DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
71
same VID) as the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and
the destination port transmits it on its attached network segment.
This process is referred to as ingress filtering and is used to conserve bandwidth within the Switch b y dropping
packets that are not on the same VLAN as the ingress port at the point of reception. T his eliminates t he subseque nt
processing of packets that will just be dropped by the destination port.
Default VLANs The Switch initially configures one VLAN, VID = 1, called "def ault." T he factor y default sett ing ass igns all ports on t he
Switch to the "default." As new VLANs are configured in Port-based mode, their respective member ports are removed
from the "default."
Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VL AN, the link m ust be through
an external router.
NOTE: If no VLANs are configured on the Switch, then all packets will be forw arded to any
destination port. Packets with unknown source addresses will be flooded to all ports .
Broadcast and multicast packets will also be flooded to all ports.
An example is presented below:
VLAN Name VID Switch Ports
System (default) 1 5, 6, 7, 8, 21, 22, 23, 24
Engineering 2 9, 10, 11, 12
Marketing 3 13, 14, 15, 16
Finance 4 17, 18, 19, 20
Sales 5 1, 2, 3, 4
Table 3 - 1 VLAN Example - Assigned Ports
Port-based VLANs Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all de vices connected to a port are
members of the VLAN(s) the port belongs to, whether there is a sing le com puter directl y connect ed to a s witch, or a n
entire department.
On port-based VLANs, NICs do not need to be able to identify 802.1Q tags in packet header s. NICs send a nd rec eive
normal Ethernet packets. If the packet's destination lies on the sam e segment, communications take place using
normal Ethernet protocols. Even though this is always the case, when the destination for a pack et lies on another
switch port, VLAN considerations come into play to decide if the packet gets dropped by the Switch or delivered.
VLAN Segmentation Take for example a packet that is transmitted by a machine on Port 1 that is a m ember of VLAN 2. If the destination
lies on another port (found through a normal forwarding table lookup), the Switch the n looks to see if the other port
(Port 10) is a member of VLAN 2 (and can therefore receive VL AN 2 pack ets). If Port 10 is not a m ember of VL AN 2,
then the packet will be dropped by the Switch and will not r each its des tinat ion. If Port 10 is a m ember of VLAN 2, t he
packet will go through. This selective forwarding feature bas ed on VLAN criteria is how VLANs segment networks.
The key point being that Port 1 will only transmit on VLAN 2.
Network resources can be shared across VLANs. This is achi ev ed b y setting up overlapping VLANs. That is ports can
belong to more than one VLAN group. For example, by setting VLAN 1 members to ports 1, 2, 3 and 4 and VL AN 2
members to ports 1, 5, 6 and 7, Port 1 will belong to two VLAN gr oups. Ports 8, 9 and 10 are not config ured to any
VLAN group. This means ports 8, 9 and 10 are in the same VLAN group.