DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
70
Packets that are tagged (are carrying the 802.1Q VID information) c an be transmitted from one 802.1Q c ompliant
network device to another with the VLAN information intact. This a llows 802.1Q VL ANs to span network devices (and
indeed, the entire network, if all network devices are 802.1Q compliant).
Unfortunately, not all network devices are 802.1Q compliant. These de vices are referred to as t ag-unaware. 802.1Q
devices are referred to as tag-aware.
Prior to the adoption of 802.1Q VLANs, port-based and MAC -based VLANs were in common use. These VLANs relied
upon a Port VLAN ID (PVID) to forward packets. A packet rec eived on a given port would be assigned that port's PVID
and then be forwarded to the port that corresponded to the packet's destination address (found in the Switch's
forwarding table). If the PVID of the port that received the packet is different from the PVID of the port that is to
transmit the packet, the Switch will drop the packet.
Within the Switch, different PVIDs mean different VLANs (remember that two VLANs cannot com municate w ithout an
external router). So, VLAN identification based upon the PVIDs cann ot create VLANs that extend outside a given
switch (or switch stack).
Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, f or use within the Switc h. If no
VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID e qual to 1. Untagged
packets are assigned the PVID of the port on which they were received. Forwarding decisions ar e based upon this
PVID, in so far as VLANs are concerned. Tagged packets are forwarded accor ding to the VID contained with in the
tag. Tagged packets are also assigned a PVID, but the PVID is not used to m ake packet-forwarding decisions, the
VID is.
Tag-aware switches must keep a table to relate PVIDs within the Switch t o VIDs on the network. The Switch will
compare the VID of a packet to be transmitted to the VID of the port that is to tra nsmit the p acket. If the two VIDs are
different, the Switch will drop the packet. Because of the existence of the PVID for untagg ed packets and the VID for
tagged packets, tag-aware and tag-unaware network devices can coexist on the s ame network.
A switch port can have only one PVID, but can have as m any VIDs as the Swit ch has memory in its VLAN table to
store them.
Because some devices on a network may be tag-unaware, a decision must be made at each port on a tag-aware
device before packets are transmitted - should the packet to be tr ansmitted have a tag or not? If the tr ansmitting port
is connected to a tag-unaware device, the packet should be untagged. If the tra nsmitting port is connected to a tag-
aware device, the packet should be tagged.
Tagging and Untagging Every port on an 802.1Q compliant switch can be configured as tagging or untagging.
Ports with tagging enabled will put the VID number, priority and other VLAN inform ation into t he header of all pac kets
that flow into and out of it. If a packet has previously been tagged, the port will not alter the packet, thus keeping th e
VLAN information intact. Other 802.1Q compliant devices on the network to make packet-forwarding dec isions can
then use the VLAN information in the tag.
Ports with untagging enabled will strip the 802.1Q tag from all pack ets that flow into and out of those ports. If the
packet doesn't have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and
forwarded by an untagging port will have no 802.1Q VLAN inform ation. (Remember that the PVID is only used
internally within the Switch). Untagging is used to send packets from an 802.1 Q-compliant network device to a non-
compliant network device.
Ingress Filtering A port on a switch where packets are flowing into the Switch and VLAN decisions m ust be made is referr ed to as an
ingress port. If ingress filtering is enabled for a port, the Switch will examine the VLAN inform ation in the packet
header (if present) and decide whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port w ill f irst det erm ine if the ingres s port itself is a m em ber
of the tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a mem ber of the 802.1Q VLAN, the
Switch then determines if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If
the destination port is a member of the 802.1Q VLAN, the packet is for warded and the des tination por t transm its it to
its attached network segment.
If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the
port is a tagging port). The switch then determines if the destination port is a m ember of the same VLAN (has the