Tagging and untagging, Ingress filtering, Vlans in layer 2 only mode – D-Link DES-3326 User Manual
Page 40
DES-3326 Layer 3 Fast Ethernet Switch User’s Guide
not? If the transmitting port is connected to a tag-unaware device, the packet should be untagged. If
the transmitting port is connected to a tag-aware device, the packet should be tagged.
Tagging and Untagging
Every port on an 802.1Q compliant switch can be configured as tagging or untagging.
Ports with tagging enabled will put the VID number, priority and other VLAN information into the
header of all packets that flow into and out of it. If a packet has previously been tagged, the port will
not alter the packet, thus keeping the VLAN information intact. The VLAN information in the tag can
then be used by other 802.1Q compliant devices on the network to make packet forwarding decisions.
Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of those
ports. If the packet doesn’t have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all
packets received by and forwarded by an untagging port will have no 802.1Q VLAN information.
(Remember that the PVID is only used internally within the switch). Untagging is used to send packets
from an 802.1Q-compliant network device to a non-compliant network device.
Ingress Filtering
A port on a switch where packets are flowing into the switch and VLAN decisions must be made is
referred to as an ingress port. If ingress filtering is enabled for a port, the switch will examine the VLAN
information in the packet header (if present) and decide whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port
itself is a member of the tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a
member of the 802.1Q VLAN, the switch then determines if the destination port is a member of the
802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a member of the 802.1Q
VLAN, the packet is forwarded and the destination port transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID
as a VID (if the port is a tagging port). The switch then determines if the destination port is a member of
the same VLAN (has the same VID) as the ingress port. If it does not, the packet is dropped. If it has the
same VID, the packet is forwarded and the destination port transmits it on its attached network
segment.
This process is referred to as ingress filtering and is used to conserve bandwidth within the switch by
dropping packets that are not on the same VLAN as the ingress port at the point of reception. This
eliminates the subsequent processing of packets that will just be dropped by the destination port.
VLANs in Layer 2 Only Mode
The switch initially configures one VLAN, VID = 1, called the DEFAULT_VLAN. The factory default
setting assigns all ports on the switch to the DEFAULT_VLAN.
Packets cannot cross VLANs if the switch is in Layer 2 Only mode. If a member of one VLAN wants to
connect to another VLAN, the link must be through an external router.
When the switch is in Layer 2 Only mode, 802.1Q VLANs are supported.
If no VLANs are configured on the switch and the switch is in Layer 2 Only mode, then all packets will
be forwarded to any destination port. Packets with unknown source addresses will be flooded to all
ports. Broadcast and multicast packets will also be flooded to all ports.
A VLAN that does not have a corresponding IP interface defined for it, will function as a Layer 2 Only
VLAN – regardless of the Switch Operation mode.
40