Virtual LANs (VLAN) | 907Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN,you must create another VLAN and place the interface into that VLAN. Alternatively, enter the noswitchport command, and FTOS removes the interface from the Default VLAN.A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces canbelong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no taggedinterface command. Only after the interface is untagged and a member of the Default VLAN can you usethe no switchport command to remove the interface from Layer 2 mode. For more information, see VLANsand Port Tagging.Port-Based VLANsPort-based VLANs are a broadcast domain defined by different ports or interfaces. In FTOS, a port-basedVLAN can contain interfaces from different line cards within the chassis. FTOS supports 4094 port-basedVLANs.Port-based VLANs offer increased security for traffic, conserve bandwidth, and allow switchsegmentation. Interfaces in different VLANs do not communicate with each other, adding some security tothe traffic on those interfaces. Different VLANs can communicate between each other by means of IProuting. Because traffic is only broadcast or flooded to the interfaces within a VLAN, the VLAN conservesbandwidth. Finally, you can have multiple VLANs configured on one switch, thus segmenting the device.Interfaces within a port-based VLAN must be in Layer 2 mode and can be tagged or untagged in theVLAN ID.VLANs and Port TaggingTo add an interface to a VLAN, it must be in Layer 2 mode. After you place an interface in Layer 2 mode,it is automatically placed in the Default VLAN. FTOS supports IEEE 802.1Q tagging at the interface levelto filter traffic. When tagging is enabled, a tag header is added to the frame after the destination and sourceMAC addresses. That information is preserved as the frame moves through the network. Figure 47-2illustrates the structure of a frame with a tag header. The VLAN ID is inserted in the tag header.Figure 47-2. Tagged Frame FormatThe tag header contains some key information used by FTOS:Note: E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. EarlierExaScale supports 2094 VLANS.EthernetPreamble DestinationAddressSourceAddressTagHeaderProtocolTypeData45 - 1500 octets2 octets4 octets 4 octets6 octets 6 octetsFrameCheckSequenceFN00001B