D-Link DES-3624 Product Manual - Page 36

Port-Based VLANs, Data transmissions between 802.1Q-compliant Switches

Get D-Link DES-3624 - Switch - Stackable PDF manuals and user guides
UPC - 790069221736
View all D-Link DES-3624 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

Stackable NWay Ethernet Switch User's Guide Figure 5-5. Data transmissions between 802.1Q-compliant Switches In the above example, step 4 is the key element. Because the packet has 802.1Q VLAN data encoded in its header, the ingress port can make VLAN-based decisions about its delivery: whether server #2 is attached to a port that is a member of VLAN 2 and, thus, should the packet be delivered; the queuing priority to give to the packet, etc. It can also perform these functions for VLAN 1 packets as well, and, in fact, for any tagged packet it receives regardless of the VLAN number. If the ingress port in step 4 were connected to a non-802.1Q-compliant device and was thus receiving untagged packets, it would tag its own PVID onto the packet and use this information to make forwarding decisions. As a result, the packets coming from the non-compliant device would automatically be placed on the ingress ports VLAN and could only communicate with other ports that are members of this VLAN. Port-Based VLANs Port-based VLANs are a simplified version of the 802.1Q VLANs described in the previous section. In portbased VLANs, all the 802.1Q settings are pre-configured allowing you to quickly and easily setup and maintain port-based VLANs on your network. In port-based VLANs, broadcast, multicast and unknown packets will be limited to within the VLAN. Thus, port-based VLANs effectively segment your network into broadcast domains. Furthermore, ports can only belong to a single VLAN. Because port-based VLANs are uncomplicated and fairly rigid in their implementation, they are best used for network administrators who wish to quickly and easily setup VLANs in order to isolate limit the effect of broadcast packets on their network. For the most secure implementation, make sure that end stations are directly connected to the switch. Attaching a hub, switch or other repeater to the port causes all stations attached to the repeater to become members of the Port-based VLAN. 40 Switch Management Concepts

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
Stackable NWay Ethernet Switch User’s Guide
40
Switch Management Concepts
Figure 5-5.
Data transmissions between 802.1Q-compliant Switches
In the above example, step 4 is the key element. Because the packet has 802.1Q VLAN data encoded in its
header, the ingress port can make VLAN-based decisions about its delivery: whether server #2 is attached to
a port that is a member of VLAN 2 and, thus, should the packet be delivered; the queuing priority to give to
the packet, etc. It can also perform these functions for VLAN 1 packets as well, and, in fact, for any tagged
packet it receives
regardless of the VLAN number.
If the ingress port in step 4 were connected to a non-802.1Q-compliant device and was thus receiving
untagged packets, it would tag its own PVID onto the packet and use this information to make forwarding
decisions. As a result, the packets coming from the non-compliant device would automatically be placed on
the ingress ports VLAN and could only communicate with other ports that are members of this VLAN.
Port-Based VLANs
Port-based VLANs are a simplified version of the 802.1Q VLANs described in the previous section. In port-
based VLANs, all the 802.1Q settings are pre-configured allowing you to quickly and easily setup and
maintain port-based VLANs on your network.
In port-based VLANs, broadcast, multicast and unknown packets will be limited to within the VLAN. Thus,
port-based VLANs effectively segment your network into broadcast domains. Furthermore, ports can only
belong to a single VLAN.
Because port-based VLANs are uncomplicated and fairly rigid in their implementation, they are best used for
network administrators who wish to quickly and easily setup VLANs in order to isolate limit the effect of
broadcast packets on their network.
For the most secure implementation, make sure that end stations are directly connected to the switch.
Attaching a hub, switch or other repeater to the port causes all stations attached to the repeater to become
members of the Port-based VLAN.