8 example of vlan configuration, 9 configure vlan frame drop rules, 10 configure 802.1q vlan tag – Contemporary Control Systems Compact Managed Switches Software Manual for Web Browser User Manual
Page 26: Example of vlan configuration, Configure vlan frame drop rules, Configure 802.1q vlan tag
TD020851-0MG
26
4.4.4.8 Example of VLAN Configuration
See Figure 20 where only the first three Groups have been defined as follows
:
•
Group 1 consists of ports 2, 3, 4 and the “Management Port”.
•
Group 2 consists of ports 4, 7 and 8 (“Management Port” omitted).
•
Group 3 consists of ports 1, 6, 7 and the “Management Port”.
For the Groups listed above (and assuming VLANs are enabled), note the following
:
Groups 1 and 3 include the “Management Port” — therefore, ports 1, 2, 3, 4, 6 and 7 will
have full management functionality when their Groups are “Enabled”.
Group 3, however, will not currently function because it is “Disabled”. Also, because
ports 1 and 6 are included
only in Group 3, these two ports cannot communicate
whatsoever as long as their Group is “Disabled”.
Group 2 is “Enabled”, but it does not include the “Management Port” — so ports 4, 7
and 8 seem to have no access to management functions. However, port 4 is an
overlapping port and still has management due to its membership in Group 1. Port 8
will be
unmanaged as long as it is defined only in a VLAN that excludes the
“Management Port” — even if that VLAN is enabled.
NOTE: If Group 2 were disabled,
its members could be managed.
Finally, port 5 is not in any VLAN so it
cannot communicate unless VLANs are disabled.
4.4.4.9 Configure VLAN Frame Drop Rules
Our managed switches support the ability to drop non-802.1Q frames (frames without
VLAN tags) on a port-by-port basis. This is a useful feature for core switches because
untagged frames could be received due to the improper configuration of an edge switch.
This can
add extra security because a correct VID value does not guarantee a frame will
travel through the switch —
the ingress port must also belong to the defined group to
pass the frame through the switch. When
Drop VID Violation Frame is Enabled (for
only the selected ports), this is what happens: When a frame arrives at the switch, its
VID tag is examined to confirm that the port through which the frame enters is part of the
group using this tag. If the port does not belong to the group, the frame will be dropped.
For an 8-port unit, the Drop Rule settings are shown in Figure 22, second panel. For
models with more ports, they are displayed as atop Figure 23.
4.4.4.10 Configure 802.1Q VLAN Tag
For frames from a non-VLAN device to function in a VLAN, the default VID tag of the
ingress port through which they pass
must match the VID of the group to which the
frames are destined. (The VLAN group must also be enabled.)
For an 8-port unit, Default Tags can be set as shown in Figure 22, third panel. For
models with more ports, Default Tags are shown in the second panel of Figure 23.