VLANs

This page allows for controlling VLAN configuration on the switch. The page is divided into a global section and a per-port configuration section.

Click to expand in new window
Object Description
Global VLAN Configuration
Allowed Access VLANs This field shows the allowed Access VLANs, that is, it only affects ports configured as Access Ports. Ports in other modes are members of all VLANs specified in the Allowed VLANs field. By default, only VLAN 1 is enabled. More VLANs may be created by using a list syntax where the individual elements are separated by commas. Ranges are specified with a dash separating the lower and upper bound.

The following example will create VLANs 1, 10, 11, 12, 13, 200, and 300: 1,10-13,200,300. Spaces are allowed in between the delimiters.
Ethertype for Custom S-ports This field specifies the ethertype/TPID (specified in hexadecimal) used for Custom S-ports. The setting is in force for all ports whose Port Type is set to S-Custom-Port.
Port VLAN Configuration
Port This is the logical port number of this row.
Mode The port mode (default is Access) determines the fundamental behavior of the port in question. A port can be in one of three modes as described below.

Whenever a particular mode is selected, the remaining fields in that row will be either grayed out or made changeable depending on the mode in question.
Grayed out fields show the value that the port will get when the mode is applied.

Access:


Access ports are normally used to connect to end stations. Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes. Access ports have the following characteristics:
  • Member of exactly one VLAN, the Port VLAN (a.k.a. Access VLAN), which by default is 1.
  • Accepts untagged and C-tagged frames.
  • Discards all frames that are not classified to the Access VLAN.
  • On egress all frames classified to the Access VLAN are transmitted untagged. Other (dynamically added VLANs) are transmitted tagged.

Trunk:

Trunk ports can carry traffic on multiple VLANs simultaneously, and are normally used to connect to other switches. Trunk ports have the following characteristics:
  • By default, a trunk port is member of all VLANs (1 – 4095).
  • The VLANs that a trunk port is member of may be limited by the use of Allowed VLANs.
  • Frames classified to a VLAN that the port is not a member of are discarded.
  • By default, all frames but frames classified to the Port VLAN (a.k.a. Native VLAN) get tagged on egress. Frames classified to the Port VLAN do not get C-tagged on egress.
  • Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted on ingress.

Hybrid:

Hybrid ports resemble trunk ports in many ways, but adds additional port configuration features. In addition to the characteristics described for trunk ports, hybrid ports have these abilities:
  • Can be configured to be VLAN tag unaware or, C-tag aware, S-tag aware, or S-custom-tag aware.
  • Ingress filtering can be controlled.
  • Ingress acceptance of frames and configuration of egress tagging can be configured independently.
Port VLAN Determines the port's VLAN ID (a.k.a. PVID). Allowed VLAN range is 1 – 4095, default being 1.
On ingress, frames get classified to the Port VLAN if the port is configured as VLAN unaware, the frame is untagged, or VLAN awareness is enabled on the port, but the frame is priority tagged (VLAN ID = 0).
On egress, frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN.
The Port VLAN is called an “Access VLAN” for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode.
Port Type Ports in hybrid mode allow for changing the port type, that is, whether a frame's VLAN tag is used to classify the frame on ingress to a particular VLAN, and if so, which TPID it reacts on. Likewise, on egress, the Port Type determines the TPID of the tag, if a tag is required.

Unaware:

On ingress, all frames, whether carrying a VLAN tag or not, get classified to the Port VLAN, and possible tags are not removed on egress.

C-Port:

On ingress, frames with a VLAN tag with TPID = 0x8100 get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with a C-tag.

S-Port:

On ingress, frames with a VLAN tag with TPID = 0x8100 or 0x88A8 get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with an S-tag.

S-Custom-Port:

On ingress, frames with a VLAN tag with a TPID = 0x8100 or equal to the Ethertype configured for Custom-S ports get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with the custom S-tag.
Ingress Filtering Hybrid ports allow for changing ingress filtering. Access and Trunk ports always have ingress filtering enabled.

If ingress filtering is enabled (checkbox is checked), frames classified to a VLAN that the port is not a member of get discarded.

If ingress filtering is disabled, frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine. However, the port will never transmit frames classified to VLANs that it is not a member of.
Ingress Acceptance Hybrid ports allow for changing the type of frames that are accepted on ingress.
  • Tagged and Untagged: Both tagged and untagged frames are accepted.
  • Tagged Only: Only tagged frames are accepted on ingress. Untagged frames are discarded.
  • Untagged Only: Only untagged frames are accepted on ingress. Tagged frames are discarded.
Egress Tagging Ports in Trunk and Hybrid mode may control the tagging of frames on egress.
  • Untag Port VLAN: Frames classified to the Port VLAN are transmitted untagged. Other frames are transmitted with the relevant tag.
  • Tag All: All frames, whether classified to the Port VLAN or not, are transmitted with a tag.
  • Untag All: All frames, whether classified to the Port VLAN or not, are transmitted without a tag. This option is only available for ports in Hybrid mode.
Allowed VLANs Ports in Trunk and Hybrid mode may control which VLANs they are allowed to become members of. Access ports can only be member of one VLAN, the Access VLAN.

The field's syntax is identical to the syntax used in the Enabled VLANs field. By default, a Trunk or Hybrid port will become member of all VLANs, and is therefore set to 1 – 4095.

The field may be left empty, which means that the port will not become member of any VLANs.
Forbidden VLANs A port may be configured to never be member of one or more VLANs. This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs.

The trick is to mark such VLANs as forbidden on the port in question.

The syntax is identical to the syntax used in the Enabled VLANs field.
By default, the field is left blank, which means that the port may become a member of all possible VLANs.
Buttons
Save changes.
Undo any changes and revert to previously saved values.
9034962-02 Rev AA