Table of Contents
Advertisement
VLAN Configuration
Virtual LANs
A Virtual LAN (VLAN) is a logical network group that limits the broadcast domain. It allows you to isolate network traffic so only
members of the VLAN receive traffic from the same VLAN members. Basically, creating a VLAN within a switch is logically
equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still
plugged into the same switch physically. A station can belong to more than one VLAN group. VLAN prevents users from
accessing network resources of another on the same LAN, thus the users can not see the hard disks and printers of another
user in the same building. VLAN can also increase the network performance by reducing the broadcast traffic and enhance the
security of the network by isolating groups.
The GE-DS-82 and NS2503-8P/2C series Managed Switch supports two types of VLANs:
Port-based
IEEE 802.1Q (tag) –based
Only one of the two VLAN types can be enabled at one time.
Port-based VLANs are VLANs where the packet forwarding decision is made based on the destination MAC address and its
associated port. You must define the outgoing ports allowed for each port when you use port-based VLANs. In port-based
VLANs, the packets received from one port can only be sent to the ports which are configured to the same VLAN. As shown in
the following figure, the switch administrator configured port 1~2 as VLAN 1 and port 3~4 as VLAN 2. The packets received
from port 1 can only be forwarded to port 2. The packets received from port 2 can only be forwarded to port 1. That means the
computer A can send packets to computer B, and vice versa. The same situation also occurred in VLAN 2. The computer C and
D can communicate with each other. However, the computers in VLAN 1 can not see the computers in VLAN 2 since they
belonged to different VLANs.
IEEE 802.1Q (tag) -based VLANs enable the Ethernet functionality to propagate tagged packets across the bridges and
provides a uniform way for creating VLAN within a network then span across the network. For egress packet, you can choose to
tag it or not with the associated VLAN ID of this port. For ingress packet, you can forward this packet to a specific port as long
as it is also in the same VLAN group.
The 802.1Q VLAN works by using a tag added to the Ethernet packets. The tag contains a VLAN Identifier (VID) which belongs
to a specific VLAN group. And ports can belong to more than one VLAN.
The difference between a port-based VLAN and a tag-based VLAN is that the tag-based VLAN truly divided the network into
several logically connected LANs. Packets rambling around the switches can be forwarded more intelligently. In the figure
shown below, by identifying the tag, broadcast packets coming from computer A in VLAN1 at sw1 can be forwarded directly to
VLAN1.
However, the switch could not be so smart in the port-based VLAN mechanism. Broadcast packets will also be forwarded to
port 4 of sw2. It means the port-based VLAN can not operate a logical VLAN group among switches.
The GE-DS-82 and NS2503-8P/2C series support both Port-based VLAN and Tag-based (802.1Q) VLAN modes. The default
configuration is tag-based (802.1Q) VLAN. In the 802.1Q VLAN, initially, all ports on the switch belong to default VLAN, VID is
1.
You cannot delete the default VLAN group in 802.1Q VLAN mode.
VLAN Mode: Port-based
Packets can go among only members of the same VLAN group. Note all unselected ports are treated as belonging to another
single VLAN. If the port-based VLAN enabled, the VLAN-tagging is ignored.
show vlan mode
Description:
Display the current VLAN mode.
GE-DS-82 and NS2503-8P/2C Series User Manual
152
Advertisement
Table of Contents
