For Multilayer Switching Modules, protocol-based VLANs enable you to use protocol type and bridge ports as the distinguishing characteristics for your VLANs.

Important Considerations

When you create this type of VLAN interface, review these guidelines:

• If you plan to use the VLAN for bridging purposes, select one or more protocols per VLAN. Select them one protocol at a time.

• If you plan to use the VLAN for routing, you can select one or more protocols per VLAN, one protocol at a time, and subsequently define a routing interface for each routable protocol that is associated with the VLAN. You can perform routing as follows:

  • You can route between VLANs defined on Multilayer Switching Modules.

  • You can use a Multilayer Switching Module to route between VLANs that are defined on Layer 2 modules.

• The Multilayer Switching Modules support routing for three protocol suites: IP, IPX, and AppleTalk.

• To define a protocol-based VLAN interface, specify this information:

  • The VID, or accept the next-available VID.

  • The bridge ports that are part of the VLAN interface. (If you have trunk ports, specify the anchor port for the trunk.)

  • The protocol for the specified ports in the VLAN.

  • Tag status (none or IEEEE 802.1Q). IEEE 802.1Q tagging must be selected for ports that overlap on both port and protocol (for example, if two IPX VLANs overlap on port 3).

  • The name of this VLAN interface.

• If you use IP as the protocol and also specify a layer 3 address, the protocol-based VLAN becomes a network-based VLAN.

  You can either configure network-based IP VLANs (IP VLANs with unique Layer 3 IP addresses) or you can define a single protocol-based VLAN with the protocol type IP and then define multiple IP routing interfaces for that VLAN. For more information on network-based VLANs, see "Network-based IP VLANs" later in this chapter.

The protocol suite describes which protocol entities can comprise a protocol-based VLAN. For example, VLANs on the Multilayer Switching Module support the IP protocol suite, which has three protocol entities (IP, ARP, and RARP).

Table 53 lists the protocol suites that the Multilayer Switching Module supports, as well as the number of protocols that are associated with each protocol suite.

Table 53 Supported Protocol Suites for VLAN Configuration

Protocol Suite	Protocol Entities	Number of Protocol Suites	Number of Protocols in a Suite
IP	IP, ARP, RARP (Ethernet Version 2, SNAP PID)	1	3
Novell IPX	IPX (supports all of the following 4 IPX types): IPX - Type II (Ethernet Version 2) IPX - 802.2 LLC (DSAP/SSAP value 0xE0 hex) IPX - 802.3 Raw (DSAP/SSAP value 0xFF hex) IPX - 802.2-SNAP (DSAP/SSAP value 0xAA hex)	4 1 1 1 1	2 1 01 0* 1
AppleTalk	DDP, AARP (Ethernet Version 2, SNAP PID)	1	2
Xerox XNS	XNS IDP, XNS Address Translation, XNS Compatibility (Ethernet Version 2, SNAP PID)	1	3
DECnet	DEC MOP, DEC Phase IV, DEC LAT, DEC LAVC (Ethernet Version 2, SNAP PID)	1	5
SNA	SNA Services over Ethernet (Ethernet Version 2 and DSAP/SSAP values 0x04 and 0x05 hexadecimal)	2	1
Banyan VINES	Banyan (Ethernet Version 2, DSAP/SSAP value 0xBC hexadecimal, SNAP PID)	1	1
X25	X.25 Layer 3 (Ethernet Version 2)	1	1
NetBIOS	NetBIOS (DSAP/SSAP value 0xF0 hexadecimal)	1	0*
Default (unspecified)	Default (all protocol types)	1	1

1 This protocol does not use an Ethernet protocol type.

Your Multilayer Switching Modules impose two important limits regarding the number of VLANs and the number of protocols:

• Number of VLANs supported - To determine the minimum number of VLANs that the Multilayer Switching Module can support, use the equation described in "Number of VLANs" earlier in this chapter. A Multilayer Switching Module supports a maximum of 64 VLANs.

• Maximum number of protocols - Use the value 15 as the limit of protocols that can be implemented on the Multilayer Switching Module. A protocol suite that is used in more than one VLAN is counted only once towards the maximum number of protocols. For example, the DECnet protocol suite uses 5 of the available 15 protocols, regardless of the number of VLANs that use DECnet.

Your Multilayer Switching Modules support routing using IP, IPX, and AppleTalk VLANs. If VLANs are configured for other routable network layer protocols, they can communicate between them only via an external router or a Multilayer Switching Module configured for routing.

The Multilayer Switching Module's routing over bridging model lets you configure routing protocol interfaces based on a static VLAN defined for one or more protocols. You must first define a VLAN to support one or more protocols and then assign a routing interface for each protocol associated with the VLAN. (You can also opt to use a routing versus bridging model by defining a router port IP interface, as defined in Chapter 16).

Because the Multilayer Switching Modules support router port IP interfaces as well as IP router interfaces for static VLANs, you must now specify the interface type vlan when you define an IP interface for a static VLAN.

Important Considerations

To create an IP interface that can route through a static VLAN, you must:

1 .   Create a protocol-based IP VLAN for a group of bridge ports. (If the VLAN overlaps with another VLAN on any ports, be sure that you define it in accordance with the requirements of your VLAN mode.)

(This IP VLAN does not need to contain Layer 3 information unless you want a network-based IP VLAN. See "Network-based IP VLANs" later in this chapter.)

2 .   Configure an IP routing interface with a network address and subnet mask and specify the interface type vlan.

3 .   Select the IP VLAN interface index that you want to bind to that IP interface.

If Layer 3 information is provided in the IP VLAN interface for which you are configuring an IP routing interface, the subnet portion of both addresses must be compatible. For example:

• IP VLAN subnet 157.103.54.0 with subnet mask of 255.255.255.0

• IP host interface address 157.103.54.254 with subnet mask of 255.255.255.0

Layer 2 (bridging) communication is still possible within an IP VLAN (or router interface) for the group of ports within that IP VLAN. For allClosed VLANs, IP data destined for a different IP subnetwork uses the IP routing interface to reach that different subnetwork even if the destination subnetwork is on a shared port. For allOpen VLANs, using the destination MAC address in the frame causes the frame to be bridged; otherwise, it is routed in the same manner as for allClosed VLANs.

4 .   Enable IP routing.

You perform similar steps to create IPX and AppleTalk routing interfaces. For more information, see the chapters in this guide for routing protocols such as IP, IPX, and AppleTalk.

The configuration in Figure 19 shows routing between Multilayer Switching Modules. (The switch fabric module resides in slot 7 but is logically represented above the other modules.)

In this configuration:

• There are two Multilayer Switching Modules and the switch fabric module.

• There are four VLANs:

  • VLAN1, the default VLAN (tagged on backplane ports). The default VLAN is not represented in the figure.

  • VLAN2, an IP VLAN that is defined on the Multilayer Switching Module in slot 3.

  • VLAN3, an IP VLAN that is defined on the backplane ports of both Multilayer Switching Modules and a port-based VLAN defined on the switch fabric module. The IP routing interfaces for IP VLAN 3 reside on the same subnet (33.3.3.0).

  • VLAN4, an IP VLAN on the Multilayer Switching Module in slot 5.

• For this configuration to work, VLANs 2, 3, and 4 define IP routing interfaces, enable IP routing, and enable RIP.

Figure 19 Routing Between Two Multilayer Modules

Table 54 lists the VLAN definitions for the modules in this configuration.

Table 54 Routing Between 2 Multilayer Modules over the Switch Fabric Module

Slot 3 Module	Slot 5 Module	Switch Fabric Module
VLAN1 (default): VLAN Index 1 VID 1 Ports 1-12, 13 Tagging none front-panel ports 1-12 Tagging 802.1Q backplane port 13	VLAN1 (default): VLAN Index 1 VID 1 Ports 1-12, 13 Tagging none front-panel ports 1-12 Tagging 802.1Q backplane port 13	VLAN1 (default): VLAN Index 1 VID 1 Ports 9, 17 Tagging 802.1Q fabric ports 9, 17
VLAN2: VLAN Index 2 VID 20 Ports 1-10 Protocol type IP No Layer 3 address Tagging none front-panel ports IP router interface: 22.2.2.10	VLAN4: VLAN Index 4 VID 40 Ports 1-10 Protocol type IP No Layer 3 address Tagging none front-panel ports IP router interface: 44.4.4.10	-
VLAN3: VLAN Index 3 VID 30 Port 13 Protocol type IP No Layer 3 address Tagging none backplane port 13 IP router interface: 33.3.3.20	VLAN3: VLAN Index 3 VID 30 Port 13 Protocol type IP No Layer 3 address Tagging none backplane port 13 IP router interface: 33.3.3.10	VLAN3: VLAN Index 3 VID 30 Ports 9, 17 Tagging none fabric ports 9,17

Example 2: One-Armed Routing Configuration

Figure 20 shows a one-armed router configuration. (The switch fabric module resides in slot 7 but is logically represented above the other modules.)

In this configuration:

• There are three Layer 2 modules, a Multilayer Switching Module, and the switch fabric module.

• There are four VLANs:

  • VLAN1, the default VLAN on all modules (tagged on the front-panel and backplane ports of the Layer 2 modules and on the corresponding switch fabric module ports). The default VLAN is not represented in the figure.

  • VLAN2, a port-based VLAN that is defined on the Layer 2 modules in slot 1 and slot 2. It is defined as a protocol-based VLAN for IP on the Multilayer Switching Module in slot 4. The IP routing interface for IP VLAN 2 (150.10.2.12) is defined to be on the same subnetwork as the devices connected to the Layer 2 modules in slots 1 and 2. (For example, a PC is defined as 150.10.2.1.)

  • VLAN3, a port-based VLAN that is defined on the Layer 2 module in slot 2. It is defined as a protocol-based VLAN for IP on the Layer 3 module in slot 4. The IP routing interface for IP VLAN 3 (150.10.3.12) is defined to be on the same subnetwork as the devices that are connected to the Layer 2 module in slot 2.

  • VLAN4, a port-based VLAN that is defined on the Layer 2 module in slot 3. It is defined as a protocol-based VLAN for IP on the Layer 3 module in slot 4. The IP routing interface for IP VLAN 4 (150.10.4.12) is defined to be on the same subnetwork as the devices that are connected to the Layer 2 module in slot 3.

• On the Multilayer Switching Module, the backplane port 13 is part of all four VLANs and is tagged in all four. IP routing is enabled with RIP.

Figure 20 One-Armed Routing with Multilayer Module and Layer 2 Modules

Table 55 defines the VLANs in this one-armed routing configuration.

Table 55 VLAN Definitions for One-Armed Routing Configuration

Slot 1 Layer 2 Module	Slot 2 Layer 2 Module	Slot 3 Layer 2 Module	Slot 4 Multilayer Module (Routing)	Switch Fabric (Layer 2) Module
VLAN1 (default): VLAN Index 1, VID 1 Ports 1 - 10, 21/22 Tagging 802.1Q front ports 1-10, back ports 21/22	VLAN1 (default): VLAN Index 1, VID 1 Ports 1-10, 21/22 Tagging 802.1Q front ports 1-10, back ports 21/22	VLAN1 (default): VLAN Index 1, VID 1 Ports 1-10, 21/22 Tagging 802.1Q front ports 1-10, back ports 21/22	VLAN1 (default): VLAN Index 1,VID 1 Port 13 Tagging 802.1Q backplane port 13	VLAN1 (default): VLAN Index 1, VID 1 Ports 1,5,9,15 Tagging 802.1Q fabric ports 1,3,5,7
VLAN2: VLAN Index 2, VID 20 Ports 1-10, 21/22 Tagging none front-panel ports, backplane port 21/22	VLAN2: VLAN Index 2, VID 20 Ports 1-5, 21/22 Tagging none front-panel ports, backplane port 21/22	-	VLAN2: VLAN Index 2, VID 20 Port 13 Protocol type IP No Layer 3 address Tagging 802.1Q backplane port 13 IP interface: 150.10.2.12	VLAN2: VLAN Index 2, VID 20 Ports 1,5,9 Tagging: none port 1,5 Tagging 802.1Q port 13
-	VLAN3: VLAN Index 3, VID 30 Ports 6-10, 21/22 Tagging none front-panel ports Tagging 802.1Q backplane port 21/22	-	VLAN3: VLAN Index 3, VID 30 Port 13 Protocol type IP No Layer 3 address Tagging 802.1Q backplane port 13 IP interface: 150.10.3.12	VLAN3: VLAN Index 3, VID 30 Ports 5,13 Tagging 802.1Q ports 3,7
-	-	VLAN4: VLAN Index 4, VID 40 Ports 1-5,21/22 Tagging none front ports, back port 21/22	VLAN4: VLAN Index 4, VID 40 Port 13 Protocol type IP No Layer 3 address Tagging 802.1Q backplane port 13 IP interface: 150.10.4.12	VLAN4: VLAN Index 4, VID 40 Ports 9,13 Tagging none port 5; 802.1Q port 13