Web Management Guide-R03
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Displaying Memory Utilization
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA Authorization and Accounting
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Setting A Time Range
- Showing TCAM Utilization
- Setting the ACL Name and Type
- Configuring a Standard IPv4 ACL
- Configuring an Extended IPv4 ACL
- Configuring a Standard IPv6 ACL
- Configuring an Extended IPv6 ACL
- Configuring a MAC ACL
- Configuring an ARP ACL
- Binding a Port to an Access Control List
- Configuring ACL Mirroring
- Showing ACL Hardware Counters
- ARP Inspection
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- IP Source Guard
- DHCP Snooping
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Power over Ethernet
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- IP Configuration
- IP Services
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering Multicast Data at Interfaces
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Multicast VLAN Registration
- Basic Management Tasks
- Appendices
- Glossary
- Index
Chapter 5
| VLAN Configuration
IEEE 802.1Q Tunneling
– 150 –
3. After packet classification through the switching process, the packet is written
to memory with one tag (an outer tag) or with two tags (both an outer tag and
inner tag).
4. The switch sends the packet to the proper egress port.
5. If the egress port is an untagged member of the SPVLAN, the outer tag will be
stripped. If it is a tagged member, the outgoing packets will have two tags.
Layer 2 Flow for Packets Coming into a Tunnel Uplink Port
An uplink port receives one of the following packets:
◆ Untagged
◆ One tag (CVLAN or SPVLAN)
◆ Double tag (CVLAN + SPVLAN)
The ingress process does source and destination lookups. If both lookups are
successful, the ingress process writes the packet to memory. Then the egress
process transmits the packet. Packets entering a QinQ uplink port are processed in
the following manner:
1. If incoming packets are untagged, the PVID VLAN native tag is added.
2. If the ether-type of an incoming packet (single or double tagged) is not equal
to the TPID of the uplink port, the VLAN tag is determined to be a Customer
VLAN (CVLAN) tag. The uplink port’s PVID VLAN native tag is added to the
packet. This outer tag is used for learning and switching packets within the
service provider’s network. The TPID must be configured on a per port basis,
and the verification cannot be disabled.
3. If the ether-type of an incoming packet (single or double tagged) is equal to the
TPID of the uplink port, no new VLAN tag is added. If the uplink port is not the
member of the outer VLAN of the incoming packets, the packet will be dropped
when ingress filtering is enabled. If ingress filtering is not enabled, the packet
will still be forwarded. If the VLAN is not listed in the VLAN table, the packet will
be dropped.
4. After successful source and destination lookups, the packet is double tagged.
The switch uses the TPID of 0x8100 to indicate that an incoming packet is
double-tagged. If the outer tag of an incoming double-tagged packet is equal
to the port TPID and the inner tag is 0x8100, it is treated as a double-tagged
packet. If a single-tagged packet has 0x8100 as its TPID, and port TPID is not
0x8100, a new VLAN tag is added and it is also treated as double-tagged
packet.
5. If the destination address lookup fails, the packet is sent to all member ports of
the outer tag's VLAN.