D-Link DES-3250TG Standalone Layer 2 Switch
unaware device, the packet should be untagged. If the transmitting port is connected to a tag-aware device, the packet should
be tagged.
Tagging and Untagging
Every port on an 802.1Q compliant switch can be configured as
tagging
or
untagging.
Ports with tagging enabled will put the VID number, priority and other VLAN information into the header of all packets that
flow into and out of it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN
information intact. The VLAN information in the tag can then be used by other 802.1Q compliant devices on the network to
make packet forwarding decisions.
Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of those ports. If the packet
doesn’t have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an
untagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used internally within the switch).
Untagging is used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
Ingress Checking
A port on a switch where packets are flowing into the switch and VLAN decisions must be made is referred to as an
ingress
port
. If ingress filtering is enabled for a port, the switch will examine the VLAN information in the packet header (if present)
and decide whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a member of the
tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a member of the 802.1Q VLAN, the switch then
determines if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is
a member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the port
is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as the
ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port
transmits it on its attached network segment.
This process is referred to as
ingress filtering
and is used to conserve bandwidth within the switch by dropping packets that are
not on the same VLAN as the ingress port at the point of reception
.
This eliminates the subsequent processing of packets that
will just be dropped by the destination port.
The “Default” VLAN
The switch initially configures one VLAN, VID = 1, called the “default” VLAN. The factory default setting assigns all ports
on the switch to the “default” VLAN.
Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an
external router.
If no VLANs are configured on the switch, then all packets will be forwarded to any destination port. Packets with unknown
destination addresses will be flooded to all ports. Broadcast and multicast packets will also be flooded to all ports.
The
802.1Q Port Settings
window, shown below, allows you to determine whether the switch will share its VLAN
configuration information with other
GVRP
(GARP VLAN Registration Protocol)-enabled switches. In addition,
Ingress
Checking
can be used to limit traffic by filtering incoming packets whose
PVID
does not match the
PVID
of the port.
To view the
802.1Q Port Settings
window, open the
Configuration
menu, click on
VLAN
, and then click the
Port VLAN ID
(PVID)
.
61