VLAN

Bonjour Vicky,

I'm not really an expert of that, but I can see that nobody replies to that interresting question.

A VLAN-aware bridge is a bridge specified by 802.1Q.

As you can read in the section 5.4 of the specification:

"An implementation of a VLAN-aware Bridge may support Port-and- Protocol-based VLAN classification (5.3.1.2), including multiple VID (VLAN identifiers) values per port, administrative control of the values of the multiple VIDs, and a Protocol Group Dat."

Best regards, Michelot

---------------------------------- Thanks a lot for responding

One thing i want to ask....

One of my question is comes when i read a switch data sheet here this line is mentioned....

If both the VID and MAC Address are used , a single MAC address is able to be a member of multiple VLANs simentaniously......

Please help me to clarify this statement.....

Thanks in advance..........

Bonjour Vicky,

We don't know all the context, so we can imagine one possibility. It exists surely other possibilities of interpretation.

Suppose just one switch, with e.g; 24 port-based VLAN, connected to terminal stations that send no-tagged Ehernet frames.

The station S1 is connected to the port P2 configured to belong to the VLAN V3. Other switch ports are also configured with the VLAN V3, e.g. P7 and P20.

Suppose S1 sends a (classical) Ethernet frame to reach the destination address DA7. And, it is the first sending with that address.

The switch broadcasts the frame into all the VLAN V3 (except to the sender S1), that are stations connected to P7 and P20. If the station S4 connected to P20 e.g. replies, its address is registered in the self learning table with that information: S4/V3/SA4 (source address of S4).

After that, when S1 sends frames to S4, the switch has no need to broadcast these frames into V3. The communication works point to point in V3.

This is the normal use.

But you can complicate a little bit. You can configure (if the switch allows that) that P2, where is S1, belongs to V3, V5 and V11. And P20, where is S4, belongs to V3, V5 and V33.

- If S4 (with DA4) is connected to P20/V3 (the previous case) it works.

- If I move S4 to P9/V5 it works also.

- If I move S4 to P4/V56, S1 will never communicate directly through Ethernet with S4.

- If I move S4 to P23/V33, the communication between S1 and S4 doesn't work (through Ethernet).

S4 is a member of V3, V5, V33 and the communication is possible is the source belongs to those VLAN.

These both examples are the level 1 of VLAN, with no need to exchange tagged Ethernet frames.

Best regards, Michelot

Sorry, "the communication is possible is the source belongs to one of those VLAN".

Michelot

---------------------------------------------

What is the benifit of making a port with multiple vlan.

It allows you to have a nice comfortable -feeling- of security while having deliberately broken security in order to do something a little easier than would have been possible otherwise.

Typical configuration situation: you have a series of ports that are not supposed to be able to talk to each other (e.g., perhaps they are different rooms in a hotel), but each of the ports needs to be able to talk to a server... the same server in each case. But your server doesn't handle tagged VLANs or it is a nuisance to configure it to handle tagged VLANs, so you take the shortcut of making the server port an untagged member of all the other VLANs. And when someone promptly breaks the security and gets at the other rooms, you just say, "So sorry!" and give them a coupon for a free soft-drink in the hotel bar.