VLAN - SP6510P8
2013/4
www.micronet.info
Copyright © 2011 Micronet Communications, INC
Agenda

VLAN

Protocol VLAN

Voice VLAN
www.micronet.info
2
Micronet Communications Inc.
Benefit

Bandwidth Preservation

LAN security

Easy network management
www.micronet.info
3
Micronet Communications Inc.
Broadcast /multicast stream
VLAN 2
Finance Department
VLAN 1
R&D Department
ARP
NetBIOS
IPX GNS
SAP
RIP
Broadcasts consume bandwidth
Each device must process the broadcast frame
www.micronet.info
4
Micronet Communications Inc.
Bandwidth Preservation
VLAN 2
Finance Department
VLAN 1
R&D Department
VLANs contain broadcast traffic
www.micronet.info
5
Micronet Communications Inc.
LAN security
VLAN 1
R&D Department
www.micronet.info
6
Micronet Communications Inc.
VLAN Introduction

Port-Based VLAN

IEEE 802.1Q Tagged VLAN

Tagging Format

Tag Control Information

Ingress & Egress Rules

VLAN Operation LAN security
www.micronet.info
7
Micronet Communications Inc.
Legacy Port-Based VLAN
Finance Department
1X
2X
3X
4X
5X
6X
7X
8X
9X
10X
11X
Finance Department
12X
Mode 1
2
3
4
5
6
7
8
9 10 11 12
Link 1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode25 26
CheetahSwitch Workgroup - 3526F
Power
25 26
Link
100
FDX
Act
Mode 13 14 15 16 17 18 19 20 21 22 23 24
RPU
Agent
Link 13 1 15 16 17 18 19 20 21 22 23 24
13X
14X
15X
16X
17X
18X
19X
20X
21X
22X
23X
Mode Select
24X
1X
Marketing Department
2X
3X
4X
5X
6X
7X
8X
9X
10X
11X
12X
Mode 1
2
3
4
5
6
7
8
9 10 11 12
Link 1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode25 26
CheetahSwitch Workgroup - 3526F
Power
25 26
Link
100
FDX
Act
Mode 13 14 15 16 17 18 19 20 21 22 23 24
RPU
Agent
Link 13 1 15 16 17 18 19 20 21 22 23 24
13X
14X
15X
16X
17X
18X
19X
20X
21X
22X
23X
Mode Select
24X
R&D Department
R&D Department
www.micronet.info
8
Micronet Communications Inc.
IEEE 802.1Q Tagged VLAN
Finance Department
1X
2X
3X
4X
5X
6X
7X
8X
9X
10X
11X
Finance Department
12X
Mode 1
2
3
4
5
6
7
8
9 10 11 12
Link 1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode25 26
CheetahSwitch Workgroup - 3526F
Power
25 26
Link
100
FDX
Act
Mode 13 14 15 16 17 18 19 20 21 22 23 24
RPU
Agent
Link 13 1 15 16 17 18 19 20 21 22 23 24
13X
14X
15X
16X
17X
18X
19X
20X
21X
22X
23X
Mode Select
24X
1X
R&D Department Marketing Department
2X
3X
4X
5X
6X
9
8X
9X
10X
11X
12X
Mode 1
2
3
4
5
6
7
8
9 10 11 12
Link 1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode25 26
CheetahSwitch Workgroup - 3526F
Power
25 26
Link
100
FDX
Act
Mode 13 14 15 16 17 18 19 20 21 22 23 24
RPU
Agent
Link 13 1 15 16 17 18 19 20 21 22 23 24
13X
14X
15X
16X
17X
R&D Department
www.micronet.info
7X
18X
19X
20X
21X
22X
23X
Mode Select
24X
Sales Department
Micronet Communications Inc.
Relaying MAC Frame
Port State
Information
Forwarding
Process
Egress
Rule
Ingress
Rule
Frame
Reception
www.micronet.info
Port State
Information
Filtering
Database
10
Frame
Transmission
Micronet Communications Inc.
Ingress Rules
Acceptable frame types
- Admit only VLAN-tagged frames
- Admit all frames
- Admin only untagged frames

Port VLAN Identifier (PVID)
- Provides the VID for untagged and Priority tagged frames
received

Enable Ingress Filtering (Ingress Filtering)
- The ingress rules shall discard any frame received on the port
whose VLAN classification does not include that port in its
member set.
- SP6510P8-Smart default is Disable Ingress Filtering .

www.micronet.info
11
Micronet Communications Inc.
Ingress Rule-Port type(1)

C-port
- Port aware VLAN tagged.
- For customer ports, each frame is assigned to the VLAN
indicated in the VLAN tag, and the tag is removed.

Unaware
- Port unaware tagged
- All frames are classified to the Port VLAN ID and tags are not
removed.
www.micronet.info
12
Micronet Communications Inc.
Ingress Rule- Port Type(2)

S-port
- For service ports, the EtherType of all received frames is
changed to 0x88a8 to indicate that double-tagged frames are
being forwarded across the switch. The switch will pass these
frames on to the VLAN indicated in the outer tag. It will not strip
the outer tag, nor change any components of the tag other than
the EtherType field.

S-Custom-port
- For custom service ports, the EtherType of allreceived frames
is changed to value set in the Ethertype for CustomS-ports field
to indicate that double-tagged frames are being forwarded
across the switch. The switch will pass these frames on to the
VLAN indicated in the outer tag. It will not strip the outer tag,
nor change any components of the tag other than the
EtherType field.
www.micronet.info
13
Micronet Communications Inc.
Egress Rules(1)

Port VLAN Mode
- None
The ID for the VLAN to which this frame has been
assigned is inserted in frames transmitted from the port.
The assigned VLAN ID can be based on the ingress tag
for tagged frames, or the default PVID for untagged
ingress frames.

Note that this mode is normally used for ports connected to
VLAN-aware switches.

- Specific

A Port VLAN ID can be configured (as described below).
• Untagged frames received on the port are classified to the Port
VLAN ID(PVID).
• If Port Type is Unaware, all frames received on the port are
classified to the Port VLAN ID.
• If the classified VLAN ID of a frame transmitted on the port is
different from the Port VLAN ID, a VLAN tag with the classified
VLAN ID is inserted in the frame.
www.micronet.info
14
Micronet Communications Inc.
Egress Rules(2)

VLAN member
Determine for a given VLAN, through which ports frames may be
transmitted

TX Tag
Determine in what format (Tagged, Untagged, or Untag_pvid) should the
frames be transmitted
www.micronet.info
15
Micronet Communications Inc.
Filtering Database Architecture
Shared VLAN Learning
Allow address information learnt in one VLAN to be shared with
the other VLAN
Achieved by using destination MAC address as the searching
key

Independent VLAN Learning
Address information learnt in one VLAN is not shared with other
VLAN
Achieved by using both destination MAC address and VID as the
searching keys

www.micronet.info
16
Micronet Communications Inc.
VLAN Configuration
Configuration  VLAN VLAN membership
www.micronet.info
17
Micronet Communications Inc.
VLAN Configuration
Configuration  VLAN  Port
www.micronet.info
18
Micronet Communications Inc.
VLAN Operation
13
DA SA
1X
13X
2X
14X
3X
4X
15X
DA SA
Data
16X
5X
6X
17X 18X
7X
19X
VID=13 UNTAG
Egress Rule
8X
20X
9X
13
10X
Data
11X 12X
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
Mode
13
14
15
16
17
18
19
20
21
22
23
24
Link
13
14
15
16
17
18
19
20
21
22
23
24
Egress Rule
Vid=13 Untag
Mode 25
26
25
26
Link
Power
100
FDX
Act
RPU
Agent
Mode Select
VLAN Table
VID
DA SA
Data
www.micronet.info
2
1
Ingress Rule
PVID=13
Data
Data
Data
Host A
1
Link
21X 22X 23X 24X
DA SA
DA SA
DA SA
Untag frame
Mode
MAC
13
13,24
Port
MAC
Tagged
u,u
Untag frame
13
24
Host B
19
Mac A
Mac B
VID
13
13
Micronet Communications Inc.
C-port & Unaware port
13
DA SA
1X
2X
3X
DA SA
Data
4X
5X
6X
7X
8X
9X
Data
10X
11X 12X
Mode
13X
14X
15X
16X
17X 18X
19X
20X
1
2
3
4
5
6
7
12
2
3
4
5
6
7
8
9
10
11
12
Mode
13
14
15
16
17
18
19
20
21
22
23
24
Link
13
14
15
16
17
18
19
20
21
22
23
24
Egress Rule
Tx=PVID_untag
PVID=30
Mode 25
26
25
26
Link
Power
100
FDX
Act
RPU
Agent
Mode Select
VLAN Table
PVID=13
VID
1
13
tag frame
13
www.micronet.info
11
21X 22X 23X 24X
Data
Data
Data
13
Data
Host A
10
1
DA SA
DA SA
DA SA
DA SA
tag frame
9
Link
C-port
VID=13 UNTAG
Egress Rule
8
20
Tagged
1,2…23 u,u…u
13,24
u,u
MAC Address Table
Port
Host B
MAC
13
24
MAC
Mac A
Mac B
VID
13
13
Micronet Communications Inc.
VLAN Overlapping
Server
1X
2X
3X
4X
5X
6X
7X
8X
9X
10X
11X
12X
Mode 1
2
3
4
5
6
7
8
9 10 11 12
Link 1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode25 26
CheetahSwitch Workgroup - 3526F
Power
25 26
Link
100
FDX
Act
Mode 13 14 15 16 17 18 19 20 21 22 23 24
RPU
Agent
Link 13 1 15 16 17 18 19 20 21 22 23 24
13X
14X
15X
16X
17X
18X
19X
Vlan13
www.micronet.info
20X
21X
22X
23X
Mode Select
24X
Vlan 18
21
Micronet Communications Inc.
Port-Based VLAN Overlapping
2
DA SA
1X
13X
2X
14X
Data
3X
DA4XSA5X
15X
16X
36X
7X
Data
17X 18X
19X
8X
20X
9X
10X
11X 12X
Mode
1
2
3
4
5
6
7
8
9
10
11
12
Link
1
2
3
4
5
6
7
8
9
10
11
12
Mode
13
14
15
16
17
18
19
20
21
22
23
24
Link
13
14
15
16
17
18
19
20
21
22
23
24
Mode 25
26
25
26
Link
Power
100
FDX
Act
RPU
Agent
Mode Select
21X 22X 23X 24X
VID=2 Untag
VID=3 Untag
Egress Rule
PVID=3
VID=2
VID=99 UNTAG
Egress Rule
DA SA 99
Data
DA SA 99
Data
VID=3
VID=99 UNTAG
Egress Rule
PVID=99
Ingress Rule
SA Data
DA
DA SA Data
Data
Data
Data
Data
SA Data
Data
DA SA
DA
DA SA
DA SA
DA SA
DA SA
Port
Untag frame
13
18
24
Vlan 2
Vlan 3
Vlan 99
Host A
www.micronet.info
Host B
Server
22
Micronet Communications Inc.
802.1Q Tagged VLAN
2
DA SA
1X
2X
3X
Data
4X
5X
6X
7X
3
DA SA
13X
14X
15X
16X
17X 18X
19X
PVID=3
DA SA
DA SA
8X
9X
2
10X
3
11X
Data
Data
12X
Data
20X
Mode
2
3
4
5
6
7
8
9
10
11
12
Link
1
2
3
4
5
6
7
8
9
10
11
12
Mode
13
14
15
16
17
18
19
20
21
22
23
24
Link
13
14
15
16
17
18
19
20
21
22
23
24
Mode 25
26
25
26
Link
Power
100
FDX
Act
RPU
Agent
Mode Select
21X 22X 23X 24X
VID=2 TAG
VID=3 TAG
Egress Rule
VID=2 UNTAG
PVID=2
Egress Rule
Ingress Rule
1
PVID=1
Ingress Rule
23
Data
Data
Port
TAG frame
13
18
24
Vlan 2
Vlan 3
DA
DA SA
SA
3
2
Data
Host B
DA
DA SA
SA
DA SA
Data
Data
Data
www.micronet.info
DA SA
DA SA
DA SA
Host A
Data
Data
VID=3 UNTAG
Q-aware
Server Port, uplink Port
Server
23
Micronet Communications Inc.
Multi-switch VLAN
DA SA
13
Mode
Link
Mode
Link
1
2
3
4
5
6
7
8
9 10 11 12
1
2
3
4
5
6
7
8
9 10 11 12
Link
13 1 15 16 17 18 19 20 21 22 23 24
DA SA
13
Data
ACCTON
Mode
CheetahSwitch Workgroup - 3526F
25 26
25 26
13 14 15 16 17 18 19 20 21 22 23 24
Vid=13 tag
Egress Rule
PVID=13
Ingress Rule
13
DA SA
Data
Mode Select
Power
100
FDX
Act
RPU
Agent
PVID=1000
VID=1000,30 DA SA
Ingress Rule
Data
VID=13 UNTAG
Egress Rule
Data
DA SA
DA SA
PVID=1000
VID=1000,30
Ingress Rule
DA SA 13 Data
Vid=13 tag
Egress Rule
DA SA 13
Data
1X
2X
3X
4X
5X
6X
7X
8X
9X 10X
Mode
Link
Mode
Link
Data
Data
Untag frame
11X 12X
1
2
3
4
5
6
7
8
9 10 11 12
1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode
Link
CheetahSwitch Workgroup - 3526F
25 26
25 26
13 14 15 16 17 18 19 20 21 22 23 24
13 1 15 16 17 18 19 20 21 22 23 24
Power
100
FDX
Act
Mode Select
RPU
Agent
PVID=13
Ingress Rule
DA SA
Data
Data
24
DA SA
Host A
www.micronet.info
13
Untag frame
Micronet Communications Inc.
Link Type
DA SA
13
Mode
Link
Mode
Link
1
2
3
4
5
6
7
8
9 10 11 12
1
2
3
4
5
6
7
8
9 10 11 12
Link
13 1 15 16 17 18 19 20 21 22 23 24
DA SA
13
VID=13 UNTAG
Egress Rule
Data
ACCTON
Mode
CheetahSwitch Workgroup - 3526F
25 26
25 26
13 14 15 16 17 18 19 20 21 22 23 24
Mode Select
C-port
PVID=13
Ingress Rule
13
DA SA
Data
Power
100
FDX
Act
Trunk Link
RPU
Agent
DA SA
13
Data
PVID=1000
Ingress Rule
DA SA
Data
Vid=13 tag
Egress Rule
13
2X
3X
4X
5X
6X
7X
8X
Data
9X 10X
Mode
Link
Mode
DA SA
DA SA
C-port
DA SA
13
Link
11X 12X
1
2
3
4
5
6
7
8
9 10 11 12
1
2
3
4
5
6
7
8
9 10 11 12
ACCTON
Mode
Link
CheetahSwitch Workgroup - 3526F
25 26
25 26
13 14 15 16 17 18 19 20 21 22 23 24
13 1 15 16 17 18 19 20 21 22 23 24
Data
Power
100
FDX
Act
Mode Select
RPU
Agent
C-Port/Unaware
Data
Data
Untag frame
PVID=13
Ingress Rule
Data
Data
25
DA SA
DA SA
Q-unaware end station
www.micronet.info
1X
Untag frame
Micronet Communications Inc.
Protocol VLAN
SP6510P8
www.micronet.info
26
Micronet Communications Inc.
Protocol VLAN

Use Data-link layer information to control packet to access VLAN

Ethernet type

802.3-LLC(logic link control)


DSCP/SSAP (Destination Service Access Point /Source Service Access
Point)
802.3-SNAP
www.micronet.info
2
7
27
Micronet Communications Inc.
Data-Link layer format

Ethernet frame

802.3 frame

LLC

SNAP
www.micronet.info
28
Micronet Communications Inc.
Ethernet II format
• IP
www.micronet.info
29
Micronet Communications Inc.
802.3 LLC format

Spanning Tree BPDU
www.micronet.info
30
Micronet Communications Inc.
802.3 SNAP format
Cisco CDP
www.micronet.info
31
Micronet Communications Inc.
Protocol VLAN configuration
To configure protocol-based VLANs, follow these steps
1. First configure VLAN groups for the protocols you want to use
(VLAN member).

2. Create the protocol group for each interface to the appropriate
VLAN.
3. Mapping the group for each of the protocols you want to
assign to a VLAN using the Configure Protocol (Add) page.
www.micronet.info
32
Micronet Communications Inc.
Protocol VLAN configuration
1. Configuration  VLANs VLAN member
Add port 5 to VLAN 1000
www.micronet.info
33
Micronet Communications Inc.
Protocol VLAN configuration
2. Configuration  VCL  Protocol-based 
Protocol to Group
Add protocol vlan 1000 and add port 5. Protocol
group name is “T1”
www.micronet.info
34
Micronet Communications Inc.
Protocol VLAN configuration
2.3. Configuration  VCL  Protocol-based 
Protocol to group
Mapping group “T1” for each protocol you want
www.micronet.info
35
Micronet Communications Inc.
Protocol VLAN rule

Notice: Before creating a protocol-based VLAN, you need to
assign interfaces to the VLAN.
When a frame enters a port that has been assigned to a
protocol VLAN, it is processed in the following manner:
1. If the frame is tagged, it will be processed according to the
standard rules applied to tagged frames.
2. If the frame is untagged and the protocol type matches, the
frame is forwarded to the appropriate VLAN.
3. If the frame is untagged but the protocol type does not
match, the frame is forwarded to the default VLAN for this
interface.

www.micronet.info
36
Micronet Communications Inc.
Protocol Frame type

Ethernet – EtherType value. (Range: 0x0600-0xffff; Default: 0x0800)

LLC – Includes the DSAP and SSAP values. (Range: 0x00-0xff;
Default: 0xff)

SNAP – Includes OUI (Organizationally Unique Identifier) and PID
(Protocol ID) values:
OUI(Code) : A value in the format of xx-xx-xx where each pair (xx) in the
string is a hexadecimal value in the ranges of 0x00-0xff.
PID(Type) : If the OUI is hexadecimal 000000, the protocol ID is the
Ethernet type (EtherType) field value for the protocol running on top of
SNAP. If the OUI is that of a particular organization, the protocol ID is a
value assigned by that organization to the protocol running on top of
SNAP. In other words, if value of the OUI field is 00-00-00, then value of
the PID will be EtherType (0x0600-0xffff), and if value of the OUI is
other than 00-00-00, then valid value of the PID will be any value from
0x0000 to 0xffff.

www.micronet.info
37
Micronet Communications Inc.
Voice VLAN
SP6510P8
www.micronet.info
38
Micronet Communications Inc.
Voice VLAN

The Voice VLAN feature enables voice traffic forwarding on the
Voice VLAN, then the switch can classify and schedule network
traffic.

It is recommended that there be two VLANs on a port - one for
voice, one for data.

Notice: VoIP devices must send VLAN-tagged packets.

Use src-mac OUI (00-12-cf-00-00-01) of packets. To decide the
VLAN

Uses LLDP (IEEE 802.1ab) to discover VoIP devices attached
to the port. LLDP checks that the “telephone bit” in the system
capability TLV is turned on
www.micronet.info
39
Micronet Communications Inc.
LLDP system capabilities
www.micronet.info
40
Micronet Communications Inc.
Voice VLAN configuration(1)

Mode: Enable /Disable Voice VLAN

VLAN ID: Voice VLAN ID

Aging time: Indicates the Voice VLAN secure learning aging
tim(Range: 10-10000000 sec. Default is 100 sec)

Traffic Class: Indicates the Voice VLAN traffic class. All traffic
on the Voice VLAN will apply this class.
www.micronet.info
41
Micronet Communications Inc.
Voice VLAN configuration(2)

Port Mode:
- Disabled(default): Disjoin from Voice VLAN.
- Auto: Enable auto detect mode. It detects whether there is VoIP
phone attached to the specific port and configures the Voice
VLAN members automatically.
- Forced: Force join to Voice VLAN.

Port Security: Indicates the Voice VLAN port security mode.
When the function is enabled, all non-telephonic MAC
addresses in the Voice VLAN will be blocked for 10 seconds.
(default is Disabled)

Port Discovery Protocol: Indicates the Voice VLAN port
discovery protocol.
- OUI(Default): Detect telephony device by OUI address.
- LLDP: Detect telephony device by LLDP.
- Both: Both OUI and LLDP.
www.micronet.info
42
Micronet Communications Inc.
Voice VLAN configuration
Configuration Voice VLAN  configuration
www.micronet.info
43
Micronet Communications Inc.
Voice VLAN configuration
Configuration Voice VLAN  OUI
www.micronet.info
44
Micronet Communications Inc.
LLDP system capabilities format
Other (0)
= 0000 0000 0000 0001
Repeater (1)
= 0000 0000 0000 0010
Bridge (2)
= 0000 0000 0000 0100
WlanAccessPoint (3) = 0000 0000 0000 1000
Router (4)
= 0000 0000 0001 0000
Telephone (5)
= 0000 0000 0010 0000
DocsisCableDevice (6) = 0000 0000 0100 0000
stationOnly (7)
= 0000 0000 1000 0000
Reference: LLDP-MIB
www.micronet.info
45
Micronet Communications Inc.
Q&A
www.micronet.info
Confidential
46
Micronet Communications Inc.
www.micronet.info
Confidential
47
Micronet Communications Inc.