Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Virtual LANs
© 2008 Foundry Networks, Inc.
Page 5 of 73
Figure 1: Example of a Port-Based VLAN on the Switch
Members of different VLAN groups can communicate only through routing. In other words, users
from different departments cannot communicate on Layer 2.
Aggregating VLANs
Tagging is a process that inserts a marker (called a tag) into the Ethernet frame. The tag contains
the identification number of a specific VLAN, called the VLAN ID.
NOTE
The use of 802.1Q tagged packets enlarges the packet beyond the current IEEE
802.3/Ethernet maximum of 1,518 bytes. This may affect packet error counters in
other devices, and may also lead to connectivity problems if non-802.1Q bridges or
routers are placed in the path.
Each packet should be assigned an 802.1Q VLAN tag. The device ports can be added to a VLAN
as 802.1Q-tagged or untagged member. By default all ports are members of VLAN 1 (referred to
as “
default VLAN”
) and are untagged members of this VLAN.
A VLAN may be tagged on some ports and untagged on others. As traffic from a port is forwarded
out of the device, the device determines (in real time) if each destination port should use tagged or
untagged packet formats for that VLAN according to the VLAN configuration. The device adds
and strips tags as required by the port configuration for that VLAN.
A port can be a member of zero, one, or more VLANs and it can be a tagged or untagged member
of any of them. The general rule of thumb is to define as tagged (in the VLANs of interest) the
ports that are connected to other 802.1q devices and to configure the access ports as untagged in a
given VLAN. Additionally, the default VLAN of the access ports should be set accordingly.
If a port is configured as a tagged member of a specific VLAN then the traffic on this VLAN will
leave the port as tagged. If a port is configured as an untagged member of a VLAN all the egress
traffic on this port and VLAN will be untagged.