Intel ZT8101 user manual Static Ieee 802.1Q VLANs, Ingress Checking

Switch Management and Operating Concepts

•Member ports

The complexity of the VLAN configuration is hidden. The switch applies the following rules when it creates the VLAN:

•Tagged frames are discarded. With port-based VLANs, frames are assumed to be untagged, so that the VLAN members do not receive frames coming from another VLAN.

•VLAN ID is assigned using an internal algorithm. The switch allocates the largest free VLAN ID that is smaller than 4095 (for example, 4094, 4093, 4092).

•The member port’s PVID is assigned as the VLAN ID.

•A port can only belong to one port-based VLAN.

Static IEEE 802.1Q VLANs

IEEE 802.1Q VLANS have the following characteristics:

•Use filtering to assign packets to VLANs.

•Assume the presence of a single global spanning tree.

•Use an explicit tagging scheme with one-level tagging.

A static IEEE 802.1Q VLAN is more complex than a port-based VLAN, but it is also more flexible. You can configure ports to be tagged, untagged, or forbidden.

•Tagged Member Port—Ports with tagging enabled put the VID number, priority and other VLAN information into the header of all packets that flow into and out of it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact. The VLAN information in the tag can then be used by other 802.1Q-compliant devices on the network to make packet forwarding decisions. The tagging feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally. Tagged ports can belong to more than one 802.1Q VLAN.

•Untagged Member Port—Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of it. If the packet doesn't have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port will have no 802.1Q VLAN information. Untagging is used to send packets from an 802.1Q- compliant network device to a non-compliant network device and allow VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The receiving port can only forward untagged packets to the VLAN it belongs to.

•Forbidden Port—The forbidden flag designates the port as not being a member of the VLAN and prevents packets tagged with the VLAN’s VID from entering the port.

You can enable or disable the following per port for IEEE 802.1Q VLANs:

•GVRP

•Ingress Checking

GVRP

GVRP (Group VLAN Registration Protocol) must be enabled globally on the switch before individual ports can be enabled.