13
Application example
With the switches SW 1 (137.92.254.10) and SW2 (.11) interconnected (see figure 12), traffic between the
switches should include all packets that have any business on the other switch; this includes the management
packets coming from elsewhere in the network.
Three VLANs (v1, with VLAN ID 1, v5, with VLAN ID 5, and the management VLAN, with ID 10) are
indicated; the other ports belong to other VLANs, either local to the switches or extending over other switches.
At least one port connected to the network must be a member of VLAN 10.
The four PCs (101, 102, 203, 204) connected to the VLAN 1 ports are transmitting and receiving untagged
packets. With VLANs enabled, the ports would be configured as follows:
SW1, ports 1, 2; SW2, ports 3, 4:
-
port ingress: tag with VLAN ID 1, priority 0-7
-
port egress: untag the VLAN packets going to the device
(for computers connected to SW1, ports 5,6 and SW2, ports 7, 8: similarly use VLAN ID 5)
Both switches, ports 9:
-
ingress: Q-frames must be left as they are, non-Q-frames are to be blocked
-
egress: here, both ports are member of all three VLANs indicated, so at least the packets tagged with
any of the VIDs (1, 5, 10) indicated are transmitted
SW2, port 10:
If any of the VLANs indicated span more than these two switches, at least the packets belonging to those
VLANs are to be sent out; in the drawing, this port is a member of all VLANs indicated. In any case,
management (VLAN 10) packets must be allowed to travel over the whole network, to allow switch management
from anywhere.
Internet
Router
untagged frames
SW 1
IP : 137.92.254.11
PC
101
PC
102
4
6
8
2
5
1
9
10
3
7
4
6
8
2
5
1
9
10
3
7
SW 2
v1
v5
v1
v5
Ports 9, 10 are members of
VLAN v1, v5, v10
vid 1, 5, 10
tagged frames
vid 1, 5, 10
tagged frames
PC
204
PC
203
Ports 9, 10 are members of
VLAN v1, v5, v10
untagged frames
IP : 137.92.254.10
Figure 12. 2800 SW switches with two VLANs
