Summary Of Vlan Configuration Rules - Foundry Networks Switch and Router Installation And Configuration Manual

Foundry Switch and Router Installation and Configuration Guide

Summary of VLAN Configuration Rules

A hierarchy of VLANs exists between the Layer 2 and Layer 3 protocol-based VLANs:
• Port-based VLANs are at the lowest level of the hierarchy.
• Layer 3 protocol-based VLANs, IP, IPX, AppleTalk, Decnet, and NetBIOS are at the middle level of the
hierarchy.
• IP sub-net, IPX network, and AppleTalk cable VLANs are at the top of the hierarchy.
NOTE: You cannot have a protocol-based VLAN and a sub-net or network VLAN of the same protocol type in the
same port-based VLAN. For example, you can have an IPX protocol VLAN and IP sub-net VLAN in the same
port-based VLAN, but you cannot have an IP protocol VLAN and an IP sub-net VLAN in the same port-based
VLAN, nor can you have an IPX protocol VLAN and an IPX network VLAN in the same port-based VLAN.
As a Foundry device receives packets, the VLAN classification starts from the highest level VLAN first. Therefore,
if an interface is configured as a member of both a port-based VLAN and an IP protocol VLAN, IP packets coming
into the interface are classified as members of the IP protocol VLAN because that VLAN is higher in the VLAN
hierarchy.
Multiple VLAN Membership Rules
• A port can belong to multiple, unique, overlapping Layer 3 protocol-based VLANs without VLAN tagging.
• A port can belong to multiple, overlapping Layer 2 port-based VLANs only if the port is a tagged port. Packets
sent out of a tagged port use an 802.1q-tagged frame.
• When both port and protocol-based VLANs are configured on a given device, all protocol VLANs must be
strictly contained within a port-based VLAN. A protocol VLAN cannot include ports from multiple port-based
VLANs. This rule is required to ensure that port-based VLANs remain loop-free Layer 2 broadcast domains.
• IP-Protocol and IP-Subnet VLANs cannot operate concurrently on the system or within the same port-based
VLAN.
• IPX-Protocol and IPX-Network VLANs cannot operate concurrently on the system or within the same port-
based VLAN.
• If you first configure IP and IPX protocol VLANs before deciding to partition the network by IP sub-net and IPX
network VLANs, then you need to delete those VLANs before creating the IP sub-net and IPX network
VLANs.
• One of each type of protocol VLAN is configurable within each port-based VLAN on the Layer 2 Switch.
• Multiple IP-Subnet and IPX-Network VLANs are configurable within each port-based VLAN on the Layer 2
Switch.
• Removing a configured port-based VLAN from a Foundry Networks switch or router automatically removes
any protocol-based VLAN, IP-Subnet VLAN, AppleTalk cable VLAN, or IPX-Network VLAN, or any Virtual
Ethernet router interfaces defined within the Port-based VLAN.
Routing Between VLANs (Routers Only)
Foundry Layer 3 Switches can locally route IP, IPX, and Appletalk between VLANs defined within a single router.
All other routable protocols or protocol VLANs (for example, DecNet) must be routed by another external router
capable of routing the protocol.
Virtual Interfaces (routers only)
Virtual Ethernet router interfaces must be defined at the highest level of the VLAN hierarchy. You need to
configure virtual interfaces if an IP, IPX, or Appletalk protocol VLAN, IP sub-net VLAN, AppleTalk cable VLAN, or
IPX network VLAN is defined within a port-based VLAN on a Foundry Layer 3 Switch. You also you need to route
these protocols to another port-based VLAN on the same router. You need to configure a separate virtual router
25 - 14 December 2000