User Manual
Publication date: January, 2005
Revision A1
44
How does a Tagged VLAN work?
If the ingress filtering is enabled and when a packet is received, VLAN bridge
will first check if the VID of the packet presents.
1). If the packet has a non-zero VID, VLAN bridge will apply this VID as the VLAN
ID of the packet in the network.
2). For a packet with null tag or no VLAN tag, if VLAN bridge provides rules to
decide its VID, then apply this VID to the packet.
If VLAN bridge does not support any rule for VID, then apply the PVID of the
port to the packet which came from that port. VLAN bridge checks to see if the
ingress port and the received packet are on the same VLAN. If not, drops it. If yes,
forwards it to the associated ports. Meanwhile, this VLAN must be applied to the
egress port, or the packet will be dropped.
If ingress filtering is disabled, VLAN bridge will only check the MAC address
table to see if the destination VLAN exists. If VLAN does not exist, then drop the
packet, and if both DA and VLAN do not exist, forwards the packet. If just knows
VLAN existed, then floods the packet to all the ports the VLAN covers.
If we plan to deploy four VLANs in an office and use a switch to partition
them, we should check which ports belong to which VLAN first. Assuming a 24-port
switch is applied.
Name VID Port Members
Marketing 2 1,2,3,4,5
Service 3 6,7,20,21,22
Sales 4 8,9,10,11,12,13,14,15,16
Administration 1 17,18,19,23,24
Table 3-6
Next, assigns IP address to each VLAN. Usually, we use 10.x.x.x as internal
IP block. Because there are total four VLANs in the network, we must assign 4 IP
blocks to each of them.
Name VID Network Address
Marketing 2 10.1.2.0/24
Service 3 10.1.3.0/24
Sales 4 10.1.4.0/24
Administration 1 10.1.1.0/24
Table 3-7
Here we apply the subnet mask 255.255.255, and each VLAN is capable of
supporting 254 nodes.