Enabling or disabling ingress filtering – Allied Telesis AT-S39 User Manual
Page 125
AT-S39 User’s Guide
125
Enabling or Disabling Ingress Filtering
There are certain rules a switch follows as it receives and forwards an
Ethernet frame. There are rules for frames as they enter a port (called
ingress rules) and rules for when a frame is transmitted out a port (called
egress rules). A switch will not accept and forward a frame unless the
frame passes the ingress and egress rules.
There are quite a few ingress and egress rules for Fast Ethernet switches.
Fortunately, this discussion need only review the rules as they apply to
tagged frames, because ingress filtering does not apply to untagged
frames, nor to any frames, tagged or untagged, when the switch is
operating in the Basic VLAN Mode.
First, just as a reminder, a tagged frame is an Ethernet frame that
contains a tagged header. The header contains the VID of the VLAN to
which the frame originated. For further information, refer to Tagged
VLAN Overview on page 100.
Let’s first examine how the ingress rules are applied to tagged frames
when ingress filtering is activated. What the switch does is it examines
the tagged header of each tagged frame that enters a port and
determines whether the tagged frame and the port that received the
frame are members of the same VLAN. If they belong to the same VLAN,
the port accepts the frame. If they belong to different VLANs, the port
discards the frame.
Here is an example. Assume that a tagged frame with a VID of 4 is
received on a port that is a member of a VLAN also with a VID of 4. In this
case, the port accepts the frame, because both the frame and the port
belong to the same VLAN. If the frame and port had belonged to
different VLANs, the frame is discarded.
So how do the egress rules apply when ingress filtering is disabled? First,
any tagged frame is accepted on any port on the switch. It does not
matter whether the frame and the port belong to the same or different
VLANs.
Once the tagged frame is received, the switch examines the tagged
header and determines if the VID in the header corresponds to any
VLANs on the switch. If there isn’t a corresponding VLAN, the switch
discards the frame. If there is, the switch transmits the frame out the port
to the destination node, assuming that the destination node’s MAC
address is in the MAC address table, or floods the port to all ports on the
VLAN if the MAC address is not in the table.