Forwarding Rules

Forwarding Rules

These rules determine the set of ports on the switch through which members of the VLAN can be reached. This is called binding a port to a VLAN. A port may be bound to a VLAN using the Web Agent in the following three ways:

Setting the Port VLAN attribute in the Switch Port Configuration Web page.This identifies the VLAN to which all untagged frames received on the port are forwarded. Static Binding, the port is bound to the VLAN selected in the Port VLAN parameter.

Note: A port has one Port VLAN. Changing this to a new VLAN removes the port from the old VLAN.

Setting the VLAN Binding attribute in the Switch Port Configuration Web page to Bind to All should be done on links connecting two layer2 switches, where multiple VLANs span across both switches, such that members of each VLAN are found on both sides of the link. Bind-to-all should not be used when the switches on both ends of the link act as routers, such that each IP subnet and each VLAN are confined to one side of the link only and do not have members connected to the switch at the other end. In such routing cases, the link is never used for intra-VLAN traffic but rather is used only for traffic routed from one router to the other. Thus, there is no need for the link to belong to multiple VLANs, and should not be configured to bind-to-all. It should be bound to a single VLAN that is dedicated to the connection between the two routers. Bind-to-all in this case is not only unnecessary, but also undesired as a lot of irrelevant broadcast/multicast traffic of other VLANs will be sent onto this link and into the switch on the other end, unnecessarily increasing the control-plane load on the supervisor and increasing the chance for harmful layer3 configuration errors.
Setting the VLAN Binding attribute in the Switch Port Configuration Web page to Bind to Received. This causes the port to be bound to all VLANs (as identified by the VLAN tag in tagged frames) received on this port. Consequently, ports are bound to those VLANs that actually have members that are reachable through the port.

Note: When an untagged frame arrives on a port that is set to Bind to ALL, it forwards the frame to the "port VLAN". When a tagged 802.1Q frame arrives on a port that is set to Bind to All and the VLAN doesn't exist on the switch the frame is dropped.

Ingress: Untagged frames are classified to the VLAN associated with the port on which the frame is received. Tagged frames are classified to the VLAN identified by the VLAN tag in the tag header of the frame.

Forwarding: Only forward frames to the port for the assigned VLAN.

Egress: All frames transmitted out of the port to be tagged using the IEEE 802.1Q/Multi-Layer tag header format. The tagged used will be that assigned to the port.