Filter
Top Products
DGS-3100 Series Gigabit Stackable Managed Switch User Manual
59
Port VLAN ID
Tagged packets (carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to
another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and the entire network,
providing all network devices are 802.1Q compliant).
Not all network devices are 802.1Q compliant. Such devices are referred to as tag-unaware. 802.1Q devices are referred to
as tag-aware.
Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied
upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID
and then be forwarded to the port that corresponds to the packet's destination address (found in the switch's forwarding
table). If the PVID of the port receiving the packet is different from the PVID of the port that is to transmit the packet, the
switch drops the packet.
Within the switch, different PVIDs mean different VLANs (remember that two VLANs cannot communicate without an
external router). So, VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switch
(or switch stack).
Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLANs
are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are
assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as
VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are
also assigned a PVID, but the PVID is not used to make packet forwarding decisions, the VID is.
Tag-aware switches must keep a table to relate PVIDs within the switch to VIDs on the network. The switch compares the
VID of a packet to be transmitted to the VID of the port that is to transmit the packet. If the two VIDs are different, the
switch drops the packet. As a result of the existence of the PVID for untagged packets, and the VID for tagged packets, tag-
aware and tag-unaware network devices can coexist on the same network.
A switch port can only have one PVID, but it can have as many VIDs that the switch’s memory storage capacity has in its
VLAN table, to store them.
As some devices on a network may be tag-unaware, a decision must be made at each port on a tag-aware device before
packets are transmitted; Should the packet to be transmitted have a tag or not? If the transmitting port is connected to a tag-
unaware device, the packet should be untagged. If the transmitting port is connected to a tag-aware device, the packet
should be tagged.
Tagging and Untagging
Every port on an 802.1Q compliant switch can be configured as tagged or untagged.
Tagging enabled ports put the VID number, priority, and other VLAN information into the header of all packets that flow
into and out of it. If a packet has previously been tagged, the port does not alter the packet, thus keeping the VLAN
information intact. The VLAN information in the tag is then used by other 802.1Q compliant devices on the network to
make packet-forwarding decisions.
Ports with untagging enabled strip the 802.1Q tag from all packets flowing into and out of those ports. If the packet doesn't
have an 802.1Q VLAN tag, the port does not alter the packet. As a result, all packets received by and forwarded by an
untagging port have no 802.1Q VLAN information (as the PVID is only used internally within the switch). Untagging is
used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
Ingress Filtering
A port on a switch where packets are flowing into the switch, and VLAN decisions must be made, is referred to as an
ingress port. If ingress filtering is enabled for a port, the switch examines the VLAN information in the packet header (if
present) and decides whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port first determines if the ingress port itself is a member of the
tagged VLAN. If it is not, the packet is dropped. If the ingress port is a member of the 802.1Q VLAN, the switch determines
if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a
member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port tags the packet with its own PVID as a VID (if the port
is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as