D-Link DES-3018 Switch User Manual


 
DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual
86
VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver packets
between stations that are members of the VLAN.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs
allows VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging
feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and
allows Spanning Tree to be enabled on all ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving
port is a member.
Figure 7- 1. IEEE 802.1Q Packet Forwarding
802.1Q VLAN Tags
The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source
MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's
EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in
the following two octets and consists of 3 bits of user priority, 1 bit of Canonical Format Identifier (CFI -
used for encapsulating Token Ring packets so they can be carried across Ethernet backbones), and 12 bits of
VLAN ID (VID). The 3 bits of user priority are used by 802.1p. The VID is the VLAN identifier and is used
by the 802.1Q standard. Because the VID is 12 bits long, 4094 unique VLANs can be identified.
The tag is inserted into the packet header making the entire packet longer by 4 octets. All of the information
originally contained in the packet is retained.
The main characteristics of IEEE 802.1Q are as follows:
Assigns packets to VLANs by filtering.
Assumes the presence of a single global spanning tree.
Uses an explicit tagging scheme with one-level tagging.
802.1Q VLAN Packet Forwarding
Packet forwarding decisions are made based upon the
following three types of rules:
Ingress rules - rules relevant to the classification of
received frames belonging to a VLAN.
Forwarding rules between ports - decides whether to filter
or forward the packet.
Egress rules - determines if the packet must be sent tagged
or untagged.