VLAN Operating Rules

Disabled overlapping subnet configuration

Previous software versions allowed configuration of VLAN IP addresses in overlapping subnets, which can cause incorrect routing of packets and result in IP communication failure. As of software version K.15.09, overlapping subnet configurations are no longer allowed. An overlapping subnet is determined by the configuration order. The subnet that is configured first is valid, but any subsequent IP addresses that overlap are not allowed.

When the switch is booted into the software version, and the configuration file includes overlapping subnets, the following occurs:
  • The event log provides an error message in the format: ip: VLANx : IP initialization failed for vlan x.For a multinetted VLAN (multiple IP addresses assigned to the VLAN), only the IP addresses that are overlapping subnets are removed. The other IP addresses on the VLAN are retained and function correctly. The error message can be misleading; the IP addresses on the VLAN that are not overlapping are initialized correctly.

  • The output of the show ip command correctly indicates that the overlapping IP address does not exist on the VLANs that have error messages in the event log.

  • The output of the show running-config command incorrectly indicates that the overlapping IP address is configured. For example, in the following output, the IP address shown in VLAN6 is not configured on the VLAN; it has been removed.
    switch(config)# show running-config
    
    .
    .
    .
      vlan 5
         name “VLAN5”
         ip address 11.22.33.1 255.0.0.0
         exit
      vlan 6
         name “VLAN6”
         ip address 11.23.34.1 255.255.255.0
         exit
The information is retained in the configuration file to allow you to boot up the switch and have it function as it did when it was configured with earlier software that allows overlapping subnets. This occurs because the overlapping IP address has been removed and is not visible to the switch. To resolve this:

If you attempt to remove the overlapping subnet from the VLAN, the switch displays an error message similar to:

The IP address ip address is not configured on this VLAN

This occurs because the overlapping IP address has been removed and is not visible to the switch. To resolve this:

  • Enter the show ip command to determine which addresses are visible to the switch.

  • Remove the erroneous IP addresses from the configuration file by entering the no ip address command to remove all the IP addresses from the specific VLAN. Be sure to document the other valid IP addresses on that VLAN so they can be restored after removing the erroneous IP addresses from the configuration file.

If you go back to a software version before K.15.09 before removing the overlapping IP address, the prior software version enables the overlapping IP subnet.

DHCP/Bootp

If you are using DHCP/Bootp to acquire the switch's configuration, packet time-to-live, and TimeP information, designates the VLAN on which DHCP is configured as the Primary VLAN.

NOTE:

In the factory-default configuration, the DEFAULT_VLAN is the Primary VLAN.

Per-VLAN features

IGMP and some other features operate on a per VLAN basis. This means you must configure such features separately for each VLAN in which you want them to operate.

Default VLAN

You can rename the default VLAN, but you cannot change its VID (1) or delete it from the switch.

VLAN port assignments

Any ports not specifically removed from the default VLAN remain in the DEFAULT_VLAN, regardless of other port assignments. Also, a port must always be a tagged or untagged member of at least one port-based VLAN.

Voice-Over-IP (VoIP)

VoIP operates only over static, port-based VLANs.

Multiple VLAN types configured on the same port

A port can simultaneously belong to both port-based and protocol-based VLANs.

Protocol Capacity

A protocol-based VLAN can include up to four protocol types. In protocol VLANs using the IPv4 protocol, to support normal IP network operation ARP must be one of these protocol types (to support normal IP network operation). Otherwise, IP traffic on the VLAN is disabled.

If you configure an IPv4 protocol VLAN that does not include the ARP VLAN protocol, the switch displays the following message which indicates a protocol VLAN configured with IPv4 but not ARP:
switch(config)# vlan 97 protocol ipv4

IPv4 assigned without ARP, this may result in undeliverable IP packets.
Deleting Static VLANs

A VLAN can be deleted even if there are currently ports belonging to it. The ports are moved to the default VLAN.

Adding or Deleting VLANs

To change the number of VLANs supported on the switch requires a reboot.

NOTE:

From the CLI, you must perform a write memory command before rebooting. Other VLAN configuration changes are dynamic.

Inbound Tagged Packets

If a tagged packet arrives on a port that is not a tagged member of the VLAN indicated by the packet's VID, the switch drops the packet.

Similarly, the switch will drop an inbound, tagged packet if the receiving port is an untagged member of the VLAN indicated by the packet's VID.

Untagged Packet Forwarding

To enable an inbound port to forward an untagged packet, the port must be an untagged member of either a protocol VLAN matching the packet's protocol, or an untagged member of a port-based VLAN.

That is, when a port receives an incoming, untagged packet, it processes the packet according to the following ordered criteria:
  1. If the port has no untagged VLAN memberships, the switch drops the packet.

  2. If the port has an untagged VLAN membership in a protocol VLAN that matches the protocol type of the incoming packet, then the switch forwards the packet on that VLAN.

  3. If the port is a member of an untagged, port-based VLAN, the switch forwards the packet to that VLAN. Otherwise, the switch drops the packet.

Untagged VLAN operation
Tagged packet forwarding

If a port is a tagged member of the same VLAN as an inbound, tagged packet received on that port, then the switch forwards the packet to an outbound port on that VLAN.

To enable the forwarding of tagged packets, any VLAN to which the port belongs as a tagged member must have the same VID as that carried by the inbound, tagged packets generated on that VLAN.

Tagged VLAN operation
CAUTION:

Rate limiting may behave unpredictably on a VLAN if the VLAN spans multiple modules or port-banks.

This also applies if a port on a different module or port-bank is added to an existing VLAN. HPE does not recommend configuring rate limiting on VLANs that include ports spanning modules or port-banks.

In the following example, ports 2, 3, and 24 form one VLAN, with ports 1 through 24 in the same port-bank. Ports 28, 29, and 32 form a second VLAN. These ports are also in the same port-bank, which includes ports 25 through 48. Rate limiting will operate as expected for these VLANs.

VLANs using ports from the same port-bank for each VLAN