ADVANCED TOPICS
addresses or IP subnets. VLANs inherently provide a high level of network security, since traffic must pass through a Layer 3 switch or a router to reach a different VLAN.
This switch supports the following VLAN features:
•Up to 256 VLANs based on the IEEE 802.1Q standard
•Distributed VLAN learning across multiple switches using explicit or implicit tagging
•Port overlapping, allowing a port to participate in multiple VLANs
•End stations can belong to multiple VLANs
•Passing traffic between VLAN-aware and VLAN-unaware devices
•Priority tagging
•Port trunking with VLANs
Assigning Ports to VLANs
Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) it will participate in. (By default all ports are assigned to VLAN 1 as untagged ports.) Add a port as a tagged port (that is, a port attached to a VLAN-aware device) if you want it to carry traffic for one or more VLANs and the device at the other end of the link also supports VLANs. Then assign the port at the other end of the link to the same VLAN(s). However, if you want a port on this switch to participate in one or more VLANs, but the device at the other end of the link does not support VLANs, then you must add this port as an untagged port (that is, a port attached to a VLAN-unaware device).
Port-based VLANs are tied to specific ports. The switch’s forwarding decision is based on the destination MAC address and its associated port. Therefore, to make valid forwarding and flooding decisions, the switch learns the relationship of the MAC address to its related port—and thus to the VLAN—at run-time. When the switch receives a frame, it assigns the
