User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

131

132

133

134

135

136

137

138

139

140

OmniAccess SafeGuard OS Administration Guide

132

Chapter 5: Setting Up SafeGuard Switches

Ingress Filtering

If ingress filtering is enabled, incoming frames for VLANs which do not include this

ingress port in their member set will be discarded at the ingress port; otherwise, the

incoming frames are admitted and forwarded to the ports that are member of that VLAN.

By default, ingress filtering is enabled per port, and can be disabled.

Ingress filtering does not affect VLAN independent BPDU frames, such as STP. However,

it does affect VLAN dependent BPDU frames, such as GMRP.

For example, VLAN2 is dedicated to hosts running the IPX protocol on ports 6-10. A host

connected to port 5 is also running IPX, but port 5 is not in the VLAN configuration for

the VLAN2. When the frame goes through the ingress rules the system classifies the

frame as protocol-based. The system assigns the frame to VLAN 2 even though the port is

not configured in the VLAN. To have the system drop the frame rather than forward to

VLAN 2, it needs to filter on the ingress. For more information on ingress filtering, see

Enabling Ingress Filtering on page 138.

Assigning Ports to VLANs

Before a VLAN becomes active, you need to assign one or more ports to the VLAN in

which it participates. By default, all ports are assigned to default VLAN 1 as untagged

ports. A port can be member of multiple VLANs as either tagged or untagged.

Add a port as a tagged port if this port carries traffic for one or more VLANs, and

intermediate network devices or the host at the other end of connection supports VLANs.

Tagging mode of a member port decides whether switch should transmit a frame out of

this port as tagged or untagged frame.

Forwarding Tagged and Untagged Frames

After the Ingress classification determines the VLAN ID for the received frame, the

switch decides to which member ports of the VLAN switch the frame should be

forwarded.

Tagged and untagged frames are treated as follows:

■ Tagged frames – If an egress port is a tagged member, the frame will be

transmitted as a tagged frame. Otherwise, the switch will first strip off the VLAN

tag before forwarding the frame as an untagged frame.

■ Untagged frames – If an egress port is a tagged member, A VLAN tag will be

inserted into the frame before forwarding. Otherwise, the switch will forward the

frame as untagged.

Why Use VLANs?

VLANs provide several advantages: