Configuring VLANs
Super Aggregated VLANs
You can aggregate multiple VLANs within another VLAN. This feature allows you to construct Layer 2 paths and channels. This feature is particularly useful for Virtual Private Network (VPN) applications ins which you need to provide a private, dedicated Ethernet connection for an individual client to transparently reach its sub-net across multiple networks.
For an application example and configuration information, see “Configuring Super Aggregated VLANs” on page 16-43.
Trunk Group Ports and VLAN Membership
A trunk group is a set of physical ports that are configured to act as a single physical interface. Each trunk group’s port configuration is based on the configuration of the lead port, which is the lowest numbered port in the group.
If you add a trunk group’s lead port to a VLAN, all of the ports in the trunk group become members of that VLAN.
Summary of VLAN Configuration Rules
A hierarchy of VLANs exists between the Layer 2 and Layer 3 protocol-based VLANs:
•Port-based VLANs are at the lowest level of the hierarchy.
•Layer 3 protocol-based VLANs, IP, IPX, AppleTalk, Decnet, and NetBIOS are at the middle level of the hierarchy.
•IP sub-net, IPX network, and AppleTalk cable VLANs are at the top of the hierarchy.
NOTE: You cannot have a protocol-based VLAN and a sub-net or network VLAN of the same protocol type in the same port-based VLAN. For example, you can have an IPX protocol VLAN and IP sub-net VLAN in the same port-based VLAN, but you cannot have an IP protocol VLAN and an IP sub-net VLAN in the same port-based VLAN, nor can you have an IPX protocol VLAN and an IPX network VLAN in the same port-based VLAN.
As a device receives packets, the VLAN classification starts from the highest level VLAN first. Therefore, if an interface is configured as a member of both a port-based VLAN and an IP protocol VLAN, IP packets coming into the interface are classified as members of the IP protocol VLAN because that VLAN is higher in the VLAN hierarchy.
Multiple VLAN Membership Rules
•A port can belong to multiple, unique, overlapping Layer 3 protocol-based VLANs without VLAN tagging.
•A port can belong to multiple, overlapping Layer 2 port-based VLANs only if the port is a tagged port. Packets sent out of a tagged port use an 802.1p-tagged frame.
•When both port and protocol-based VLANs are configured on a given device, all protocol VLANs must be strictly contained within a port-based VLAN. A protocol VLAN cannot include ports from multiple port-based VLANs. This rule is required to ensure that port-based VLANs remain loop-free Layer 2 broadcast domains.
•IP-Protocol and IP-Subnet VLANs cannot operate concurrently on the system or within the same port-based VLAN.
•IPX-Protocol and IPX-Network VLANs cannot operate concurrently on the system or within the same port based VLAN.
•If you first configure IP and IPX protocol VLANs before deciding to partition the network by IP sub-net and IPX network VLANs, then you need to delete those VLANs before creating the IP sub-net and IPX network VLANs.
•One of each type of protocol VLAN is configurable within each port-based VLAN on the switch.
•Multiple IP-Subnet and IPX-Network VLANs are configurable within each port-based VLAN on the switch.
•Removing a configured port-based VLAN from a routing switch or switch automatically removes any protocol based VLAN, IP-Subnet VLAN, AppleTalk cable VLAN, or IPX-Network VLAN, or any virtual interfaces defined within the Port-based VLAN.
