xStack® DGS-3620 Series Managed Switch Web UI Reference Guide
65
If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact.
Other 802.1Q compliant devices on the network to make packet-forwarding decisions can then use the VLAN
information in the tag.
Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of those ports. If the
packet doesn’t have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and
forwarded by an untagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used
internally within the Switch). Untagging is used to send packets from an 802.1Q-compliant network device to a non-
compliant network device.
A port on a switch where packets are flowing into the Switch and VLAN decisions must be made is referred to as
an ingress port. If ingress filtering is enabled for a port, the Switch will examine the VLAN information in the packet
header (if present) and decide whether or not to forward the packet.
Ingress Filtering
If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a
member of the VLAN. If it is not, the packet will be dropped. If the ingress port is a member of the 802.1Q VLAN,
the Switch then determines if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is
dropped. If the destination port is a member of the 802.1Q VLAN, the packet is forwarded and the destination port
transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID.
The switch then determines if the destination port is a member of the same VLAN (has the same VID) as the
ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the
destination port transmits it on its attached network segment.
This process is referred to as ingress filtering and is used to conserve bandwidth within the Switch by dropping
packets that are not on the same VLAN as the ingress port at the point of reception. This eliminates the
subsequent processing of packets that will just be dropped by the destination port.
The Switch initially configures one VLAN, VID = 1, called “default.” The factory default setting assigns all ports on
the Switch to the “default.” As new VLANs are configured in Port-based mode, their respective member ports are
removed from the “default.”
Default VLANs
Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be
through an external router.
NOTE:
If no VLANs are configured on the Switch, then all packets will be forwarded to any destination
port. Packets with unknown source addresses will be flooded to all ports. Broadcast and
multicast packets will also be flooded to all ports.
An example is presented below:
VLAN Name
VID
Switch Ports
System (default)
1
5, 6, 7
Engineering
2
9, 10
Sales
5
1, 2, 3, 4
Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are
members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or
an entire department.
Port-based VLANs
Summary of Contents for DGS-3620-28PC-SI
Page 1: ......