VLAN Management
VLANs
Cisco Small Business 300 Series Managed Switch Administration Guide 108
11
VLANs address security and scalability issues. Traffic from a VLAN stays within
the VLAN, and terminates at devices in the VLAN. It also eases network
configuration by logically connecting devices without physically relocating those
devices.
If a frame is VLAN-tagged, a four-byte VLAN tag is added to each Ethernet frame,
increasing the maximum frame size from 1518 to 1522. The tag contains a VLAN
ID between 1 and 4094, and a VLAN Priority Tag (VPT) between 0 and 7. See QoS
Modes for details about VPT.
When a frame enters a VLAN-aware device, it is classified as belonging to a VLAN,
based on the four-byte VLAN tag in the frame.
If there is no VLAN tag in the frame or the frame is priority-tagged only, the frame is
classified to the VLAN based on the PVID (Port VLAN Identifier) configured at the
ingress port where the frame is received.
The frame is discarded at the ingress port if Ingress Filtering is enabled and the
ingress port is not a member of the VLAN to which the packet belongs. A frame is
regarded as priority-tagged only if the VID in its VLAN tag is 0.
Frames belonging to a VLAN remain within the VLAN. This is achieved by sending
or forwarding a frame only to egress ports that are members of the target VLAN.
An egress port may be a tagged or untagged member of a VLAN.
The egress port:
• Adds a VLAN tag to the frame if the egress port is a tagged member of the
target VLAN, and the original frame does not have a VLAN tag.
• Removes the VLAN tag from the frame if the egress port is an untagged
member of the target VLAN, and the original frame has a VLAN tag.
VLAN Roles
VLANs function at Layer 2. All VLAN traffic (Unicast/Broadcast/Multicast) remains
within that VLAN. Devices attached to different VLANs do not have direct
connectivity to each other over the Ethernet MAC layer. Devices from different
VLANs can communicate with each other only through Layer 3 routers. An IP
router, for example, is required to route IP traffic between VLANs if each VLAN
represents an IP subnet.
The IP router might be a traditional router, where each of its interfaces connects to
only one VLAN. Traffic to and from a traditional IP router must be VLAN untagged.
The IP router can be a VLAN-aware router, where each of its interfaces can
connect to one or more VLANs. Traffic to and from a VLAN-aware IP router can be
VLAN tagged or untagged.
To Next Page
Loading...
