How does a Tagged VLAN work?
If the ingress filtering is enabled and when a packet is received, VLAN bridge will first check if the VID of the packet presents.
1). If the packet has a
2). For a packet with null tag or no VLAN tag, if VLAN bridge provides rules to decide its VID, then apply this VID to the packet.
If VLAN bridge does not support any rule for VID, then apply the PVID of the port to the packet which came from that port. VLAN bridge checks to see if the ingress port and the received packet are on the same VLAN. If not, drops it. If yes, forwards it to the associated ports. Meanwhile, this VLAN must be applied to the egress port, or the packet will be dropped.
If ingress filtering is disabled, VLAN bridge will only check the MAC address table to see if the destination VLAN exists. If VLAN does not exist, then drop the packet, and if both DA and VLAN do not exist, forwards the packet. If just knows VLAN existed, then floods the packet to all the ports the VLAN covers.
If we plan to deploy four VLANs in an office and use a switch to partition them, we should check which ports belong to which VLAN first. Assuming a
Name |
| VID |
| Port Members |
Marketing |
| 2 |
| 1,2,3,4,5 |
Service |
| 3 |
| 6,7,20,21,22 |
Sales |
| 4 |
| 8,9,10,11,12,13,14,15,16 |
Administration |
| 1 |
| 17,18,19,23,24 |
Table
Next, assigns IP address to each VLAN. Usually, we use 10.x.x.x as internal IP block. Because there are total four VLANs in the network, we must assign 4 IP blocks to each of them.
Name |
| VID |
| Network Address |
|
Marketing |
| 2 |
| 10.1.2.0/24 |
|
Service |
| 3 |
| 10.1.3.0/24 |
|
Sales |
| 4 |
| 10.1.4.0/24 |
|
Administration |
| 1 |
| 10.1.1.0/24 |
|
Table
Here we apply the subnet mask 255.255.255, and each VLAN is capable of supporting 254 nodes.
44