beautypg.com

Summary of vlan tagging rules, Protected vlans, Vlan interaction with stps and trunk groups – Allied Telesis AT-8700XL Series Switch User Manual

Page 67

background image

Switching

67

Software Release 2.6.1
C613-02030-00 REV B

can be enabled for a specified time, disabled, and displayed using the
commands:

ENABLE VLAN={vlan-name|1..255|ALL} DEBUG={PKT|ALL}

[OUTPUT=CONSOLE] [TIMEOUT={1..4000000000|NONE}]

DISABLE VLAN={vlan-name|1..255|ALL} DEBUG={PKT|ALL}

SHOW VLAN DEBUG

To view packet reception and transmission counters for a VLAN, use the
command (see the Interfaces chapter of the switch’s Software Reference):

SHOW INTERFACE=VLANn COUNTER

Summary of VLAN tagging rules

When designing a VLAN and adding ports to VLANs, the following rules
apply.

1.

Each port, except for the mirror port, must belong to at least one static
VLAN. By default, a port is an untagged member of the default VLAN.

2.

A port can be untagged for zero or one VLAN. A port that is untagged for
a VLAN transmits frames destined for that VLAN without a VLAN tag in
the Ethernet frame.

3.

A port can be tagged for zero or more VLANs. A port that is tagged for a
VLAN transmits frames destined for that VLAN with a VLAN tag,
including the numerical VLAN Identifier of the VLAN.

4.

A port cannot be untagged and tagged for the same VLAN.

5.

The mirror port, if there is one, is not a member of any VLAN.

Protected VLANs

If a VLAN is Protected, Layer 2 traffic between ports that are members of a
Protected VLAN is blocked. Traffic can be Layer 3 switched to another VLAN.
This feature prevents members of a Protected VLAN from communicating with
each other yet still allows members to access another network. Layer 3 Routing
between Ports in a Protected VLAN can be prevented by adding a Layer 3
filter. The Protected VLAN feature also allows all of the members of the
Protected VLAN to be in the same subnet.

A typical application is a hotel installation where each room has a port that can
be used to access the Internet. In this situation it is undesirable to allow
communication between rooms.

To create a Protected VLAN, use the command:

CREATE VLAN=vlan-name VID=2..255 [PROTECTED]

VLAN Interaction with STPs and Trunk Groups

VLANs may have ports in more than one STP, when the ports belong to
multiple VLANs. VLANs can belong to multiple STPs.

All the ports in a trunk group must have the same VLAN configuration: they
must belong to the same VLANs and have the same tagging status, and can
only be operated on as a group.

See also other documents in the category Allied Telesis Computer hardware: