DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual
61
appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets
are forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not
necessarily.
VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific
domains.
A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently
communicate with each other are assigned to the same VLAN, regardless of where they are physically on the
network. Logically, a VLAN can be equated to a broadcast domain, because broadcast packets are forwarded to only
members of the VLAN on which the broadcast was initiated.
Notes About VLANs
No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership, packets
cannot cross VLANs without a network device performing a routing function between the VLANs.
The Switch supports IEEE 802.1Q VLANs and Port-Based VLANs. The port untagging function can be used to
remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tag-unaware.
The Switch's default is to assign all ports to a single 802.1Q VLAN named "default." The "default" VLAN has a VID =
1. The member ports of Port-based VLANs may overlap, if desired.
IEEE 802.1Q VLANs
Some relevant terms:
Tagging
– The act of putting 802.1Q VLAN information into the header of a packet.
Untagging
– The act of stripping 802.1Q VLAN information out of the packet header.
Ingress port
– A port on a switch where packets are flowing into the Switch and VLAN decisions must be
made.
Egress port
– A port on a switch where packets are flowing out of the Switch, either to another switch or to an
end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the Switch. 802.1Q VLANs require tagging, which enables them to
span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant). VLANs allow a network to
be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will only be forwarded to
the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes broadcast,
multicast and unicast packets from unknown sources.
VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver packets between
stations that are members of the VLAN.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs allows
VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows
VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to
be enabled on all ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving port is a
member.