Graco GE-DS-242-POE Manual De Usuario
Chapter 6: Command Line Interface
138
GE-DS-242-PoE Managed Ethernet Switch User Manual
VLAN Configuration
Virtual LANs
A Virtual LAN (VLAN) is a logical network group that limits the broadcast domain. It
allows you to isolate network traffic so only members of the VLAN receive traffic from
the same VLAN members. Basically, creating a VLAN within a switch is logically
equivalent of reconnecting a group of network devices to another Layer 2 switch.
However, all the network devices are still plugged into the same switch physically. A
station can belong to more than one VLAN group. VLAN prevents users from
accessing network resources of another on the same LAN, thus the users can not see
the hard disks and printers of another user in the same building. VLAN can also
increase the network performance by reducing the broadcast traffic and enhance the
security of the network by isolating groups.
The GE-DS-242-PoE supports two types of VLANs:
• Port-based
• IEEE 802.1Q (tag) -based
Only one of the two VLAN types can be enabled at one time.
Port-based VLANs are VLANs where the packet forwarding decision is made based on
the destination MAC address and its associated port. You must define the outgoing
ports allowed for each port when you use port-based VLANs. In port-based VLANs,
the packets received from one port can only be sent to the ports which are
configured to the same VLAN. As shown in the following figure, the switch
administrator configured port 1~2 as VLAN 1 and port 3~4 as VLAN 2. The packets
received from port 1 can only be forwarded to port 2. The packets received from port
2 can only be forwarded to port 1. That means the computer A can send packets to
computer B, and vice versa. The same situation also occurred in VLAN 2. The
computer C and D can communicate with each other. However, the computers in
VLAN 1 can not see the computers in VLAN 2 since they belonged to different VLANs.
IEEE 802.1Q (tag) -based VLANs enable the Ethernet functionality to propagate
tagged packets across the bridges and provides a uniform way for creating VLAN
within a network then span across the network. For egress packet, you can choose to
tag it or not with the associated VLAN ID of this port. For ingress packet, you can
forward this packet to a specific port as long as it is also in the same VLAN group.
The 802.1Q VLAN works by using a tag added to the Ethernet packets. The tag
contains a VLAN Identifier (VID) which belongs to a specific VLAN group. And ports
can belong to more than one VLAN.
allows you to isolate network traffic so only members of the VLAN receive traffic from
the same VLAN members. Basically, creating a VLAN within a switch is logically
equivalent of reconnecting a group of network devices to another Layer 2 switch.
However, all the network devices are still plugged into the same switch physically. A
station can belong to more than one VLAN group. VLAN prevents users from
accessing network resources of another on the same LAN, thus the users can not see
the hard disks and printers of another user in the same building. VLAN can also
increase the network performance by reducing the broadcast traffic and enhance the
security of the network by isolating groups.
The GE-DS-242-PoE supports two types of VLANs:
• Port-based
• IEEE 802.1Q (tag) -based
Only one of the two VLAN types can be enabled at one time.
Port-based VLANs are VLANs where the packet forwarding decision is made based on
the destination MAC address and its associated port. You must define the outgoing
ports allowed for each port when you use port-based VLANs. In port-based VLANs,
the packets received from one port can only be sent to the ports which are
configured to the same VLAN. As shown in the following figure, the switch
administrator configured port 1~2 as VLAN 1 and port 3~4 as VLAN 2. The packets
received from port 1 can only be forwarded to port 2. The packets received from port
2 can only be forwarded to port 1. That means the computer A can send packets to
computer B, and vice versa. The same situation also occurred in VLAN 2. The
computer C and D can communicate with each other. However, the computers in
VLAN 1 can not see the computers in VLAN 2 since they belonged to different VLANs.
IEEE 802.1Q (tag) -based VLANs enable the Ethernet functionality to propagate
tagged packets across the bridges and provides a uniform way for creating VLAN
within a network then span across the network. For egress packet, you can choose to
tag it or not with the associated VLAN ID of this port. For ingress packet, you can
forward this packet to a specific port as long as it is also in the same VLAN group.
The 802.1Q VLAN works by using a tag added to the Ethernet packets. The tag
contains a VLAN Identifier (VID) which belongs to a specific VLAN group. And ports
can belong to more than one VLAN.