Virtual LANs (VLAN) | 625
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the default VLAN,
you must create another VLAN and place the interface into that VLAN. Alternatively, use the
no switchport
command, and FTOS removes the interface from the default VLAN.
A tagged interface requires an additional step to remove it from Layer 2 mode. Because tagged interfaces
can belong to multiple VLANs, you must remove the tagged interface from all VLANs using the
no tagged
interface
command. Only after the interface is untagged to the default vlan can you use the no switchport
command to remove the interface from Layer 2 mode. For more information, refer to VLANs and Port
Tagging.
Port-Based VLANs
Port-based VLANs are a broadcast domain defined by different ports or interfaces. In FTOS, a port-based
VLAN can contain interfaces from different stack units within the chassis. FTOS supports 4094 port-based
VLANs.
Port-based VLANs offer increased security for traffic, conserve bandwidth, and allow switch
segmentation. Interfaces in different VLANs do not communicate with each other, adding some security to
the traffic on those interfaces. Different VLANs can communicate between each other by means of IP
routing. Because traffic is only broadcast or flooded to the interfaces within a VLAN, the VLAN conserves
bandwidth. Finally, you can have multiple VLANs configured on one switch, thus segmenting the device.
Interfaces within a port-based VLAN must be in Layer 2 mode and can be tagged or untagged in the
VLAN ID.
VLANs and Port Tagging
To add an interface to a VLAN, it must be in Layer 2 mode. After you place an interface in Layer 2 mode,
it is automatically placed in the default VLAN. FTOS supports IEEE 802.1Q tagging at the interface level
to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and
source MAC addresses. That information is preserved as the frame moves through the network.
Figure 37-2 shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header.
Figure 37-2. Tagged Frame Format
Preamble Destination
Address
Source
Address
Tag
Header
Protocol
Type
Data
45 - 1500 octets2 octets4 octets 4 octets6 octets 6 octets
Frame
Check
Sequence
FN00001B
To Next Page
Loading...
