beautypg.com

9 configure non-802.1q frame drop rules, On 4.2.1.5.9) – Contemporary Control Systems Compact Managed Switches Software Manual for Console Access User Manual

Page 23

background image

TD020850-0MG

23

4.3.5.9 Configure Non-802.1Q Frame Drop Rules

The managed switch supports the ability to drop non-802.1Q frames (frames without

VLAN tags). As the 16-port display of Figure 15 illustrates, the switch can drop all

non-802.1Q frames on a port-by-port basis. This is a useful feature for core switches.
When

Drop VID Violation Frame is Enabled, each frame’s VID tag will be examined to

assure that the ingress port that will pass the frame belongs to the group using this tag.

If it does not, the frame will be dropped. This feature can add extra security because a

correct VID value does not guarantee a frame’s travel through the switch. The ingress

port must also belong to the defined group to pass the frame through the switch.

Figure 15 — Configure Non-802.1Q Frame Drop Rules

Port VLAN can be used in two different ways. In a network of devices that do not

support 802.1Q, the switch can add appropriate tags to incoming messages. This will

isolate the network since communication will be limited to devices in the same group or

groups using the same VID. In this mode it is advisable to remove the VLAN tags on all

outgoing (egress) messages (see Figure 13). However, by leaving the VLAN tags in the

outgoing messages one can allow non-802.1Q devices to participate in a 802.1Q VLAN

network. This second method would make the switch act as a VLAN translator for non-

VLAN compliant devices .
If the network is 802.1Q compliant, one must consider whether the unit is acting as a

core switch (in the middle of a VLAN) or as an edge switch (connected to non-VLAN

aware devices). If the unit is acting as a core switch, the VLAN tags should not be

filtered from the message. If the unit is performing as an edge switch, it should remove

the VLAN tags from those ports that connect to non-VLAN aware devices. It is possible

for the unit to act as both a core switch and as a edge switch on a port-by-port basis.

This manual is related to the following products:
See also other documents in the category Contemporary Control Systems Hardware: