BigIron RX Series Configuration Guide 28953-1001986-01Configuring port-based VLANs 11• A port can belong to multiple, overlapping Layer 2 port-based VLANs only if the port is a taggedport. Packets sent out of a tagged port use an 802.1q-tagged frame.• A port can belong to multiple, unique, overlapping Layer 3 protocol-based VLANs.• When both port and protocol-based VLANs are configured on a given device, all protocol-basedVLANs must be strictly contained within a port-based VLAN. A protocol-based VLAN cannotinclude ports from multiple port-based VLANs. This rule is required to ensure that port-basedVLANs remain loop-free Layer 2 broadcast domains.• One of each type of protocol-based VLAN can be configured within each port-based VLAN onthe device.• Removing a configured port-based VLAN from a device automatically removes anyprotocol-based VLAN, or any virtual routing interfaces defined within the port-based VLAN.Layer 2 control protocols on VLANsLayer 2 protocols such as STP, RSTP, MRP, and VSRP can be enabled on a port-based VLANs, butyou cannot enable or disable these protocols for protocol-based VLANs.The Layer 2 state associated with a VLAN and port is determined by the Layer 2 control protocol.Layer 2 broadcasts associated with the VLAN will not be forwarded on this port if the Layer 2 stateis not FORWARDING.It is possible that the control protocol, for example STP, will block one or more ports in aprotocol-based VLAN that uses a virtual routing interface to route to other VLANs. For IP protocoland IP subnet VLANs, even though some of the physical ports of the virtual routing interface areblocked, the virtual routing interface can still route as long as at least one port in the virtual routinginterface’s protocol-based VLAN is not blocked by STP.You can also enable Single STP (SSTP) on the device; however, the ports in all VLANs on which SSTPis enabled become members of a single spanning tree. The ports in VLANs on which SSTP isdisabled are excluded from the single spanning tree. A VLAN can also be selectively added orremoved from the single spanning tree domain.Configuring port-based VLANsAs explained above, you can place ports into VLANs to segment traffic into broadcast domains.When you create a VLAN, you specify if ports added to that VLAN are tagged or untagged.To create a VLAN, do the following.1. At the global CONFIG level assign an ID to the VLAN. For example,BigIron RX(config)# vlan 2Syntax: [no] vlan-id [name ]VLAN IDs can be in the range of 1 – 4089; however, do not use VLANs 4090 – 4094. These IDsare reserved and are used for control purposes. Also, VLAN IDs 0 and 4095 are reserved by theIEEE standards and cannot be configured. Use the no form of the command to delete the VLANfrom the configuration.In addition to a VLAN number, you can assign a name to a VLAN by entering name. Enter up to 32 characters for name.