BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
90 Chapter 4: VLANs BMD00113, September 2009
VLAN Tagging
BLADE OS software supports 802.1Q VLAN tagging, providing standards-based VLAN support
for Ethernet systems.
Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to
multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that
port.
Since tagging fundamentally changes the format of frames transmitted on a tagged port, you must
carefully plan network designs to prevent tagged frames from being transmitted to devices that do
not support 802.1Q VLAN tags, or devices where tagging is not enabled.
Important terms used with the 802.1Q tagging feature are:
VLAN identifier (VID)—the 12-bit portion of the VLAN tag in the frame header that identifies
an explicit VLAN.
Port VLAN identifier (PVID)—a classification mechanism that associates a port with a
specific VLAN. For example, a port with a PVID of 3 (PVID =3) assigns all untagged frames
received on this port to VLAN 3. Any untagged frames received by the switch are classified
with the PVID of the receiving port.
Tagged frame—a frame that carries VLAN tagging information in the header. This VLAN
tagging information is a 32-bit field (VLAN tag) in the frame header that identifies the frame as
belonging to a specific VLAN. Untagged frames are marked (tagged) with this classification as
they leave the switch through a port that is configured as a tagged port.
Untagged frame— a frame that does not carry any VLAN tagging information in the frame
header.
Untagged member—a port that has been configured as an untagged member of a specific
VLAN. When an untagged frame exits the switch through an untagged member port, the frame
header remains unchanged. When a tagged frame exits the switch through an untagged member
port, the tag is stripped and the tagged frame is changed to an untagged frame.
Tagged member—a port that has been configured as a tagged member of a specific VLAN.
When an untagged frame exits the switch through a tagged member port, the frame header is
modified to include the 32-bit tag associated with the VID. When a tagged frame exits the
switch through a tagged member port, the frame header remains unchanged (original VID
remains).
Note – If a 802.1Q tagged frame is received by a port that has VLAN-tagging disabled, then the
frame is dropped at the ingress port.