User`s manual
112 Asanté IntraCore 36000 Series
Chapter 10: Configuring VLAN
In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This
switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into
separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate
broadcast storms in large networks. This also provides a more secure and cleaner network environment.
An IEEE 802.1Q VLAN is a group of ports that can be located anywhere in the network, but communicate as
though they belong to the same physical segment.
VLANs help to simplify network management by allowing you to move devices to a new VLAN without
having to change any physical connections. VLANs can be easily organized to reflect departmental groups
(such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia
applications such as videoconferencing).
VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network
changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of
network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
This switch supports the following VLAN features:
• Up to 255 VLANs based on the IEEE 802.1Q standard
• Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol
• Port overlapping, allowing a port to participate in multiple VLANs
• End stations can belong to multiple VLANs
• Passing traffic between VLAN-aware and VLAN-unaware devices
• Priority tagging
10.1 Assigning Ports to VLANs
Before enabling VLANs for the switch, assign each port to the VLAN group(s) where it participates. By
default, all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port to carry traffic for
one or more VLANs, and any intermediate network devices or the host at the other end of the connection
supports VLANs. Use GVRP, either manually or dynamically, to assign ports on other VLAN-aware network
devices on a path that carries this traffic to the same VLAN(s). If you want a port on this switch to participate
in one or more VLANs, but none of the intermediate network devices or the host at the other end of the
connection supports VLANs, then you should add this port to the VLAN as an untagged port.
Note: VLAN-tagged frames pass through VLAN-aware or VLAN-unaware network interconnection devices,
but the VLAN tags are stripped off before passing it on to any end host that does not support VLAN tagging.
VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the
frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of
the receiving port). If the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast
domain of the frame.
Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources
among different VLAN groups, such as file servers or printers. If you implement VLANs that do not overlap,
but still need to communicate, you can connect them by using a Layer-3 router or switch.
Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase
security. A group of network users assigned to a VLAN form a broadcast domain that is separate from other