Received frames are classified into a policy-based VLAN based on certain fields of the frame that matches the associated VLAN policy.
In a policy-based VLAN, a port can be designated as a potential member, a static member, or one not allowed to be a member of the VLAN.
If a port is designated as a potential member of the VLAN, and the incoming traffic matches the policy, the system dynamically adds the port to the active port list of the VLAN, making the port an active member of the VLAN. After the system adds a port to the active list, it can remove the port from the active list due to time-out. Potential member ports that join the VLAN are removed (timed out) from the active port list of the VLAN after the timeout (aging time) period expires.
All members of the Spanning Tree Group associated with a protocol-based VLAN are automatically considered potential members of the VLAN. In addition, all tagged ports (trunk ports) become static ports. If you do not want all the tagged ports to be static members of a protocol-based VLAN, put the port in the disallowed list.
Static port members are always members of the VLAN. Static port members are not aged out due to inactivity and they are not removed from the active list. If a server or router connects to a port, designate that port as a static member of a VLAN. If a server connects to a port that is only a potential member and the server sends very little traffic, a client fails to reach the server if the server port is timed out of the VLAN. As a best practice, make these ports static members of the VLAN.
A disallowed port can never become a member of the VLAN until you add it as a port-member. After you remove a port from the VLAN, the system adds the port to the disallowed list.
On any single spanning-tree instance, an access (untagged) port can belong to one port-based VLAN and many policy-based VLANs. A trunk (tagged) port can belong to many port-based and policy-based VLANs.
The following table describes port membership types for policy-based VLANs.
|
Membership type |
Description |
|---|---|
|
Potential |
Potential members of a VLAN become active members upon receiving data matching the policy defined for the VLAN (a packet tagged with that VLAN, or an untagged packet matching the policy). |
|
Static (always a member) |
Static members are always active members of the VLAN after you configure them as belonging to that VLAN. |
|
Not allowed to join (never a member) |
Ports of this type cannot join the VLAN. |
The following table lists supported policy-based VLANs.
|
VLAN type |
Support |
|---|---|
|
Protocol-based |
supported |
Protocol-based VLANs are an effective way to segment your network into broadcast domains according to the network protocols in use.
A port member of a port-based VLAN can belong to multiple protocol-based VLANs. Port tagging is not required for a port to be a member of multiple protocol-based VLANs.
The switch supports IPv6 protocol-based VLAN only.