VLAN Configuration
87
Instruction Manual - NXA-ENET8-POE+
VLAN Configuration
This chapter includes the following topics:
IEEE 802.1Q VLANs
- Configures static and dynamic VLANs.
Protocol VLANs*
- Configures VLAN groups based on specified protocols.
MAC-based VLANs*
- Maps untagged ingress frames to a specified VLAN if the source MAC address is found in the IP MAC
address-to-VLAN mapping table.
* - If a packet matches the rules defined by more than one of these functions, only one of them is applied, with the precedence
being MAC-based, protocol-based, and then native port-based.
IEEE 802.1Q VLANs
In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar
service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine
broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure
and cleaner network environment.
An IEEE 802.1Q VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to
the same physical segment.
VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical
connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as
e-mail), or multicast groups (used for multimedia applications such as video conferencing).
VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to
update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a
configured Layer 3 link to reach a different VLAN.
This switch supports the following VLAN features:
Up to 4094 VLANs based on the IEEE 802.1Q standard
Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol
Port overlapping, allowing a port to participate in multiple VLANs
End stations can belong to multiple VLANs
Passing traffic between VLAN-aware and VLAN-unaware devices
Priority tagging
Assigning Ports to VLANs
Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all
ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs,
and any intermediate network devices or the host at the other end of the connection supports VLANs. Then assign ports on the
other VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s), either manually or dynamically
using GVRP. However, if you want a port on this switch to participate in one or more VLANs, but none of the intermediate network
devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged
port.
NOTE:
VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags
should be stripped off before passing it on to any end-node host that does not support VLAN tagging.
VLAN Classification
- When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the
switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the
switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.
Port Overlapping
- Port overlapping can be used to allow access to commonly shared network resources among different VLAN
groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you
can connect them by enabled routing on this switch.
FIG. 88
VLAN Compliant and VLAN Non-compliant Devices