|
Posted by dilip_1379@hotmail.com on May 4, 2005, 4:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi All,
I am working with ethernet-switch i have query regarding VLAN.
If any body knows Please give your answer.
Ethernet switch supports shared VLAN feature.
Let say in-comming packet to any port is vlan-tagged packet.
First, destination address lookup will be perform.
Secondly Vlan-lookup will be perform based on current tag.
but,if this tag with current packet is not program in the VLAN-table, i
mean to say this tag is new for the switch.
So, switch can not able to find that which port are the member of this
vlan-tag.
In this case, what switch should do ?
1)Drop the packet ?
2)Forward to destinatiion Port ?
3)Forward to internal CPU ?
Thanks in advance.
Dilip.
|
 
| |
Posted by Christopher Nelson on May 4, 2005, 5:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
dilip_1379@hotmail.com wrote:
> ...
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.
> but,if this tag with current packet is not program in the VLAN-table,
> i mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of
> this vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?
It's not clear to me if you're writing the switch code for a new device
or trying to anticipate what the correct behavior is for an
off-the-shelf device you have in hand is.
Either way, I think the answer is, "It depends." Some switches will
revert to a port-based "VLAN" and route the packet based on the ingress
port's membership in a port group. Others will drop it. I think some
will flood the frame (or direct it if the destination MAC is known).
Some have security settings that let you choose between those behaviors.
|
|
Posted by Walter Roberson on May 4, 2005, 4:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:I am working with ethernet-switch i have query regarding VLAN.
:Ethernet switch supports shared VLAN feature.
:Let say in-comming packet to any port is vlan-tagged packet.
:First, destination address lookup will be perform.
:Secondly Vlan-lookup will be perform based on current tag.
There are two possible modes of operation: single spanning tree
and per-vlan spanning tree. In the per-vlan spanning tree mode,
the lookup would happen in the other order, VLAN first and then
destination MAC within that.
:but,if this tag with current packet is not program in the VLAN-table, i
:mean to say this tag is new for the switch.
:So, switch can not able to find that which port are the member of this
:vlan-tag.
:In this case, what switch should do ?
:1)Drop the packet ?
You mention "shared" VLAN. The dynamic VLAN membership services,
such as Cisco's VMPS, are "push" technologies: until a switch has
been notified to know about a VLAN, the VLAN effectively doesn't
exist. In such a case, the switch should really drop the packet,
but there are often overrides available for that behaviour.
--
"This was a Golden Age, a time of high adventure, rich living and
hard dying... but nobody thought so." -- Alfred Bester, TSMD
|
|
Posted by stephen on May 4, 2005, 10:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi All,
>
> I am working with ethernet-switch i have query regarding VLAN.
> If any body knows Please give your answer.
>
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.
this is the wrong way around for many switches.
modern switches tend to allow the same MAC address to occur in different
VLANs - this allows a network to include multiple instances of the same well
known MAC, bridging between VLANs, or devices with multiple interfaces where
the MAC is the same.
> but,if this tag with current packet is not program in the VLAN-table, i
> mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of this
> vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?
if it is an unknown MAC, then it probably goes to the CPU anyway - but you
should drop the packet since there isnt anywhere you can usefuly send it
unless you have some sort of "any VLAN allowed" setting for a port.
Doing anything else makes it possible for someone who can craft an arbitary
packet to get it to cross between VLANs - there are enough security issues
around without inventing extra ones......
since the drop is a misconfiguration issue the switch should possibly log
the event as an error somewhere.
>
> Thanks in advance.
> Dilip.
--
Regards
Stephen Hope - return address needs fewer xxs
|
|
Posted by anoop on May 9, 2005, 11:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
dilip_1379@hotmail.com wrote:
> Hi All,
>
> I am working with ethernet-switch i have query regarding VLAN.
> If any body knows Please give your answer.
>
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.
> but,if this tag with current packet is not program in the VLAN-table,
i
> mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of
this
> vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?
If the VLAN tag is one that the switch hasn't seen before, it
means it doesn't have a untagged/tagged membership set associated
with that VLAN yet. In that case, if the switch has ingress
filtering enabled, it will drop the packet there (because the
ingress port is not part of the VLAN's membership). If the
switch does not have ingress filtering on, then the frame will
make it through the learning process and that MAC address will
get learned on the port that it came in on. However, when it
is forwarded and the egress port (or ports) do a lookup to
determine if the port is in the member set for that VLAN,
the frame will end up getting drop.
In other words, if the VLAN is new to the switch, the frame
will always be discarded. However, depending on whether
or not ingress filtering is implemented and enabled, the
frame may be dropped on ingress or egress.
Anoop
|
| Similar Threads | Posted | | VLAN-Aware switch query... | June 6, 2005, 7:28 am |
| Placement of Layer 3 3COM switch query | May 30, 2005, 9:56 pm |
| STP-RSTP query | October 16, 2008, 3:29 am |
| query on port speed specification | January 5, 2008, 7:37 am |
| Query related to a stp and vlan case | June 26, 2008, 1:53 pm |
| query on Port-mirroring on Marvell Board | January 4, 2007, 4:32 am |
| Query on MSTP(Force port state) | July 15, 2007, 12:58 am |
| Need Ethernet Hub - NOT Switch | March 15, 2005, 7:15 pm |
| Ethernet Switch With a PC at Core | April 18, 2005, 9:26 pm |
| ethernet switch book ?? | December 7, 2005, 4:02 am |
|
|
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map