Network-based IP VLANs 289Network-based IPVLANsFor IP VLANs only, you can also configure network-layer subnetworkaddresses. With this additional Layer 3 information, you can createmultiple independent IP VLANs with the same bridge ports. Untaggedframes are assigned to a network-based VLAN according to both theprotocol (IP) and the Layer 3 information in the IP header. AssigningLayer 3 address information to IP VLANs allows network administrators tomanage their IP routing interfaces by subnetwork.Network-based IP VLANs accommodate multiple routing interfaces overthe same set of ports without tagging. Therefore, this option can beuseful in allOpen mode. In allClosed mode, overlapped network-based IPVLANs must be IEEE 802.1Q tagged, which means that the system doesnot use the Layer 3 information.ImportantConsiderationsWhen you create this type of VLAN interface, review these guidelines:n The network information is used only in situations where there aremultiple network-based VLANs defined on a particular port. Insituations where there is only one network-based VLAN defined on aport, the VLAN is treated as an ordinary IP protocol-based VLAN, andnetwork-based information is ignored.n When they are overlapped, network-based VLAN interfaces takeprecedence over protocol-based and port-based VLAN interfaces.n You can define only one IP routing interface for a network-basedVLAN. When you define an IP routing interface with the interface typevlan, the system will not allow you to select a network-based IP VLANthat already has a routing interface defined for it. For moreinformation on IP routing interfaces, see Chapter 16.n If you define multiple interfaces for an IP VLAN (instead of defining anetwork-based VLAN), you cannot subsequently modify that IP VLANto supply Layer 3 address information. If only one routing interface isdefined for the IP VLAN, then you can supply Layer 3 addressinformation as long as it matches the Layer 3 information specified forthe routing interface.n In allClosed VLAN mode, you must also supply IEEE 802.1Q taggingfor the ports (overlapped). Therefore, this feature has no addedbenefit. After IEEE 802.1Q tagging is implemented, implicit VLANmembership information such as the protocol or Layer 3 IP networkaddress is not used, and the frame is assigned to the VLAN basedsolely on the tag VID and the receive port.
