Siemens RUGGEDCOM ROX II User Manual page 350

Chapter 8
Layer 2
frames from VLANs configured to the switch are not dropped. For more information about enabling or disabling
ingress filtering, refer to
Section 8.5.1.5
Forbidden Ports List
Each VLAN can be configured to exclude ports from membership in the VLAN using the forbidden ports list. For
more about configuring a list of forbidden ports, refer to
Section 8.5.1.6
VLAN-Aware Mode of Operation
The native operation mode for an IEEE 802.1Q compliant switch is VLAN-aware. Even if a specific network
architecture does not use VLANs, RUGGEDCOM ROX II's default VLAN settings allow the switch to still operate in a
VLAN-aware mode, while providing functionality required for almost any network application. However, the IEEE
802.1Q standard defines a set of rules that must be followed by all VLAN-aware switches:
• Valid VIDs are within the range of 1 to 4094. VIDs equal to 0 or 4095 are invalid.
• Each frame ingressing a VLAN-aware switch is associated with a valid VID.
• Each frame egressing a VLAN-aware switch is either untagged or tagged with a valid VID. Priority-tagged frames
with an invalid VID will never sent out by a VLAN-aware switch.
NOTE
Some applications have requirements conflicting with IEEE 802.Q native mode of operation. For
example, some applications explicitly require priority-tagged frames to be received by end devices.
Section 8.5.1.7
GARP VLAN Registration Protocol (GVRP)
GARP VLAN Registration Protocol (GVRP) is a standard protocol built on GARP (Generic Attribute Registration
Protocol) to automatically distribute VLAN configuration information in a network. Each switch in a network needs
only to be configured with VLANs it requires locally. VLANs configured elsewhere in the network are learned
through GVRP. A GVRP-aware end station (i.e. PC or Intelligent Electronic Device) configured for a particular VID
can be connected to a trunk on a GVRP-aware switch and automatically become part of the desired VLAN.
When a switch sends GVRP bridge protocol data units (BPDUs) out of all GVRP-enabled ports, GVRP BPDUs advertise
all the VLANs known to that switch (configured manually or learned dynamically through GVRP) to the rest of the
network.
When a GVRP-enabled switch receives a GVRP BPDU advertising a set of VLANs, the receiving port becomes a
member of those advertised VLANs and the switch begins advertising those VLANs through all the GVRP-enabled
ports (other than the port on which the VLANs were learned).
To improve network security using VLANs, GVRP-enabled ports may be configured to prohibit the learning of any
new dynamic VLANs but at the same time be allowed to advertise the VLANs configured on the switch.
The following is an example of how to use GVRP:
304
Section 8.5.3, "Enabling/Disabling Ingress Filtering".
Section 8.5.6, "Managing Forbidden
RUGGEDCOM ROX II
CLI User Guide
Ports".
Forbidden Ports List