Allied Telesis AT-S63 User Manual
Page 311

AT-S63 Management Software Features Guide
Section VI: Virtual LANs
311
The community characteristic of egress ports relieves you from having to 
map each address to its corresponding egress port. You only need to be 
sure that all the egress ports in a MAC address-based VLAN are assigned 
to at least one address.
It is also important to note that a MAC address must be assigned at least 
one egress port to be considered a member of a MAC address-based 
VLAN. VLAN membership of packets from a source MAC address not 
assigned any egress ports is determined by the PVID of the port where the 
packets are received.
Because egress ports are considered as a community within a VLAN, you 
can simplify the mappings by assigning all of the egress ports to just one 
MAC address and, for the rest of the addresses, assigning just one port. 
This will make it easier to add or delete MAC addresses or egress ports 
from a VLAN. Here is how the example might look.
A switch can support more than one MAC-address VLAN at a time and a 
port can be an egress member of more than one VLAN. While this can 
prove useful in some situations, it can also result in VLAN leakage where 
the traffic of one VLAN crosses the boundary into other VLANs.
The problem arises in the case of unknown unicast traffic. If the switch 
receives a packet from a member of a MAC address-based VLAN with an 
unknown destination address, it floods the packet on all egress ports of the 
VLAN. If the VLAN contains a port that is also serving as an egress port of 
another VLAN, the node connected to the port receives the flooded 
packets, even if it does not belong to the same VLAN as the node that 
generated the packet.
Here’s an example. Assume that Port 4 on a switch has been designated 
an egress port of three MAC address-based VLANs. Any unknown unicast 
traffic that the switch receives that belongs to any of the VLANs will be 
flooded out Port 4, even if there are no active members of that particular 
VLAN on the port. This means that whatever device is connected to the 
port receives the flooded traffic of all three VLANs.
Table 90. Revised Example of Mappings of MAC Addresses to Egress Ports
MAC Address
End Node
Egress Port
00:30:84:54:1A:45
Workstation 1 (Port 1)
1-6
00:30:84:C3:5A:11
Workstation 2 (Port 2)
1
00:30:84:22:67:17
Workstation 3 (Port 3)
1
00:30:84:78:75:1C
Workstation 4 (Port 4)
1
00:30:79:7A:11:10
Server (Port 5)
1
00:30:42:53:10:3A
Printer (Port 6)
1
