D-Link Dsh8 Manual

							
 Chapter 5: Web-Based Management 
GE-DSH-73/DSH-82 and DSH-82-PoE User Manual  77 
VLAN Configuration 
VLAN Overview 
A Virtual LAN (VLAN) is a logical network gr ouping that limits the broadcast domain. It 
allows you to isolate network traffic so only  members of the VLAN receive traffic from 
the same VLAN members. Basically, creati ng a VLAN from a switch is logically 
equivalent of reconnecting a group of ne twork devices to another Layer 2 switch. 
However, all the network devices are still  plug into the same switch physically. 
The Managed Industrial Switch support s IEEE 802.1Q (tagged-based) and Port-Base 
VLAN setting in web management page. In th e default configuration, VLAN support is 
Disable.  
•  Port-based VLAN 
Port-based VLAN limit traffic that flows into  and out of switch ports. Thus, all devices 
connected to a port are members of the VLAN (s) the port belongs to, whether there is 
a single computer directly connected to a switch, or an entire department. 
On port-based VLAN.NIC do not need to be  able to identify 802.1Q tags in packet 
headers. NIC send and receive normal Ethe rnet packets. If the packets destination 
lies on the same segment, communication s take place using normal Ethernet 
protocols. Even though this is always the  case, when the destination for a packet lies 
on another switch port, VLAN considerations co me into play to decide if the packet is 
dropped by the Switch or delivered. 
•  IEEE 802.1Q VLANs 
IEEE 802.1Q (tagged) VLAN are implemente d on the Switch. 802.1Q VLAN require 
tagging, which enables them to span the en tire network (assuming all switches on 
the network are IEEE 802.1Q-compliant). 
VLAN allow a network to be segmented in  order to reduce the size of broadcast 
domains. All packets entering a VLAN will on ly be forwarded to the stations (over IEEE 
802.1Q enabled switches) that are member s of that VLAN, and this includes 
broadcast, multicast and unicast  packets from unknown sources. 
VLAN can also provide a level  of security to your network. IEEE 802.1Q VLAN will only 
deliver packets between stations that ar e members of the VLAN. Any port can be 
configured as either tagging or untagging:  
o The untagging feature of IEEE 802.1Q VLAN  allows VLAN to work with legacy 
switches that dont recognize VLAN tags in packet headers.  
o  The tagging feature allows VLAN to s pan multiple 802.1Q-compliant switches 
through a single physical connection an d allows Spanning Tree to be enabled 
on all ports and work normally. 
Some relevant terms:  
						

							
Chapter 5: Web-Based Management 
78  GE-DSH-73/DSH-82 and DSH-82-PoE User Manual 
Tagging - The act of putting 802.1Q VLAN information into the header of a packet. 
Untagging - The act of stripping 802.1Q VLAN  information out of the packet header. 
•  802.1Q VLAN Tags 
The figure below shows the 802.1Q VLAN  tag. There are four additional octets 
inserted after the source MAC address. Thei r presence is indicated by a value of 
0x8100 in the Ether Type field. When a packe ts Ether Type field is equal to 0x8100, 
the packet carries the IEEE 802.1Q/802.1p tag.  The tag is contained in the following 
two octets and consists of 3 bi ts of user priority, 1 bit of Canonical Format Identifier 
(CFI - used for encapsulating Token Ring  packets so they can be carried across 
Ethernet backbones), and 12 bits of VLAN ID (V ID). The 3 bits of user priority are used 
by 802.1p. The VID is the VLAN identifier an d is used by the 802.1Q standard. Because 
the VID is 12 bits long, 4094 unique VLAN can be identified. 
The tag is inserted into the packet header making the entire packet longer by 4 
octets. All of the information originally  contained in the packet is retained. 
 
802.1Q Tag 
User Priority  CFI VLAN ID (VID) 
                              3 bits          1 bits                  12 bits 
 
 
TPID (Tag Protocol Identifier)  TCI (Tag Control Information) 
2 bytes   2 bytes 
 
 
Preamble Destination 
Address  Source 
Address VLAN TAG Ethernet  Type  Data FCS 
6 bytes    6 bytes    4 bytes    2 bytes     46-1517 bytes   4 bytes 
 
The Ether Type and VLAN ID are inserted 
after the MAC source address, but before 
the original Ether Type/Length or Logical Li nk Control. Because the packet is now a bit 
longer than it was originally, the Cy clic Redundancy Check (CRC) must be 
recalculated. 
 
 
Adding an IEEE802.1Q Tag 
 
Dest. Addr.  Src. Addr.  Length/E. type  Data  Old CRC 
 
Dest. Addr.  Src. Addr.  E. type Tag Length/E. type  Data  New CRC 
 
Priority CFI VLAN ID 
 
New Tagged Packet 
Original Ethernet  
						

							
 Chapter 5: Web-Based Management 
GE-DSH-73/DSH-82 and DSH-82-PoE User Manual  79 
 
•  Port VLAN ID 
Packets that are tagged (are carrying the 802. 1Q VID information) can be transmitted 
from one 802.1Q compliant network device  to another with the VLAN information 
intact. This allows 802.1Q VLAN to span  network devices (and indeed, the entire 
network - if all network devices are 802.1Q compliant). 
Every physical port on a switch has a PVID.  802.1Q ports are also assigned a PVID, for 
use within the switch. If no VLAN are defined on the switch, all ports are then 
assigned to a default VLAN with a PVID  equal to 1. Untagged packets are assigned 
the PVID of the port on which they were  received. Forwarding decisions are based 
upon this PVID, in so far as VLAN ar e concerned. Tagged packets are forwarded 
according to the VID contained within the  tag. Tagged packets are also assigned a 
PVID, but the PVID is not used to make  packet forwarding decisions, the VID is. 
Tag-aware switches must keep a table to rela te PVID within the switch to VID on the 
network. The switch will compare the VID of  a packet to be transmitted to the VID of 
the port that is to transmit the packet. If  the two VID are different the switch will drop 
the packet. Because of the existence of  the PVID for untagged packets and the VID 
for tagged packets, tag-aware and tag-unaware  network devices can coexist on the 
same network. 
A switch port can have only one PVID, but  can have as many VID as the switch has 
memory in its VLAN table to store them. 
Because some devices on a network may be  tag-unaware, a decision must be made 
at each port on a tag-aware device befo re packets are transmitted - should the 
packet to be transmitted have a tag or not?  If the transmitting port is connected to a 
tag-unaware device, the packet should be  untagged. If the transmitting port is 
connected to a tag-aware device,  the packet should be tagged. 
•  Default VLANs 
The Switch initially configures one VLAN, VI D = 1, called default. The factory default 
setting assigns all ports on the Switch to th e default. As new VLAN are configured in 
Port-based mode, their respective member  ports are removed from the default. 
 
NOTE:  No matter what basis is used to uniquel y identify end nodes and assign these 
nodes VLAN membership, packets cannot cross VLAN without a network device 
performing a routing function between the VLAN. 
The Switch supports Port-based VLAN an d IEEE 802.1Q VLAN. The port untagging 
function can be used to remove the 802. 1 tag from packet headers to maintain 
compatibility with devices that are tag-unaware.  
						

							
Chapter 5: Web-Based Management 
80  GE-DSH-73/DSH-82 and DSH-82-PoE User Manual 
 
VLAN Configuration 
A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain. It 
allows you to isolate network traffic so only  members of the VLAN receive traffic from 
the same VLAN members. Basically, creati ng a VLAN from a switch is logically 
equivalent of reconnecting a group of ne twork devices to another Layer 2 switch. 
However, all the network devices are still  plug into the same switch physically. 
The Industrial Switch supports Port-based , 802.1Q (Tagged-based) and GVRP VLAN in 
web management page. In the default conf iguration, VLAN support is Disable. 
Figure 5-30:  VLAN Configuration interface 
 
Port-based VLAN 
A port-based VLAN basically consists of  its members-ports, which means that the 
VLAN is created by grouping the sele cted ports. This method provides the 
convenience for users to conf igure a simple VLAN easily without complicated steps. 
Packets can go among only members of th e same VLAN group. Note all unselected 
ports are treated as belonging to anothe r single VLAN. If the port-based VLAN 
enabled, the VLAN-tagging is ignored. The  port-based VLAN function allows the user 
to create separate VLANs to limit the unne cessary packet flooding; however, for the 
purpose of sharing resource, a single po rt called a common port can belongs to 
different VLANs, which all the member devi ces (ports) in different VLANs have the 
permission to access the  common port while they st ill cannot communicate with 
each other in different VLANs.  
						

							
 Chapter 5: Web-Based Management 
GE-DSH-73/DSH-82 and DSH-82-PoE User Manual  81 
Figure 5-31:  VLAN - Port Based interface 
 
•  Pull down the selection item and focus on  Port Based then press to set the VLAN 
Operation Mode in Port Based mode. 
Click  ADD to add a new VLAN group (The maximum VLAN groups are up to 64). 
Figure 5-32:  VLAN - Port Based Add interface 
 
• Enter the group name and VLAN ID. Add th e selected port number into the right 
field to group these members to be a VLAN  group, or remove any of them listed in 
the right field from the VLAN. 
•  And then, click  APPLY to have the configuration take effect. 
•  You will see the VLAN list displays.  
						

							
Chapter 5: Web-Based Management 
82  GE-DSH-73/DSH-82 and DSH-82-PoE User Manual 
Figure 5-33:  VLAN-Port Based Edit/Delete interface 
 
• Use  DELETE  to delete the VLAN. 
•  Use  EDIT  to modify group name, VLAN ID, or add/remove the members of the 
existing VLAN group. 
NOTE:  Remember to execute the Save Config uration action, otherwise the new 
configuration will be lost  when switch power off. 
802.1Q VLAN 
Virtual Local Area Network (VLAN) can be  implemented on the Industrial Switch to 
logically create different broadcast domain. 
When the 802.1Q VLAN function is enabled, a ll ports on the switch belong to default 
VLAN of VID 1, which means they logica lly are regarded as members of the same 
broadcast domain. The valid VLAN ID is in the range of number between 1 and 4094. 
The amount of VLAN groups is up to  256 including default VLAN that cannot be 
deleted. 
Each member port of 802.1Q  is on either an Access Link (no VLAN-tagged) or a Trunk 
Link (VLAN-tagged)[KK1]. All frames on an  Access Link carry no VLAN identification. 
Conversely, all frames on a Trunk Link are  VLAN-tagged. Besides, there is the third 
mode-Hybrid. A Hybrid Link can carry  both VLAN-tagged frames and untagged 
frames. A single port is suppo sed to belong to one VLAN group, except it is on a 
Trunk/Hybrid Link. 
The technique of 802.1Q tagging inserts a  4-byte tag, including VLAN ID of the 
destination port-PVID, in the frame. With  the combination of Access/Trunk/Hybrid 
Links, the communication across switches  also can make the packet sent through 
tagged and untagged ports.  
						

							
 Chapter 5: Web-Based Management 
GE-DSH-73/DSH-82 and DSH-82-PoE User Manual  83 
•  802.1Q VLAN Port Configuration 
This page is used for configuring the Indust rial Switch port VLAN. The VLAN per Port 
Configuration page contains fields for man aging ports that are part of a VLAN. The 
port default VLAN ID (PVID)  is configured on the VLAN Port Configuration page. All 
untagged packets arriving to the devi ce are tagged by the ports PVID. 
Understanding the nomenclature of the Switch 
•  IEEE 802.1Q Tagged and Untagged 
Every port on an 802.1Q compliant switch  can be configured as tagged or untagged. 
 
Tagged 
(Trunk Link)  Ports with tagging enabled will put the 
VID number, priority and other VLAN 
information into the header of all packets th at flow into those ports. If a packet has 
previously been tagged, the port will not alter the packet, thus keeping the VLAN 
information intact. The VLAN information  in the tag can then be used by other 
802.1Q compliant devices on the network  to make packet-forwarding decisions. 
Untagged 
(Access Link)  Ports with untagging enabled will strip the 802.
1Q tag from all packets that flow into 
those ports. If the packet doesnt have an  802.1Q VLAN tag, the port will not alter the 
packet. Thus, all packets received by and forwarded by an untagging port will have 
no 802.1Q VLAN information. (R emember that the PVID is only used internally within 
the Switch). Untagging is used to send  packets from an 802.1Q-compliant network 
device to a non-compliant network device. 
 
 
Frame Income 
Frame Leave Income Frame is  tagged Income Frame is  untagged 
Leave port is tagged  Frame remains tagged  Tag is inserted 
Leave port is untagged  Tag is removed  Frame remain untagged 
 
Here pay attention to the explaining of Access, Trunk and Hybrid. \
• Access: Ports will strip the 802.1Q tag from  all packets that out of those ports. If 
the packet doesnt have an 802.1Q VLAN t ag, the port will not alter the packet. 
Thus, all packets received by and forward ed by an untagging port will have no 
802.1Q VLAN information. Untagging is  used to send packets from an 802.1Q-
compliant network device to a non-compliant network device. 
Ports with Access mode belo ng to a single untagged VLAN. 
•  Trunk: Ports with tagging enabled will put the VID number, priority and other VLAN 
information into the header of all packets  that out of those ports. If a packet has 
previously been tagged, the port will no t alter the packet, thus keeping the VLAN 
information intact. The VLAN information  in the tag can then be used by other 
802.1Q compliant devices on the network  to make packet forwarding decisions.  
						

							
Chapter 5: Web-Based Management 
84  GE-DSH-73/DSH-82 and DSH-82-PoE User Manual 
• Hybrid: The port belongs to VLANs, and ea ch VLAN is user-defined as tagged or 
untagged (full 802.1Q mode). Ports will stri p the 802.1Q tag from all packets that 
out of those ports. 
 
Port Mode VLAN Membership Frame Leave 
Access Link  Belongs to a single untagged VLAN  Untagged 
( Tag=PVID be removed) 
Trunk Link 
Allowed to belongs to multiple Tagged 
VLANs at the same time  Tagged 
(Tag=PVID or Original VID be remained) 
Hybrid Link 
Allowed to belongs to multiple untagged 
VLANs at the same time  Untagged by specify VID 
 
The 802.1Q VLAN Port Configurat
ion screen is shown below: 
Figure 5-34:  802.1Q VLAN mode 
  
						

							
 Chapter 5: Web-Based Management 
GE-DSH-73/DSH-82 and DSH-82-PoE User Manual  85 
This page includes the following fields: 
 
Object Description 
Enable GVRP Protocol:  GVRP (GARP VLAN Registration Protocol) is a protocol that facilitates 
control of virtual local area networks (VLANs) within a larger network. 
GVRP conforms to the IEEE 802.1Q sp
ecification, which defines a method 
of tagging frames with VLAN configuration data. This allows network 
devices to dynamically exchange VL AN configuration information with 
other devices. For example, having enabled GVRP on two switches, they 
are able to automatically exchange the information of their VLAN 
database. Therefore, the user doesn’t need to manually configure 
whether the link is trunk or hybrid, the packets belonging to the same 
VLAN can communicate across switches . Tick this checkbox to enable 
GVRP protocol. This checkbox is available while the VLAN Operation 
Mode is in 802.1Q mode. 
Management VLAN ID:  Only when the VLAN members, whose 
Untagged VID (PVID) equals to the 
value in this column, will have the permission to access the switch. The 
default value is ‘0’ that means this limit is not enabled (all members in 
different VLANs can access this switch). 
Link Type:  There are 3 types of link type. 
Access Link:  
A segment which provides the link path
 for one or more stations to the 
VLAN-aware device. An Access Port  (untagged port), connected to the 
access link, has an untagged VID (also called PVID). After an untagged 
frame gets into the access port, the switch will insert a four-byte tag in 
the frame. The contents of the last 12-bit of the tag is untagged VID. 
When this frame is sent out through any of the access port of the same 
PVID, the switch will remove the tag from the frame to recover it to what 
it was. Those ports of the same untagged VID are regarded as the same 
VLAN group members. 
Trunk Link:  
A segment which provides the link path for one or more VLAN-aware 
devices (switches). A Trunk Port, connected to the trunk link, has an 
understanding of tagged frame, which is used for the communication 
among VLANs across switches. Which  frames of the specified VIDs will 
be forwarded depends on the values filled in the Tagged VID column 
field. Please insert a comma between two VIDs. 
Hybrid Link:  
A segment which consists of Access an d Trunk links. The hybrid port has 
both the features of access and trunk ports. A hybrid port has a PVID 
belonging to a particular VLAN, and it also forwards the specified 
tagged-frames for the purpose of VLAN communication across 
switches. 
Untagged VID:  This column field is available when Link Type is set as Access Link and 
Hybrid Link. Assign a number 
in the range between 1 an 4094.  
						

							
Chapter 5: Web-Based Management 
86  GE-DSH-73/DSH-82 and DSH-82-PoE User Manual 
Object Description 
Tagged VID: This column field is available when 
Link Type is set as Trunk Link and 
Hybrid Link. Assign a number  in the range between 1 an 4094. 
 
NOTE: Access Link: 
Because the access port doesnt have an  understanding of tagged frame, the column 
field of Tagged VID is not available. 
 
NOTE:  Trunk Link 
1. A trunk port doesnt insert tag into an  untagged frame, and therefore the untagged 
VID column field is not available. 
2. Its not necessary to ty pe 1 in the tagged VID. The trunk port will forward the 
frames of VLAN 1. 
3. The trunk port has to be connected to a tr unk/hybrid port of the other switch. Both 
the tagged VID of the two po rts have to be the same. 
 
NOTE: Hybrid Link 
1. Its not necessary to type 1 in the  tagged VID. The hybrid port will forward the 
frames of VLAN 1. 
2. The trunk port has to be connected to a tr unk/hybrid port of the other switch. Both 
the tagged VID of the two po rts have to be the same. 
 
• Pull down the selection item and focus  on 802.1Q then press to set the VLAN 
Operation Mode in 802.1Q mode 
•  You can see the link type, untagged VID, an d tagged VID information of each port 
in the table below on the screen.