VLAN Support on Enterasys Switches
Fixed Switch Configuration Guide 9-7
the perspective of the access layer—where users are most commonly located—egress is generally
untagged.
Policy-Based VLANs
Rather than making VLAN membership decisions simply based on port configuration, each
incoming frame can be examined by the classification engine which uses a match-based logic to
assign the frame to a desired VLAN. For example, you could set up a policy which designates all
e-mail traffic between the management officers of a company to a specific VLAN so that this traffic
is restricted to certain portions of the network. With respect to network usage, the administrative
advantages of policy classification would be application provisioning, acceptable use policy, and
distribution layer policy. All of these provisions may involve simultaneous utilization of inter-
switch links by multiple VLANs, requiring particular attention to tagged, forbidden, and
untagged egress settings.
As described above, PVID determines the VLAN to which all untagged frames received on
associated ports will be classified. Policy classification to a VLAN takes precedence over PVID
assignment if:
• policy classification is configured to a VLAN, and
• PVID override has been enabled for a policy profile, and assigned to port(s) associated with
the PVID.
For more information, refer to Chapter 16, Configuring Policy in this manual.
GARP VLAN Registration Protocol (GVRP) Support
The purpose of the GARP (Generic Attribute Registration Protocol) VLAN Registration Protocol
(GVRP) is to dynamically create VLANs across a switched network. GVRP allows GVRP-aware
devices to dynamically establish and update their knowledge of the set of VLANs that currently
have active members.
By default, GVRP is globally enabled but disabled at the port level on all Enterasys devices except
the N-Series. On the N-Series, GVRP is enabled globally and at the port level. To allow GVRP to
dynamically create VLANs, it must be enabled globally and also on each individual port as
described in “Configuring Dynamic VLANs” on page 9-12.
How It Works
When a VLAN is declared, the information is transmitted out GVRP configured ports on the
device in a GARP formatted frame using the GVRP multicast MAC address. A switch that receives
this frame examines the frame and extracts the VLAN IDs. GVRP then dynamically registers
(creates) the VLANs and adds the receiving port to its tagged member list for the extracted VLAN
IDs. The information is then transmitted out the other GVRP configured ports of the device.
Figure 9-3 on page 9-8 shows an example of how VLAN Blue from end station A would be
propagated across a switch network. In this figure, port 1 of Switch 4 is registered as being a
member of VLAN Blue and Switch 4 declares this fact out all its ports (2 and 3) to Switch 1 and
Switch 2. These two switches register this in the port egress lists of the ports (Switch 1, port 1 and
Switch 2, port 1) that received the frames with the information. Switch 2, which is connected to
Switch 3 and Switch 5 declares the same information to those two switches and the port egress list
of each port is updated with the new information, accordingly.