D-Link DGS-3700 IEEE 802.1Q VLANs

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

68

IEEE 802.1Q VLANs

Some relevant terms:

Tagging – The act of putting 802.1Q VLAN information into the header of a packet.

Untagging – The act of stripping 802.1Q VLAN information out of the packet header.

Ingress port – A port on a switch where packets are f lowing into the Switch and VL AN decisions must be

made.

Egress port – A port on a switch where packets are flowing out of the Switch, either to another switch or to an

end station, and tagging decisions must be made.

IEEE 802.1Q (tagged) VLANs are implemented on the Switch. 802.1Q VL ANs r equire taggin g, w hich en ables them to

span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant). VLANs allow a network to

be segmented in order to reduce the size of broadcast domains. Al l pac k ets entering a VLAN will only be forwarded to

the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes broadcast,

multicast and unicast packets from unknown sources.

VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver pack ets between

stations that are members of the VLAN.

Any port can be configured as either tagging or untagging. The untaggin g feature of IEEE 802.1Q VLANs allows

VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. T he tagging feature allows

VLANs to span multiple 802.1Q-compliant switches through a single physical connec tion an d allo ws Spann ing T ree to

be enabled on all ports and work normally.

The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN of which the rec eiving port is a

member.

Figure 3 - 2 IEEE 802.1Q Packet Forwarding

The main characteristics of IEEE 802.1Q are as follows:

Assigns packets to VLANs by filtering.

Assumes the presence of a single global spanning

tree.

Uses an explicit tagging scheme with one-level

tagging.

802.1Q VLAN Packet Forwarding

Packet forwarding decisions are made based upon the

following three types of rules:

Ingress rules – r ules relevant to the classification of

received frames belonging to a VLAN.

Forwarding rules between ports - decides whether to

filter or forward the packet.

Egress rules – determines if the packet m ust be sent

tagged or untagged.

Contents

Main Copyright 2009. All rights reserved User Manual Product Model: DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.00 Page Table of Contents Page Page Page Page Page Page Page Preface Intended Readers Typographical Conventions Notes, Notices, and Cautions Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Areas of the User Interface Web Pages Page Section 2 Configuration Device Information System Information Serial Port Settings IP Address Page Setting the Swiths IP Address using the Console Interface Interface Settings Page IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Port Settings Port Description Port Error Disabled Static ARP Settings User Accounts Admin, Operator and User Privileges Page System Log Configuration System Log Settings System Log Server Page System Severity Settings DHCP Relay DHCP Relay Global Settings Page The Implementation of DHCP Information Option 82 on the Switch DHCP Relay Interface Settings DHCP Relay Option 60 Default Settings DHCP Relay Option 60 Settings DHCP Relay Option 61 Default Settings DHCP Relay Option 61 Settings Out of Band Management Settings External Alarm Settings DHCP Auto Configuration Settings MAC Addre s s Aging Time Web Settings Telnet Settings Password Encryption Clipaging Settings Firmware Information Dual Configuration Settings Ping Test Local Loopback Ports Settings VLAN Counter Settings SNTP Settings Time Settings TimeZone Settings MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings SNMP Settings Traps MIBs SNMP Global State Settings SNMP View Table SNMP Group Table SNMP User Table SNMP Community Table SNMP Host Table SNMP v6Host Table SNMP Engine ID SNMP Trap Configuration Time Range Settings sFlow sFlow Global State Settings sFlow Analyzer Server Settings sFlow Flow Sampler Settings sFlow Counter Poller Settings Single IP Management The Upgrade to v1.6 Single IP Settings Topology Page Page Tool Tips Right-Click Group Icon Commander Switch Icon Member Switch Icon Candidate Switch Icon Menu Bar File Group Device View Firmware Upgrade Configuration File Backup/Restore Upload Log File DDM Browse DDM Status List DDM Settings DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Page Section 3 L2 Features Jumbo Frame VLANs Understanding IEEE 802.1p Priority VLAN Description Notes About VLANs IEEE 802.1Q VLANs 802.1Q VLAN Tags Port VLAN ID Tagging and Untagging Ingress Filtering Default VLANs Port-based VLANs VLAN Segmentation VLAN and Trunk Groups Double VLANs Regulations for Double VLANs 802.1Q VLAN Page Page Page Subnet VLAN Subnet VLAN Settings VLAN Precedence Settings Q-in-Q Q-in-Q Settings VLAN Translation Settings Q-in-Q and VLAN Translation Rules 802.1v Protocol VLAN 802.1v Protocol Group Settings 802.1v Protocol VLAN Settings RSPAN Settings GVRP Settings GVRP Global Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking Understanding Port Trunk Groups Page LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGMP Snooping IGMP Snooping Settings Page IGMP Snooping Rate Limit Settings IGMP Snooping Static Group Settings IGMP Multicast Group Profile Settings IGMP Snooping Multicast VLAN Settings IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping MLD Control Messages MLD Snooping Settings Page MLD Snooping Rate Limit Settings MLD Snooping Static Group Settings MLD Multicast Group Profile Settings MLD Snooping Multicast VLAN Settings IPv6 Multicast Profile Settings IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror Loopback Detection Settings Spanning Tree 802.1w Rapid Spanning Tree Port Transition States Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Page STP Port Settings MST Configuration Identification STP Instance Settings MSTP Port Information Forwarding & Filtering Unicast Forwarding Multicast Forwarding Multicast Filtering Mode LLDP LLDP Global Settings LLDP Port Settings LLDP Management Address List LLDP Basic TLVs Settings LLDP Dot1 TLVs Settings LLDP Dot3 TLVs Settings LLDP Statistics System LLDP Local Port Information LLDP Remote Port Information CFM CFM Port Settings CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRs CFM MIPCCM List Connectivity Fault Management Settings CFM Loopback Settings CFM Linktrace Settings Ethernet OAM Ethernet OAM Settings Ethernet OAM Configuration Settings Section 4 QoS Advantages of QoS Understanding QoS Page HOL Blocking Pevention Bandwidth Control Traffic Control Page 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling In Band Manage Settings SRED SRED Settings Page Page Page 802.1p Map Settings Section 5 Security Safeguard Engine Page Trusted Host IP-MAC-Port Binding IMP Binding Global Settings IMP Binding Port Settings Page IMP Binding Entry Settings DHCP Snooping Entries MAC Block List Port Security Port Security Port Settings Port Security VLAN Settings Port Security Entries DHCP Server Screening Settings DHCP Screening Port Settings DHCP Offer Filtering 802.1X 802.1X Port-Based and Host-Based Access Control Authentication Server Authenticator Client Authentication Process Understanding 802.1X Port-based and Host-based Network Access Control Port-Based Network Access Control Host-Based Network Access Control 802.1X Global Settings 802.1X Port Settings Page 802.1X User Authentication RADIUS Server Initialize Port(s) Reauthenticate Port(s) Guest VLAN Configuration Limitations Using the Guest VLAN Guest VLAN SSL Settings Download Certificate Ciphersuite Page SSH SSH Settings SSH Authmode and Algorithm Settings SSH User Authentication Lists Access Authentication Control Page Authentication Policy Settings Application Authentication Settings Authentication Server Group Authentication Server Login Method Lists Enable Method Lists Local Enable Password Settings RADIUS Accounting Settings MAC-based Access Control Notes About MAC-based Access Control MAC-based Access Control Settings Page MAC-based Access Control Local Settings Web Authentication Conditions and Limitations Web-based Access Control Settings Web-based Access Control User Settings NetBIOS Filtering NetBIOS Filtering Settings Section 6 ACL ACL Configuration Wizard Access Profile List Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page CPU Interface Filtering CPU Access Profile List Page Page Page Page Page Page Page Page Page Page ACL Finder ACL Flow Meter Page Page Section 7 Monitoring Device Status Cable Diagnostic CPU Utilization Port Utilization Packet Size Page Memory Utilization Packets Received (RX) Page UMB_cast (RX) Transmitted (TX) Page Page Errors Received (RX) Transmitted (TX) Page Port Access Control RADIUS Authentication RADIUS Account Client Page Authenticator State Authenticator Statistics Authenticator Session Statistics Authenticator Diagnostics Page Browse ARP Table VLAN Browse VLAN Show VLAN Ports IGMP Snooping Browse IGMP Router Port IGMP Snooping Group IGMP Snooping Forwarding Table Browse IGMP Snooping Counter MLD Snooping Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table Browse MLD Snooping Counter Browse Session Table CFM CFM Packet Counter List CFM Packet Counter CCM List Browse CFM Fault MEP Browse CFM Port MP List MAC Address Table Browse VLAN Counter Statistics Ethernet OAM Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics Page Historical Counter & Utilization Browse Historical Counter Browse Historical Utilization System Log Page Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Page Page Page Page Example topology Configuration Page Page Appendix B System Log Entries Page Page Page Page Page Page Page Page DGS-3700 Series Trap List Proprietary Trap List Page Appendix C Glossary Page Appendix D Password Recovery Procedure