GS1900 port VLAN ingress filtering vs trunk options

darcey
darcey Posts: 7
First Anniversary Friend Collector First Comment
edited August 2022 in Switch
Hi,
I have an GS1900-8 with which I have been very satisfied.
However, I have read the manual and searched the forums and I'm uncertain on one thing. Does ingress filtering negate effects of enabling trunk?
AIUI:
  • trunk enabled: permits the port to pass unknown VLAN tags.
  • ingress filtering enabled: disallows packets with a vlan tag not associated in any way with the port concerned.
What is the outcome of both these options enabled on a port/lag?

Any help much appreciated!
Thanks.

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2022
    Hi @darcey,

    Welcome to Zyxel Community!

    VLAN Trunking

    1. VLAN trunk also known as VLAN trunking that helps your switch receives and forwards unknown VLAN, for example: 

    • Settings: Enable VLAN trunking on port 1 & port 2 of Switch-B.
    • Task: Switch-A sends a frame with VLAN 20 tag to Switch-C.
    • Explanation: When Switch-B receives a frame containing tagged VLAN 20 from Switch-A, it will forward the frame directly to Switch-C although Switch-B has no VLAN 20 in its VLAN table.


    2. Given another instance is that if you aware of other switch brand has "allowed VLAN 1-4094" command in switchport setting, enabling VLAN trunking can reach the same goal.


    Ingress Filtering

    Ingress filtering also known as Ingress Check that verifies every single frame receives from a switchport to see if VLAN tag in the frame is matched with port PVID.
    • If so, then pass.
    • If not, then drop.



    Kindly provide our new online help description, it might give you better understanding regarding Ingress Filtering and VLAN Trunk.
    Ingress Filtering
    If set, the Switch discards incoming frames for VLANs that do not have this port as a member.

    VLAN Trunk
    Enable VLAN Trunking on ports connected to other switches or routers (but not ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch.

    Hope it helps.
    Adam
  • darcey
    darcey Posts: 7
    First Anniversary Friend Collector First Comment
    Thanks Adam.
    So it seems to me that 'Ingress check' and 'VLAN trunk' are mutually exclusive. i.e. It does not make sense to enable both, at the same time, for a given port. Would that be right?

    Also, if this is the case and you did enable both, what is the resultant behaviour of the port/switch?

    I realise I could set up a test to answer this question myself. However, I'm struggling to devise one due to lack of knowledge or hardware.

  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @darcey

    We can help to setup a test and check it out, please log a ticket on Support for this action:

    https://support.zyxel.eu/hc/en-us/requests/new?ticket_form_id=114093996354

    Regards,

    Tobias