From: "Norman W. Finn" Subject: Re: VLAN Questions/Suggestions To: 100271.522@CompuServe.COM (Tony Jeffree) Date: Wed, 8 May 1996 20:17:06 -0700 (PDT) Cc: P8021@hepnrc.hep.net Tony Jeffree writes: > > JR Rivers writes: > > >>What is the usage of this "default" VLAN??? How is it different from > >>the "untagged" VLAN that is implied by frames without the VLAN type > >>field? > > Michelle's recent message gives a usage for the default VLAN. > > The structure of an untagged frame may imply membership of a specific VLAN; > e.g., for protocol-based VLANs, membership is implied by the PDU's structure > being consistent with the reqirements of a given protocol. This is rather > different from the "default" VLAN concept, which is about what you might do > with frames whose VLAN membership you cannot determine, or what you might do > in order to reach all members of all VLANs. (I echo here Milan Merhar's comments to the same effect.) I would think that it would be extremely dangerous to put an "unidentifiable" packet on the "default" VLAN. What if some other bridge can identify it, and sends it on a wire (untagged, of course) that gets it back to you? You then have a loop. A VLAN used to reach all switches could be very useful for layer 3 multicasts (e.g. IP multicast). Michele Wright's comments about using the default VLAN until a station gets configured, then switching it to the proper VLAN, also makes good sense. I would also suggest that a default VLAN can also be useful as the just-out-of-the-box default configuration which allows the bridge, itself, to get connectivity to the sysadmin for configuration purposes, or just to allow configuration-free universal connectivity in the same way that current non-VLAN bridges work. I'd like to hear a lot more about using the default VLAN for unrecognizable packets, however, before agreeing to it. That usage seems very dangerous. There are at least two kinds of "unrecognizable" default VLANs that we should not confuse: 1. A default VLAN to which *>endstations<* not otherwise recognized are sent to. How this would work: a. Switch cannot classify a packet at the low-level in its forwarding engine.) b. Switch applies the membership rules with software, or queries a membership rule server. Rules or server have a default VLAN to which unknown stations are assigned. This could be any VLAN-ID, and there could be more than one of them, based on rather general criteria. c. Endstation is assigned to that VLAN, and all packet switches can classify its packets to that same VLAN. 2. A default VLAN into which a *>packet<* is tossed by the low-level bridge forwarding engine if the packet cannot otherwise be classified, but which another bridge might perhaps be able to classify. Type 1 is, perhaps, useful. Call it a "management level default" VLAN. Type 2 is particularly dangerous if multiple spanning trees are in use, because loops can be generated. -- Norm