208 | VLANsw w w . d e l l . c o m | s u p p o r t . d e l l . c o m A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons forthe logical division, such as department or project membership. The only physical requirement is that theend station and the port to which it is connected both belong to the same VLAN.Each VLAN in a network has a VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header ofpackets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in whichcase the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID.A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.Two features introduced in SFTOS 2.5.1 let you define packet filters that the switch uses as the matchingcriteria to determine if a particular packet belongs to a particular VLAN:• The IP subnet-based VLAN feature maps IP addresses to VLANs by specifying a source IP address,network mask, and the desired VLAN ID. See Creating an IP Subnet-based VLAN on page 223.• The MAC-based VLAN feature let packets originating from end stations become part of a VLANbased on the source MAC address. To configure the feature, specify a source MAC address and aVLAN ID. See the show vlan association mac command in the System Configuration chapter of theSFTOS Command Reference.SFTOS 2.5.1 introduced two other VLAN features:• The Private Edge VLAN sets protection between ports located on the switch. A protected port cannotforward traffic to another protected port on the same switch. The feature does not provide protectionbetween ports located on different switches. See Configuring a Private Edge VLAN (PVLAN) onpage 223.• The native VLAN provides the ability for a port to handle both tagged and untagged frames, in order tohandle control plane traffic in the native VLAN while it also participates in another VLAN. SeeConfiguring a Native VLAN on page 224.Important Points to Remember• The default VLAN is VLAN 1. It cannot be changed. You cannot tag interfaces for VLAN 1.• A VLAN can include LAGs (port channels) and ports on multiple switches in the stack.• If a port is a member of multiple VLANs, it can be tagged in one VLAN and untagged in another.• With the SFTOS VLAN implementation, ports may belong to multiple tagged VLANs, and VLANmembership may be based on port or protocol.• The internal bridging and routing functions can act as logical ports of each other when VLAN routingis used.• 1024 VLANs can be in operation at one time, any of which can have a VLAN ID up to 3965. The top129 VLANs are reserved.• Each interface must have a single native VLAN (tagged or untagged) at all times (see Configuring aNative VLAN on page 224).• You can configure VLANs from either the Interface Range mode (see Bulk Configuration onpage 126) or Interface VLAN mode (see VLAN Mode Commands on page 210).Note: The VLAN association features described above are only available for the S50V andS25P, not the S50.