For additional information about both forms of the Spanning Tree Protocol, see Appendix H on page 277.

Virtual Local Area Networks (VLAN)

A virtual local area network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLANs can be used to combine any collection of blade servers into an autonomous user group that appears as a group within one or more chassis. VLANs also logically segment the blade servers into different broadcast domains so that packets are forwarded only between blade servers and the four external ports within the VLAN.

VLANs can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains.

Notes about VLANs on the IXM5414E switch module

No matter what basis is used to uniquely identify blade servers and assign these nodes VLAN membership, packets cannot cross VLANs without a network device performing a routing function between the VLANs.

The switch module supports only IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tag- unaware.

The switch module default is to assign all blade servers and the four external ports to a single 802.1Q VLAN named DEFAULT with a VLAN ID (VID) of 1.

The switch module can be configured to enable a wide variety of VLAN configurations among the various external ports.

IEEE 802.1Q VLANs

The following terms are relevant to VLANs and important with respect to understanding how VLANs function:

Tagging The act of adding 802.1Q VLAN information to the header of a packet.

Untagging The act of stripping 802.1Q VLAN information out of the packet header.

Ingress port A port on a switch where packets are flowing into the switch and where VLAN decisions must be made.

Egress port A port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and where tagging decisions must be made.

The IXM5414E switch module implements IEEE 802.1Q VLANs, which require tagging. This enables them to span the entire network (provided that all switches on the network are IEEE 802.1Q- compliant).

VLANs enable a network to be segmented to reduce the size of broadcast domains. All packets entering a VLAN will be forwarded (over IEEE 802.1Q enabled switches) only to the stations that are members of that VLAN. This includes broadcast packets, multicast packets and unicast packets from unknown sources.

VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will deliver packets only between stations that are members of the VLAN.

Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs enables VLANs to work with legacy switches that do not recognize VLAN tags in packet

26

Intel® Blade Server Ethernet Switch Module IXM5414E

Page 36
Image 36
Intel IXM5414E manual Virtual Local Area Networks Vlan, Ieee 802.1Q VLANs