Tom's Hardware > Forum > General Networking > Network General Discussions > Ethernet Vlan-aware switch query.

Ethernet Vlan-aware switch query.

Forum General Networking : Network General Discussions - Ethernet Vlan-aware switch query.

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   05-04-2005 at 10:40:28 AM

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

Hi All,

I am working with ethernet-switch i have query regarding VLAN.
If any body knows Please give your answer.

Ethernet switch supports shared VLAN feature.
Let say in-comming packet to any port is vlan-tagged packet.
First, destination address lookup will be perform.
Secondly Vlan-lookup will be perform based on current tag.
but,if this tag with current packet is not program in the VLAN-table, i
mean to say this tag is new for the switch.
So, switch can not able to find that which port are the member of this
vlan-tag.

In this case, what switch should do ?
1)Drop the packet ?
2)Forward to destinatiion Port ?
3)Forward to internal CPU ?

Thanks in advance.
Dilip.

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   05-04-2005 at 11:26:13 AM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

dilip_1379@hotmail.com wrote:
> ...
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.
> but,if this tag with current packet is not program in the VLAN-table,
> i mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of
> this vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?

It's not clear to me if you're writing the switch code for a new device
or trying to anticipate what the correct behavior is for an
off-the-shelf device you have in hand is.

Either way, I think the answer is, "It depends." Some switches will
revert to a port-based "VLAN" and route the packet based on the ingress
port's membership in a port group. Others will drop it. I think some
will flood the frame (or direct it if the destination MAC is known).
Some have security settings that let you choose between those behaviors.

Reply to Anonymous
Anonymous   05-04-2005 at 10:04:51 PM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

In article <1115206828.200212.315890@f14g2000cwb.googlegroups.com>,
dilip_1379@hotmail.com <dilip@einfochips.com> wrote:
:I am working with ethernet-switch i have query regarding VLAN.

:Ethernet switch supports shared VLAN feature.
:Let say in-comming packet to any port is vlan-tagged packet.
:First, destination address lookup will be perform.
:Secondly Vlan-lookup will be perform based on current tag.

There are two possible modes of operation: single spanning tree
and per-vlan spanning tree. In the per-vlan spanning tree mode,
the lookup would happen in the other order, VLAN first and then
destination MAC within that.

:but,if this tag with current packet is not program in the VLAN-table, i
:mean to say this tag is new for the switch.
:So, switch can not able to find that which port are the member of this
:vlan-tag.

:In this case, what switch should do ?
:1)Drop the packet ?

You mention "shared" VLAN. The dynamic VLAN membership services,
such as Cisco's VMPS, are "push" technologies: until a switch has
been notified to know about a VLAN, the VLAN effectively doesn't
exist. In such a case, the switch should really drop the packet,
but there are often overrides available for that behaviour.
--
"This was a Golden Age, a time of high adventure, rich living and
hard dying... but nobody thought so." -- Alfred Bester, TSMD

Reply to Anonymous
Stephen   05-05-2005 at 04:20:05 AM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

"dilip_1379@hotmail.com" <dilip@einfochips.com> wrote in message
news:1115206828.200212.315890@f14g2000cwb.googlegroups.com...
> Hi All,
>
> I am working with ethernet-switch i have query regarding VLAN.
> If any body knows Please give your answer.
>
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.

this is the wrong way around for many switches.

modern switches tend to allow the same MAC address to occur in different
VLANs - this allows a network to include multiple instances of the same well
known MAC, bridging between VLANs, or devices with multiple interfaces where
the MAC is the same.

> but,if this tag with current packet is not program in the VLAN-table, i
> mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of this
> vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?

if it is an unknown MAC, then it probably goes to the CPU anyway - but you
should drop the packet since there isnt anywhere you can usefuly send it
unless you have some sort of "any VLAN allowed" setting for a port.

Doing anything else makes it possible for someone who can craft an arbitary
packet to get it to cross between VLANs - there are enough security issues
around without inventing extra ones......

since the drop is a misconfiguration issue the switch should possibly log
the event as an error somewhere.

>
> Thanks in advance.
> Dilip.
--
Regards

Stephen Hope - return address needs fewer xxs

Reply to Stephen
Anonymous   05-09-2005 at 05:49:05 PM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

dilip_1379@hotmail.com wrote:
> Hi All,
>
> I am working with ethernet-switch i have query regarding VLAN.
> If any body knows Please give your answer.
>
> Ethernet switch supports shared VLAN feature.
> Let say in-comming packet to any port is vlan-tagged packet.
> First, destination address lookup will be perform.
> Secondly Vlan-lookup will be perform based on current tag.
> but,if this tag with current packet is not program in the VLAN-table,
i
> mean to say this tag is new for the switch.
> So, switch can not able to find that which port are the member of
this
> vlan-tag.
>
> In this case, what switch should do ?
> 1)Drop the packet ?
> 2)Forward to destinatiion Port ?
> 3)Forward to internal CPU ?


If the VLAN tag is one that the switch hasn't seen before, it
means it doesn't have a untagged/tagged membership set associated
with that VLAN yet. In that case, if the switch has ingress
filtering enabled, it will drop the packet there (because the
ingress port is not part of the VLAN's membership). If the
switch does not have ingress filtering on, then the frame will
make it through the learning process and that MAC address will
get learned on the port that it came in on. However, when it
is forwarded and the egress port (or ports) do a lookup to
determine if the port is in the member set for that VLAN,
the frame will end up getting drop.

In other words, if the VLAN is new to the switch, the frame
will always be discarded. However, depending on whether
or not ingress filtering is implemented and enabled, the
frame may be dropped on ingress or egress.

Anoop

Reply to Anonymous
Anonymous   05-09-2005 at 09:28:32 PM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

anoop wrote:

> If the VLAN tag is one that the switch hasn't seen before, it
> means it doesn't have a untagged/tagged membership set associated
> with that VLAN yet.

This statement should have read "If the VLAN tag is one that the
switch doesn't know about (i.e. the VLAN has not been configured
on that switch)...".

Anoop

Reply to Anonymous
Anonymous   05-18-2005 at 05:35:32 AM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

Hi Anoop,

Thanks a lot for detailed answer.

Regards
Dilip.

anoop wrote:
> anoop wrote:
>
> > If the VLAN tag is one that the switch hasn't seen before, it
> > means it doesn't have a untagged/tagged membership set associated
> > with that VLAN yet.
>
> This statement should have read "If the VLAN tag is one that the
> switch doesn't know about (i.e. the VLAN has not been configured
> on that switch)...".
>
> Anoop

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Network General Discussions > Ethernet Vlan-aware switch query.
Go to:

There are 430 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.321 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them