4.17.1 Controlling VLAN Configuration

The Global VLAN Configuration page allows for controlling VLAN configuration on the switch. The page is divided into a global section and a per-port configuration section.

Figure 4-70. Global VLAN Configuration

The Global VLAN Configuration page has the following parameters:

  • Global VLAN Configuration

    • Allowed Access VLANs: This field shows the allowed Access VLANs, that is, it only affects ports configured as Access ports. Ports in other modes are members of the VLANs specified in the Allowed VLANs field. By default, only VLAN 1 is enabled. More VLANs may be created by using a list syntax where the individual elements are separated by commas. Ranges are specified with a dash separating the lower and upper bound.

      The following example creates VLANs 1, 10, 11, 12, 13, 200, and 300: 1,10-13,200,300. Spaces are allowed in between the delimiters.

    • Ethertype for Custom S-ports: This field specifies the Ethertype/TPID (specified in hexadecimal) used for Custom S-ports. The setting is in force for all ports whose Port Type is set to S-Custom-Port.

  • Port VLAN Configuration
    • Port: This is the logical port number of this row
    • Mode: The port mode (default is Access) determines the fundamental behavior of the port in question. A port can be in one of three modes, as described in the following list. When a particular mode is selected, the remaining fields in that row are either grayed out or made changeable depending on the mode in question. Grayed out fields show the value that the port gets when the mode is applied.
      • Access: Access ports are normally used to connect to end stations. Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes. Access ports have the following characteristics:
        • Member of exactly one VLAN, the Port VLAN (Access VLAN), which by default is 1
        • Accepts untagged and C-tagged frames
        • Discards all frames not classified to the Access VLAN
        • On egress all frames are transmitted untagged
      • Trunk: Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switches. Trunk ports have the following characteristics:
        • By default, a Trunk port is a member of all VLANs (1–4095)
        • The VLANs that a Trunk port is member of may be limited because of Allowed VLANs
        • Frames classified to a VLAN that the port is not a member of are discarded
        • By default, all frames but frames classified to the Port VLAN (that is, Native VLAN) get tagged on egress. Frames classified to the Port VLAN do not get C-tagged on egress.
        • Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted on ingress.
      • Hybrid: Hybrid ports resemble trunk ports in many ways but add additional port configuration features. In addition to the characteristics described for Trunk ports, Hybrid ports have these abilities:
        • Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-custom-tag aware
        • Ingress filtering can be controlled
        • Ingress acceptance of frames and configuration of egress tagging can be configured independently
    • Port VLAN: Determines the port's VLAN ID (PVID). Allowed VLANs are in the range 1 through 4095, default being 1. On ingress, frames get classified to the Port VLAN if the port is configured as VLAN unaware, the frame is untagged, or VLAN awareness is enabled on the port, but the frame is priority tagged (VLAN ID = 0).

      On egress, frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN. The Port VLAN is called an Access VLAN for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode.

    • Port Type: Ports in Hybrid mode allow for changing the port type, that is, whether a frame's VLAN tag is used to classify the frame on ingress to a particular VLAN, and if so, which TPID it reacts on. Likewise, on egress, the Port Type determines the TPID of the tag, if a tag is required.
      • Unaware: On ingress, all frames, whether carrying a VLAN tag or not, get classified to the Port VLAN, and possible tags are not removed on egress.
      • C-Port: On ingress, frames with a VLAN tag with TPID = 0x8100 get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, then they are tagged with a C-tag.
      • S-Port: On egress, if frames must be tagged, they are tagged with an S-tag. On ingress, frames with a VLAN tag with TPID = 0x88A8 get classified to the VLAN ID embedded in the tag. Priority-tagged frames are classified to the Port VLAN. If the port is configured to accept Tagged Only frames (see Ingress Acceptance), frames without this TPID are dropped.
        Note: If the S-port is configured to accept Tagged and Untagged frames (see Ingress Acceptance), frames with a C-tag are treated like frames with an S-tag.

        If the S-port is configured to accept Untagged Only frames, S-tagged frames are discarded (except for priority S-tagged frames). C-tagged frames are initially considered untagged, and therefore, not discarded. Later in the ingress classification process, they get classified to the VLAN embedded in the tag instead of the port VLAN ID.

      • S-Custom-Port: On egress, if frames must be tagged, they are tagged with the custom S-tag

        On ingress, frames with a VLAN tag with a TPID equal to the Ethertype configured for Custom-S ports get classified to the VLAN ID embedded in the tag. Priority-tagged frames are classified to the Port VLAN. If the port is configured to accept Tagged Only frames (see Ingress Acceptance), frames without this TPID are dropped.

        Note: If the custom S-port is configured to accept Tagged and Untagged frames (see Ingress Acceptance), frames with a C-tag are treated like frames with a custom S-tag.

        If the Custom S-port is configured to accept Untagged Only frames, custom S-tagged frames are discarded (except for priority custom S-tagged frames). C-tagged frames are initially considered untagged, and therefore, cannot be discarded. Later, in the ingress classification process, they are classified to the VLAN embedded in the tag instead of the port VLAN ID.

    • Ingress Filtering: Hybrid ports allow for changing ingress filtering. Access and Trunk ports always have ingress filtering enabled. If ingress filtering is enabled (checkbox is checked), frames classified to a VLAN that the port is not a member of get discarded. If ingress filtering is disabled, frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine. However, the port never transmits frames classified to VLANs that it is not a member of.
    • Ingress Acceptance: Hybrid ports allow for changing the type of frames that are accepted on ingress.
      • Tagged and Untagged: Both tagged and untagged frames are accepted. See Port Type for a description of when a frame is considered tagged.
      • Tagged Only: Only frames that are tagged with the corresponding Port Type tag are accepted on ingress
      • Untagged Only: Only untagged frames are accepted on ingress. See Port Type for a description of when a frame is considered untagged.
    • Egress Tagging: Ports in Trunk and Hybrid modes may control the tagging of frames on egress
      • Untag Port VLAN: Frames classified to the Port VLAN are transmitted untagged. Other frames are transmitted with the relevant tag.
      • Tag All: All frames, whether classified to the Port VLAN or not, are transmitted with a tag
      • Untag All: All frames, whether classified to the Port VLAN or not, are transmitted without a tag

        This option is only available for ports in Hybrid mode.

    • Allowed VLANs: Ports in Trunk and Hybrid modes may control which VLANs they are allowed to become members of. Access ports can only be a member of one VLAN, the Access VLAN. The field's syntax is identical to the syntax used in the Enabled VLANs field. By default, a Trunk or Hybrid port becomes a member of all VLANs and is set to 1–4095. The field may be left empty, which means that the port does not become a member of any VLANs.
    • Forbidden VLANs: A port may be configured to never become a member of one or more VLANs. This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs. The trick is to mark such VLANs as forbidden on the port in question. The syntax is identical to the syntax used in the Enabled VLANs field. By default, the field is left blank, which means that the port may become a member of all possible VLANs.