Filter
Top Products
AT-S63 Management Software Features Guide
Section VI: Virtual LANs 289
The community characteristic of egress ports relieves you from having to
map each address to its corresponding egress port. You only need to be
sure that all egress ports in a MAC address-based VLAN are represented
at least once by being assigned to at least one address.
It is also important to note that a MAC address must be assigned at least
one egress port to be considered a member of a MAC address-based
VLAN. VLAN membership of packets from a source MAC address not
assigned any egress ports is determined by the PVID of the port where the
packets are received.
Because egress ports are considered as a community within a VLAN, you
can simplify the mappings by assigning all of the egress ports to just one
MAC address and, for the rest of the addresses, assigning just one port.
This will make it easier to add or delete MAC addresses or egress ports
from a VLAN. Here is how the example might look.
A switch can support more than one MAC-address VLAN at a time and a
port can be an egress member of more than one VLAN. While this can
prove useful in some situations, it can also result in VLAN leakage where
the traffic of one VLAN crosses the boundary into other VLANs.
The problem arises in the case of unknown unicast traffic. If the switch
receives a packet from a member of a MAC address-based VLAN with an
unknown destination address, it floods the packet on all egress ports of the
VLAN. If the VLAN contains a port that is also serving as an egress port of
another VLAN, the node connected to the port receives the flooded
packets, even if it does not belong to the same VLAN as the node that
generated the packet.
Here’s an example. Assume that Port 4 on a switch has been designated
an egress port of three MAC address-based VLANs. Any unknown unicast
traffic that the switch receives that belong to any of the VLANs will be
flooded out Port 4, even if there are no active members of that particular
VLAN on the port. This means that whatever device is connected to the
port receives the flooded traffic of all three VLANs.
Table 22. Revised Example of Mappings of MAC Addresses to Egress Ports
MAC Address End Node Egress Port
00:30:84:54:1A:45 Workstation 1 (Port 1) 1-6
00:30:84:C3:5A:11 Workstation 2 (Port 2) 1
00:30:84:22:67:17 Workstation 3 (Port 3) 1
00:30:84:78:75:1C Workstation 4 (Port 4) 1
00:30:79:7A:11:10 Server (Port 5) 1
00:30:42:53:10:3A Printer (Port 6) 1