Layer 2 control protocols on vlans – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

170

Multi-Service IronWare Switching Configuration Guide

53-1003036-02

VLAN configuration rules

7

If you leave a tagged port in dual-mode as an untagged member of the default VLAN, then any
untagged broadcast, multicast, and unknown unicast frames received on that port will be flooded
out on all other ports in the default VLAN. This is expected behavior. The no dual-mode-default-vlan
command has been provided to change this behavior, but this command can only be added if no
ports are in dual-mode. If you already have tagged ports and if you do not want them to forward
untagged frames, you should remove them from the untagged ports of the default VLAN as shown
in this example.

Brocade(config)#vlan 2

Brocade(config-vlan-2)#tagged e 1/1 to 1/8

Brocade(config-vlan-2)#vlan 1

Brocade(config-vlan-1)#no untagged e 1/1 to 1/8

After you add a port to a VLAN as a tagged member, you should then make it strictly tagged by
removing it from the default VLAN as an untagged member.

NOTE

If the device already has tagged ports, Brocade strongly recommends that you disable dual-mode
for tagged ports by removing all the tagged ports from the set of untagged ports in the default VLAN.
Unless the device already has "no dual-mode-default-vlan" configured, or if you intend to use the
default VLAN for Layer2 switching of traffic, or if Layer2 switching in the default VLAN is explicitly
required for other functions, or if you have your tagged ports configured for dual-mode with untagged
traffic from a non-default VLAN.

Layer 2 control protocols on VLANs

Layer 2 protocols such as STP, RSTP, ERP, Foundry MRP, and VSRP can be enabled on a port-based
VLAN.

The Layer 2 state associated with a VLAN and port is determined by the Layer 2 control protocol.
Layer 2 broadcasts associated with the VLAN will not be forwarded on this port if the Layer 2 state
is not FORWARDING.

It is possible that the control protocol, for example STP, will block one or more ports in a
protocol-based VLAN that uses a virtual routing interface to route to other VLANs. For IP protocol
and IP subnet VLANs, even though some of the physical ports of the virtual routing interface are
blocked, the virtual routing interface can still route as long as at least one port in the virtual routing
interface’s protocol-based VLAN is not blocked by STP.

You can also enable Single STP (SSTP) on the device; however, the ports in all VLANs on which SSTP
is enabled become members of a single spanning tree. The ports in VLANs on which SSTP is
disabled are excluded from the single spanning tree. A VLAN can also be selectively added or
removed from the single spanning tree domain.

Virtual interfaces and CPU protection co-existence on VLANs

CPU protection can be configured on VLANs regardless of whether there are virtual-interfaces
configured on them (Previously, CPU protection was only configurable if a virtual-interface was not
configured on the VLAN).

There is a difference in the behavior of CPU protection in each of the following situations: