member of all the VLANs. 5. Create a common VLAN which VLAN members include the common port and all ports of VLAN2 and VLAN3. Make PVID of the common port the VLAN ID of the common VLAN.
92
Answers;
6. Allow member of a VLAN not to be restricted by ports. A computer can be moved from port to port but still maintain membership in the VLAN regardless if the port belong to the VLAN or not. 7. Allow packets going through a VLAN to be restricted to the protocol in addition to port. 8. IP, IPX and ARP.
9. The VLAN will be dynamically created. The port connected to the neighbor switch will be added as a member of the dynamic VLAN and tagged.
93
Question?
Thank you

Vlan

Cargado por

Información del documento

Descripción original:

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Vlan

Cargado por

Copyright:

Formatos disponibles

Virtual LAN (VLAN)

.1996-2004 NETGEAR . All rights reserved

Switch with VLANs

.1996-2004 NETGEAR . All rights reserved

VLAN; Multiple Switches

.1996-2004 NETGEAR . All rights reserved

.1996-2004 NETGEAR . All rights reserved

Marketing Engineering Administration

.1996-2004 NETGEAR . All rights reserved

.1996-2004 NETGEAR . All rights reserved

ProprietyVLANareadisadvantagefornetworksthatdont wish to be vendor dependant.

.1996-2004 NETGEAR . All rights reserved

Types Of Devices on VLAN

VLAN aware devices

VLAN unaware devices

.1996-2004 NETGEAR . All rights reserved

VLAN unaware device

All connected devices

Untagged frames (implicit)

VLAN aware device

Other VLAN aware devices

Tagged frames (explicit)

.1996-2004 NETGEAR . All rights reserved

Type of Links Access Link

VLAN tagged aware switch

.1996-2004 NETGEAR . All rights reserved

VLAN tagged aware Workstation

.1996-2004 NETGEAR . All rights reserved

IEEE 802.1Q VLAN

The VLAN Tag Ethernet Frame

.1996-2004 NETGEAR . All rights reserved

The VLAN Tag

VLAN protocol Id = 0x8100

Tag Priority 3 Bits

Tag priority according to IEEE802.1p

Tag Control Information

.1996-2004 NETGEAR . All rights reserved

Port VLAN ID (PVID)

.1996-2004 NETGEAR . All rights reserved

Switch Filtering Operation Process

Egress - How to transmit frames through the output ports

.1996-2004 NETGEAR . All rights reserved

Switch Filtering Operation

.1996-2004 NETGEAR . All rights reserved

VLAN; Tagged / Untagged Ports

.1996-2004 NETGEAR . All rights reserved

The standard way of VLAN

Tags can be interpreted only

VLAN association rules need to

Edge switches must strip tags

Only edge switches need to know

Insertion or removal of a tag

Core switches can get higher

May increase length of frame

VLAN aware end stations can

beyondmaximum(oldframe size 1518bytes,newframe size 1522 bytes)

Ingress Port Behavior

the VLANs defined on the port are forwarded

of the VLANs defined on the port are discarded

PVID and PVID tag is added to the frames

.1996-2004 NETGEAR . All rights reserved

Known MAC addresses