beautypg.com

Enabling or disabling ingress filtering – Allied Telesis AT-S39 User Manual

Page 149

background image

AT-S39 User’s Guide

149

Enabling or Disabling Ingress Filtering

There are certain rules that a switch follows as it receives and forwards
an Ethernet frame. There are rules for frames as they enter a port (called
ingress rules) and rules for when a frame is transmitted out a port (called
egress rules). A switch will not accept and forward a frame unless the
frame passes the ingress and egress rules.

There are quite a few ingress and egress rules for Fast Ethernet switches.
Fortunately, this discussion need only review the rules as they apply to
tagged frames, because ingress filtering does not apply to untagged
frames, nor to any frames, tagged or untagged, when the switch is
operating in the Basic Mode.

First, just as a reminder, a tagged frame is an Ethernet frame that
contains a tagged header. The header contains the VID of the VLAN to
which the frame originated. For further information, refer to User-
Configured VLAN Mode Overview
on page 121.

Let’s first examine how the ingress rules are applied to tagged frames
when ingress filtering is enabled. What the switch does is it examines the
tagged header of each tagged frame that enters a port and determines
whether the tagged frame and the port that received the frame are
members of the same VLAN. If they belong to the same VLAN, the port
accepts the frame. If they belong to different VLANs, the port discards
the frame.

Here is an example. Assume that a tagged frame with a VID of 4 is
received on a tagged port that is a member of a VLAN also with a VID of
4. In this case, the port accepts the frame, because both the frame and
the port belong to the same VLAN. If the frame and port had belonged
to different VLANs, the frame is discarded.

So how do the ingress rules apply when ingress filtering is disabled?
First, any tagged frame is accepted on any port on the switch. It does not
matter whether the frame and the port belong to the same or different
VLANs.

Once the tagged frame is received, the switch examines the tagged
header and determines if the VID in the header corresponds to any
VLANs on the switch. If there isn’t a corresponding VLAN, the switch
discards the frame. If there is, the switch transmits the frame out the port
to the destination node, assuming that the destination node’s MAC
address is in the MAC address table, or floods the port to all ports on the
VLAN if the MAC address is not in the table.