Manuals / Allied Telesis / Computer Equipment / Switch

Allied Telesis at-8700xl series switch manual Summary of VLAN tagging rules, Protected VLANs

Models: at-8700xl series switch

1 81
Download 81 pages 57.37 Kb
Page 67
Image 67

Switching

67

can be enabled for a specified time, disabled, and displayed using the commands:

ENABLE VLAN={vlan-name1..255ALL} DEBUG={PKTALL} [OUTPUT=CONSOLE] [TIMEOUT={1..4000000000NONE}]

DISABLE VLAN={vlan-name1..255ALL} DEBUG={PKTALL}

SHOW VLAN DEBUG

To view packet reception and transmission counters for a VLAN, use the command (see the Interfaces chapter of the switch’s Software Reference):

SHOW INTERFACE=VLANn COUNTER

Summary of VLAN tagging rules

When designing a VLAN and adding ports to VLANs, the following rules apply.

1.Each port, except for the mirror port, must belong to at least one static VLAN. By default, a port is an untagged member of the default VLAN.

2.A port can be untagged for zero or one VLAN. A port that is untagged for a VLAN transmits frames destined for that VLAN without a VLAN tag in the Ethernet frame.

3.A port can be tagged for zero or more VLANs. A port that is tagged for a VLAN transmits frames destined for that VLAN with a VLAN tag, including the numerical VLAN Identifier of the VLAN.

4.A port cannot be untagged and tagged for the same VLAN.

5.The mirror port, if there is one, is not a member of any VLAN.

Protected VLANs

If a VLAN is Protected, Layer 2 traffic between ports that are members of a Protected VLAN is blocked. Traffic can be Layer 3 switched to another VLAN. This feature prevents members of a Protected VLAN from communicating with each other yet still allows members to access another network. Layer 3 Routing between Ports in a Protected VLAN can be prevented by adding a Layer 3 filter. The Protected VLAN feature also allows all of the members of the Protected VLAN to be in the same subnet.

A typical application is a hotel installation where each room has a port that can be used to access the Internet. In this situation it is undesirable to allow communication between rooms.

To create a Protected VLAN, use the command:

CREATE VLAN=vlan-nameVID=2..255 [PROTECTED]

VLAN Interaction with STPs and Trunk Groups

VLANs may have ports in more than one STP, when the ports belong to multiple VLANs. VLANs can belong to multiple STPs.

All the ports in a trunk group must have the same VLAN configuration: they must belong to the same VLANs and have the same tagging status, and can only be operated on as a group.

Software Release 2.6.1 C613-02030-00 REV B

Page 66 Page 68
Page 67
Image 67
Allied Telesis at-8700xl series switch manual Summary of VLAN tagging rules, Protected VLANs
Page 66 Page 68