HP switches support 802.1q VLAN tagging. VLAN tagging is a method of identifying a packet as a member of a
VLAN. VLAN tagging enables you to configure ports on multiple switches into a single VLAN. Using tagged
VLANs can ease network management and ensures interoperability with other devices.
When a switch sends a packet that is a member of a tagged VLAN, the switch "tags" the packet to indicate its
VLAN membership. Other switches that support VLAN tagging recognize the tag and process the packet
according to its VLAN membership.
For more information, see the "Configuring Virtual LANs (VLANs)" chapter in the Advanced Configuration and
Super Aggregated VLANs
You can aggregate multiple VLANs within another VLAN. This feature allows you to construct Layer 2 paths and
channels for implementing Global Ethernet. This feature is particularly useful for Virtual Private Network (VPN)
applications ins which you need to provide a private, dedicated Ethernet connection for an individual client to
transparently reach its sub-net across multiple networks.
For an application example and configuration information, see the "Configuring Virtual LANs (VLANs)" chapter in
the Advanced Configuration and Management Guide.
A MAC filter enables you to explicitly permit or deny switching of a Layer 2 packet received by the HP device.
When the device receives a Layer 2 packet for switching, the device checks the packet's contents against the
defined MAC filters. If the packet matches a filter, the system takes the action specified in the filter.
If the action is permit, the system allows the packet to be switched.
If the action is deny, the system immediately drops the packet.
To ensure security, if a packet does not match any of the MAC filters defined on the system, the system drops the
packet by default. To configure the system to permit packets by default, you must define the last MAC filter in the
filter list to allow all packets.
MAC filters can evaluate packets based on criteria such as source address and mask, destination address and
mask, and protocol type (IP, ARP, and so on).
See "Defining MAC Address Filters" on page 9-51 for information on configuring MAC filters.
An address-lock filter restricts the number of MAC addresses that a switch can learn from a specific port. After
the switch learns the specified number of MAC addresses from the port, it stops learning addresses received on
that port. In addition, the switch does not accept or forward traffic on the port unless the traffic contains one of the
source or destination MAC addresses locked for the port.
Address-lock filters apply only to Layer 2 traffic and do not affect Layer 3 or Layer 4 traffic on the locked ports.
Unlike addresses learned from other ports, addresses learned from a locked port are not subject to aging.
See "Locking a Port To Restrict Addresses" on page 9-57 for information on configuring address-lock filters.
Dynamic Host Configuration Protocol (DHCP) Assist
DHCP Assist allows an HP switch to assist an HP ProCurve routing switch or third-party router that is performing
multi-netting on its interfaces as part of its DHCP relay function. DHCP eliminates the need to manually assign IP
addresses to clients. Instead of each client having a statically configured IP address, clients petition a server for
IP addresses when the clients are booted.
DHCP Assist ensures that a DHCP server that manages multiple IP sub-nets can readily recognize the
requester's IP sub-net, even when that server is not on the client's local LAN segment. The HP switch does this
by stamping the correct gateway IP address into a DHCP discovery packet on behalf of the routing switch or
7 - 17