beautypg.com

Layer 2 filtering, Ingress filtering – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 353

background image

Switching Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

14.11

Layer 2 Filtering

The switch has a forwarding database (also known as the MAC address table) whose
entries determine whether frames are forwarded or discarded over each port. Entries in
the forwarding database are created dynamically by the learning process. A dynamic entry
is automatically deleted from the forwarding database when its ageing timer expires.

The forwarding database supports queries by the forwarding process as to whether
frames with given values of the destination MAC address field should be forwarded to a
given port.

For each VLAN, the destination MAC address of a frame to be forwarded is checked against
the forwarding database. If there is no entry for the destination address and VLAN, the
frame is transmitted on all ports in the VLAN that are in the forwarding state, except the
port on which the frame was received. This process is referred to as flooding. If an entry is
found in the forwarding database but the entry is not marked forwarding or the entry
points to the same port the frame was received on, the frame is discarded. Otherwise, the
frame is transmitted on the port specified by the forwarding database.

Ingress Filtering

The ingress-filter parameter of the

switchport mode trunk command on page 17.21

and

the

switchport mode access command on page 17.15

, enables or disables ingress

filtering of frames entering the specified port (or port range). Each port on the switch
belongs to one or more VLANs. If ingress filtering is enabled, any frame received on the
specified port is only admitted if its VID matches one for which the port is tagged. Any
frame received on the port is discarded if its VID does not match one for which the port is
tagged.

Untagged frames are admitted and are assigned the VLAN Identifier (VID) of the port’s
native VLAN. Ingress filtering can be turned off by setting the disable parameter of the
above two commands. The default setting of the enable / disable parameter option is
enable.

Note

Enabling the vlan-disable parameter of the

thrash-limiting command on

page 15.49

will also enable ingress filtering, and will override the setting of the

switchport mode access, and trunk commands

See also other documents in the category Allied Telesis Computer hardware: