Fortinet black logo

Administration Guide

Home FortiSwitch 7.2.2 Administration Guide

Frame processing

7.2.2
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.9
7.0.8
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.11
6.4.6
6.4.5
6.4.3
6.4.2
6.4.0
6.2.5
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID f65c09ce-240d-11ed-9eba-fa163e15d75b:146339
Download PDF

Frame processing

Ingress processing ensures that the port accepts only frames with allowed VLAN values (untagged frames are assigned the native VLAN, which is implicitly allowed). At this point, all frames are now tagged with a valid VLAN.

The frame is sent to each egress port that can send the frame (because the frame tag value matches the native VLAN or an Allowed VLAN on the port).

Ingress port

For an untagged frame:

  • The frame is tagged with the native VLAN and allowed to proceed.
  • The Allowed VLAN list is ignored.

For a tagged frame:

  • The tag VLAN value must match an Allowed VLAN or the native VLAN.
  • The frame retains the VLAN tag and is allowed to proceed.
To control what types of frames are accepted by the port:

config switch interface

edit <interface>

set discard-mode <all-tagged | all-untagged | none>

end

Variable

Description

all-tagged

Tagged frames are discarded, and untagged frames can enter the switch.

all-untagged

Untagged frames are discarded, and tagged frames can enter the switch.

none

By default, all frames can enter the switch, and no frames are discarded.

Egress port

All frames that arrive at an egress port are tagged frames.

If the frame tag value is on the Allowed VLAN list, the frame is sent out with the existing tag.

If the frame tag value is the native VLAN or on the Untagged VLAN list, the tag is stripped, and then the frame is sent out.

Otherwise, the frame is dropped.

Previous
Next

Frame processing

Ingress processing ensures that the port accepts only frames with allowed VLAN values (untagged frames are assigned the native VLAN, which is implicitly allowed). At this point, all frames are now tagged with a valid VLAN.

The frame is sent to each egress port that can send the frame (because the frame tag value matches the native VLAN or an Allowed VLAN on the port).

Ingress port

For an untagged frame:

  • The frame is tagged with the native VLAN and allowed to proceed.
  • The Allowed VLAN list is ignored.

For a tagged frame:

  • The tag VLAN value must match an Allowed VLAN or the native VLAN.
  • The frame retains the VLAN tag and is allowed to proceed.
To control what types of frames are accepted by the port:

config switch interface

edit <interface>

set discard-mode <all-tagged | all-untagged | none>

end

Variable

Description

all-tagged

Tagged frames are discarded, and untagged frames can enter the switch.

all-untagged

Untagged frames are discarded, and tagged frames can enter the switch.

none

By default, all frames can enter the switch, and no frames are discarded.

Egress port

All frames that arrive at an egress port are tagged frames.

If the frame tag value is on the Allowed VLAN list, the frame is sent out with the existing tag.

If the frame tag value is the native VLAN or on the Untagged VLAN list, the tag is stripped, and then the frame is sent out.

Otherwise, the frame is dropped.

Previous
Next