R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

The web interface is available only for port-based VLANs, and this chapter only describes port-based

VLANs.

Port-based VLAN

Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is

assigned to the VLAN.

Port link type

You can configure the link type of a port as access, trunk, or hybrid. The link types use the following

VLAN tag handling methods:

• An access port belongs to only one VLAN and usually connects to a user device.

• A trunk port can carry multiple VLANs to receive and send traffic for them. Except traffic from the

port VLAN ID (PVID), traffic sent through a trunk port will be VLAN tagged. It usually connects to a

network device.

• Like a trunk port, a hybrid port can carry multiple VLANs to receive and send traffic for them. Unlike

a trunk port, a hybrid port allows traffic of all VLANs to pass through VLAN untagged. It can

connect to either a user device or a network device.

PVID

By default, VLAN 1 is the PVID for all ports. You can change the PVID for a port as required.

Use the following guidelines when configuring the PVID on a port:

• An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of

the port. The PVID of the access port changes along with the VLAN to which the port belongs.

• A trunk or hybrid port can carry multiple VLANs, and you can configure a PVID for the port.

The following table shows how ports of different link types handle frames:

Port type

Actions (in the inbound direction)

Actions (in the outbound

direction)

Unta

ed frame Ta

ed frame

Access

Tag the frame with the

PVID tag.

• Receives the frame if its

VLAN ID is the same as

the PVID.

• Drops the frame if its

VLAN ID is different from

the PVID.

Removes the VLAN tag and sends

the frame.

Trunk

Checks whether the PVID

is permitted on the port:

• If yes, tags the frame

with the PVID tag.

• If not, drops the

frame.

• Receives the frame if its

VLAN is permitted on the

port.

• Drops the frame if its

VLAN is not permitted on

the port.

• Removes the tag and sends

the frame if the frame carries

the PVID tag and the port

belongs to the PVID.

• Sends the frame without

removing the tag if its VLAN is

carried on the port but is

different from the PVID.

Hybrid

Sends the frame if its VLAN is

permitted on the port. The frame

is sent with the VLAN tag

removed or intact depending on

your configuration.