HP 9304M, 9308M 2.5 VLANs, 2.5.1 IEEE 802.1Q VLAN Support, 2.5.2 IEEE 802.1D Spanning Tree Protocol

HP ProCurve Routing Switch 9308M / 9304M Reviewer’s Guide

2.4.4.2 Layer 4 Filtering

The 9300 routing switches can filter based on IP addresses, IP port number and IPX network number. More details are given later in the Filtering section. These filters can be used in permit or deny situations, allowing fine tuning of traffic based on Layer 4 information.

2.5 VLANs

A Virtual LAN is a logical collection of ports or nodes that belong to a single broadcast/multicast domain. VLANs were originally devised as a solution to limit the size of any one broadcast domain to allow scaling of switched environments. With the advent of routing switch solutions, however, use of VLANs in end user environments is now largely done for network policy or security reasons. VLANs are also used in the HP ProCurve routing switches to establish groups of ports that are switched, linked to the router through a router virtual interface. See the Layer 3 services above for a more detailed explanation.

The HP ProCurve routing switches support up to 4096 VLANs (8 default), although normal VLAN usage is usually less than twenty VLANs. VLAN membership can be designated through any one of the following:

VLANs can overlap on a single port. For example, it may be advantageous to have a server connected through a single port to be a member of two different VLANs such that two different groups of PCs can access the same server, but the two groups of PCs cannot talk directly with each other.

Port-based VLANs can be further subdivided by using protocol VLANs. Protocol VLANs establish packet membership based on the packet’s IP subnet number, IPX network number, etc. Since a packet could be part of several VLANs simultaneously there is a hierarchy of VLAN ownership. Port-based VLANs are the lowest level. Layer 3 protocol-based VLANs, IP, IPX, AppleTalk, DECnet and NetBIOS are in the middle. IP sub-net and IPX network number VLANs are at the top.

VLANs can also be assigned to the virtual interfaces of the router in the routing switch. This provides a means of communication between two VLANs. VLANs defined only on switched ports within the routing switch cannot talk to each other without going through the router.

2.5.1 IEEE 802.1Q VLAN Support

The HP ProCurve routing switches support the IEEE 802.1Q VLAN tagging standard. The routing switches can have multiple VLAN traffic share a single physical link. 802.1Q also allows interoperability at this level between different vendors in a standards-based way.

Ports with only a single VLAN designation can be designated as untagged ports. Packets leaving these ports will not be 802.1Q tagged.

2.5.2 IEEE 802.1D Spanning Tree Protocol

The HP ProCurve routing switches support multiple instance spanning tree protocol. Each VLAN can have an instance of spanning tree running. This is useful in multiple VLAN environments where loops exist for redundancy purposes at the Layer 2 level.

Note that other HP switches support a single instance of spanning tree per box, per the 802.1D spec. If an HP Layer 2 switch is connected to a HP ProCurve routing switch and both are running spanning tree, the 9300 port connected to the HP switch needs to be an untagged port for the spanning tree protocols to be recognized, so that within the routing switch VLAN a port will be behave correctly according to Spanning Tree.