Advanced Configuration and Management Guide
When a device receives a packet on a port that is a member of a VLAN, the device forwards the packet based on the following VLAN hierarchy:
•If the port belongs to an IP sub-net VLAN, IPX network VLAN, or AppleTalk cable VLAN, and the packet belongs to the corresponding IP sub-net, IPX network, or AppleTalk cable range, the device forwards the packet to all the ports within that VLAN.
•If the packet is a Layer 3 packet but cannot be forwarded as described above, but the port is a member of a Layer 3 protocol VLAN for the packet’s protocol, the device forwards the packet on all the Layer 3 protocol VLAN’s ports.
•If the packet cannot be forwarded based on either of the VLAN membership types listed above, but the packet can be forwarded at Layer 2, the device forwards the packet on all the ports within the receiving port’s port- based VLAN.
Protocol VLANs differ from IP sub-net, IPX network, and AppleTalk VLANs in an important way. Protocol VLANs accept any broadcast of the specified protocol type. An IP sub-net, IPx network, or AppleTalk VLAN accepts only broadcasts for the specified IP sub-net, IPX network, or AppleTalk cable range.
NOTE: Protocol VLANs are different from IP sub-net, IPX network, and AppleTalk cable VLANs. A port-based VLAN cannot contain both an IP sub-net, IPX network, or AppleTalk cable VLAN and a protocol VLAN for the same protocol. For example, a port-based VLAN cannot contain both an IP protocol VLAN and an IP sub-net VLAN.
Layer 2 Port-Based VLANs
A port-based VLAN is a subset of ports on a device that constitutes a Layer 2 broadcast domain.
By default, all the ports on a device are members of the default VLAN. Thus, all the ports on the device constitute a single Layer 2 broadcast domain. You can configure multiple port-based VLANs. When you configure a port- based VLAN, the device automatically removes the ports you add to the VLAN from the default VLAN.
Figure 16.1 shows an example of a device on which a Layer 2 port-based VLAN has been configured.
Default VLAN
User-configured port-based VLAN
Figure 16.1 Example of a device containing user-defined Layer 2 port-based VLAN
A port can belong to only one port-based VLAN, unless you apply 802.1p tagging to the port. 802.1p tagging allows the port to add a four-byte tag field, which contains the VLAN ID, to each packet sent on the port. You also can configure port-based VLANs that span multiple devices by tagging the ports within the VLAN. The tag enables each device that receives the packet to determine the VLAN the packet belongs to. 802.1p tagging applies only to Layer 2 VLANs, not to Layer 3 VLANs.
Since each port-based VLAN is a separate Layer 2 broadcast domain, by default each VLAN runs a separate instance of the Spanning Tree Protocol (STP).