Document No. 10-300077, Issue 2 6-5
Using VLANs, Hunt Groups, and VTP Snooping
Forwarding Rules
These rules determine the set of ports on the switch through whi ch membe rs
of the VLAN can be reached. This is called binding a port to a VLAN. A
port may be bound to a VLAN using the Web Agent in the following three
ways:
1. Setting the Port VLAN attribute in the Switch Port Configuration Web
page.This identifies the VLAN to which all untagged frames received
on the port are forwarded. Static Binding, the port is bound to the
VLAN selected in the Port VLAN pa rameter.
* Note: A port has one Port VLAN. Changing this to a new VLAN
removes the port from the old VLAN.
2. Setting the VLAN Binding attribute in the Switch Port Configuration
Web page to Bind to All should be done on links connect ing two la yer2
switches, where multiple VLANs sp an across both switches, such that
members of each VLAN are found on both sides of the link. Bind-to -a ll
should not be used when the switches on both ends of the link act as
routers, such that each IP subnet and each VLAN are confined to one
side of the link only and do not have members connected to the switch
at the other end. In such routing cases, the link is never used for intra-
VLAN traffic but rather is used only for tr aff ic rout ed from o ne ro uter to
the other. Thus, there is no need for the link to belong to multiple
VLANs, and should not be configured to bind-to-all. It should be bound
to a single VLAN that is dedicated to the connection between the two
routers. Bind-to-all in this case is not only unnecessary, but also
undesired as a lot of irrelevant broadcast/multicast traffic of other
VLANs will be sent onto this link and into the switch on the other end,
unnecessarily increasing the control-plane load on the supervisor and
increasing the chance for harmful layer3 configuration errors.
3. Setting the VLAN Binding attribute in the Switch Port Configuration
Web page to Bind to Received. This causes the port to be bound to all
VLANs (as identified by the VLAN ta g in tagged frames) received on
this port. Consequently, ports are bound to those VLANs that actually
have members that are reachable through the port.
*Note: When an untagged frame arrives on a port that is set to
Bind to ALL, it forwards the frame to the “port VLAN”.
When a tagged 802.1Q frame arrives on a port that is set
to Bind to All and the VLAN doesn’t exist on the switch
the frame is dropped.
Ingress: Untagged frames are classified to the VLAN
associated with the port on which th e frame is received.
Tagged frames are classified to the VLAN iden ti fied by
the VLAN tag in the tag header of the f rame.