Enabling or disabling ingress filtering – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section III: VLANs

459

Enabling or Disabling Ingress Filtering

There are rules a switch follows when it receives and forwards an
Ethernet frame. There are rules for frames as they enter a port (called
ingress rules) and rules for when a frame is transmitted out a port (called
egress rules). A switch does not accept and forward a frame unless the
frame passes the ingress and egress rules.

There are many ingress and egress rules for Gigabit Ethernet switches. T
this discussion reviews only the rules as they apply to tagged frames,
because ingress filtering does not apply to untagged frames.

First, as a reminder, a tagged frame is an Ethernet frame that contains a
tagged header. The header contains the VID of the VLAN to which the
frame originated. For further information, refer to ”Tagged VLAN
Overview” on page 436.

The ingress rules are applied to tagged frames when ingress filtering is
activated. The switch examines the tagged header of each tagged frame
that enters a port and determines whether the tagged frame and the
port that received the frame are members of the same VLAN. If they
belong to the same VLAN, the port accepts the frame. If they belong to
different VLANs, the port discards the frame.

As an example, assume that a tagged frame with a VID of 4 is received on
a port that is a member of a VLAN also with a VID of 4. In this case, the
port accepts the frame, because both the frame and the port belong to
the same VLAN. If the frame and port belong to different VLANs, the
frame is discarded.

How do the egress rules apply when ingress filtering is disabled? First,
any tagged frame is accepted on any port on the switch. It does not
matter whether the frame and the port belong to the same or different
VLANs.

After the tagged frame is received, the switch examines the tagged
header and determines if the VID in the header corresponds to any
VLANs on the switch. If there is no corresponding VLAN, the switch
discards the frame. If there is, the switch transmits the frame out the port
to the destination node, assuming that the destination node’s MAC
address is in the MAC address table, or floods the port to all ports on the
VLAN if the MAC address is not in the table.

In addition, each tagged frame contains a priority tag that informs the
switch about the importance of the frame. Frames with a high priority
are handled ahead of frames with a low priority.