D-Link DES-3226SM Product Manual - Page 36

Ingress Filtering, Asymmetric VLANs

Get D-Link DES-3226SM - 1000Mbps Ethernet Switch PDF manuals and user guides
UPC - 790069247118
View all D-Link DES-3226SM manuals
Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

DES-3226S Layer 2 Fast Ethernet Switch User's Guide Ingress Filtering A port on a Switch where packets are flowing into the Switch and VLAN decisions must be made is referred to as an ingress port. If ingress filtering is enabled for a port, the Switch will examine the VLAN information in the packet header (if present) and decide whether or not to forward the packet. If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a member of the tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a member of the 802.1Q VLAN, the Switch then determines if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment. If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the port is a tagging port). The Switch then determines if the destination port is a member of the same VLAN (has the same VID) as the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port transmits it on its attached network segment. This process is referred to as ingress filtering and is used to conserve bandwidth within the Switch by dropping packets that are not on the same VLAN as the ingress port at the point of reception. This eliminates the subsequent processing of packets that will just be dropped by the destination port. Asymmetric VLANs The DES-3226S supports Asymmetric VLANs implementation for more efficient use of shared resources such as server or gateway devices. An asymmetric VLAN can be set up to allow a server (or several servers) to communicate with several clients through a single physical link on the Switch. At the same time however, the clients are not allowed to link to each other directly. For example, asymmetric VLANs can be set up so that the network email server can be accessed by all email clients. All email clients can send and receive data packets through the port connected to the email server, but they are not allowed to send and receive data to the remaining ports. The email server can freely associate with all ports, that is, all clients connected to the Switch. The key difference between conventional 802.1q VLAN implementation or symmetric VLANs, and asymmetric VLANs is in how address mapping is handled. Symmetric VLANs use separate address tables so there is no address sharing between VLANs. Asymmetric VLANs can use a single, shared address table. Address sharing however takes place in only one direction. In the example above, the VLAN created for the port connected to the email server has the entire address table at its disposal so that any address can be mapped to its port (PVID). 33

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
DES-3226S Layer 2 Fast Ethernet Switch User’s Guide
33
Ingress Filtering
A port on a Switch where packets are flowing into the Switch and VLAN decisions must be made is referred to as an
ingress
port
.
If ingress filtering is enabled for a port, the Switch will examine the VLAN information in the packet header (if present)
and decide whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a member of the
tagged VLAN.
If it is not, the packet will be dropped.
If the ingress port is a member of the 802.1Q VLAN, the Switch then
determines if the destination port is a member of the 802.1Q VLAN.
If it is not, the packet is dropped.
If the destination port
is a member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network
segment.
If the packet
is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the port
is a tagging port).
The Switch then determines if the destination port is a member of the same VLAN (has the same VID) as
the ingress port.
If it does not, the packet is dropped.
If it has the same VID, the packet is forwarded and the destination port
transmits it on its attached network segment.
This process is referred to as
ingress filtering
and is used to conserve bandwidth within the Switch by dropping packets that are
not on the same VLAN as the ingress port at the point of reception
.
This eliminates the subsequent processing of packets that
will just be dropped by the destination port.
Asymmetric VLANs
The DES-3226S supports Asymmetric VLANs implementation for more efficient use of shared resources such as server or
gateway devices. An asymmetric VLAN can be set up to allow a server (or several servers) to communicate with several
clients through a single physical link on the Switch. At the same time however, the clients are not allowed to link to each other
directly. For example, asymmetric VLANs can be set up so that the network email server can be accessed by all email clients.
All email clients can send and receive data packets through the port connected to the email server, but they are not allowed to
send and receive data to the remaining ports. The email server can freely associate with all ports, that is, all clients connected
to the Switch.
The key difference between conventional 802.1q VLAN implementation or symmetric VLANs, and asymmetric VLANs is in
how address mapping is handled.
Symmetric VLANs use separate address tables so there is no address sharing between
VLANs. Asymmetric VLANs can use a single, shared address table. Address sharing however takes place in only one
direction. In the example above, the VLAN created for the port connected to the email server has the entire address table at its
disposal so that any address can be mapped to its port (PVID).