Tagging And Untagging; Ingress Filtering And Egress Rules; Ieee 802.1Q Vlan Configuration - Bull 1GB Intel Ethernet Switch Module Installation And User Manual

Before the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use.
These VLANs relied upon a port VLAN ID (PVID) to forward packets. A packet received on a
given port would be assigned that port PVID and then be forwarded to the port that corresponded to
the packet destination address (found in the switch forwarding table). If the PVID of the port that
receives the packet is different from the PVID of the port that is to transmit the packet, the switch
module will drop the packet.
A switch port can have only one PVID but can have as many VIDs as the switch module has
memory in its VLAN table to store them.

Tagging and untagging

Every port on an 802.1Q compliant switch can be configured to admit or discard packets that are
received without a tag. Untagged packets that are admitted will be tagged with the port's PVID.
Every port on an 802.1Q compliant switch can also be configured to transmit packets with or
without tags. Ports with tagging enabled will leave the 802.1Q tag received with the packet or
inserted by the ingress port unchanged. Ports with untagging enabled will strip the 802.1Q tag from
all packets that it transmits. Untagging is used to send packets from an 802.1Q-compliant network
device to a noncompliant one.

Ingress filtering and egress rules

A port on a switch where packets are flowing into the switch and VLAN decisions must be made is
referred to as an ingress port. If ingress filtering is enabled for a port, the switch will examine the
VLAN information in the packet header (if present) to decide whether to forward the packet. If
ingress filtering is disabled, packets will not be dropped based on their VLAN classification.
If ingress filtering is enabled and the packet is tagged with VLAN information, the ingress port will
determine whether the ingress port itself is a member of the tagged VLAN. If it is not, the packet
will be dropped. If the ingress port is a member of the 802.1Q VLAN, the packet is passed to the
forwarding function.
If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own
PVID as a VID (if the port is configured to accept untagged packets) and pass it to the forwarding
function.
The forwarding function determines the destination port. If the destination, or egress, port is a
member of the same VLAN as the packet the destination port transmits the packet on its attached
network segment. If the egress port is not a member of the VLAN, the packet is dropped.

IEEE 802.1Q VLAN configuration

The switch module initially configures one VLAN (VID = 1) named DEFAULT. The factory default
setting assigns all ports on the switch module to VLAN I. As new VLANs are configured, their
respective member ports are removed from VLAN 1. In addition, the VLAN ID value of 4095 is
reserved for internal use. Following is additional configuration information:
• Packets cannot cross VLANs. If a member of one VLAN is to connect to a member of another
VLAN, the link must be through an external router.
• If no VLANs are configured on the switch module, all packets will be forwarded to any
destination port. Packets with unknown source addresses will be flooded to all ports. Broadcast
and multicast packets will also be flooded to all ports.
30
NovaScale Blade 1 GB Intel® Ethernet Switch Module: Installation and User's Guide