1. Field of the Invention
This invention relates to a switching hub and a LAN system.
2. Description of the Related Art
With the widespread use of personal computers and the Internet, many companies have an Ethernet (registered trademark) local area network (LAN) built and utilized for various businesses. In large companies, because of their large-scale local area network, virtual LAN (herein referred to as VLAN) technology is widely utilized that allows the network to be grouped for each post or project.
The VLAN is a technology for virtually grouping computers on a LAN regardless of physical cable wiring or computer installation places, and is standardized by IEEE (Institute of Electrical and Electronic Engineers) 802.1Q, and many switching hubs equipped with a VLAN function are now offered commercially. Use of the VLAN function allows dividing computers connected to the same switching hub into different groups, or combining computers connected to different switching hubs into the same group.
A switching hub with a VLAN function receives from a computer connected to its port a data frame configured based on a data communication standard format, and adds to the frame 4-byte data called a tag indicative of a VLAN to which that computer belongs, and relays to another switching hub. The switching hub with the VLAN function, which has received the tag-added frame, deciphers the tag to determine the VLAN to which the frame belongs, and relay the tag-removed frame to a port corresponding to that VLAN. Herein this function is referred to as IEEE802.1Q tag VLAN.
The switching hub has plural ports connected to a network, and matches a destination address of a received frame and an address corresponding to a port registered in an address learning table, to relay the frame to a port connected to a destination terminal. This switching hub is added with a VLAN function, which results in the above switching hub with the VLAN function.
As such a switching hub used to build many independent VLANs, there is a switching hub in which a frame is added with an extended VLAN tag comprising VLAN domain ID and VLAN-ID (see, e.g., JP-A-2003-318937).
The switching hub of JP-A-2003-318937, when receiving a frame added with an extended tag having registered VLAN domain ID set therein, relays the frame, based on VLAN-ID set in this extended tag. When receiving a frame added with not an extended tag having registered VLAN domain ID set therein, but an extended tag having unregistered VLAN domain ID set therein, or a frame added with a 802.1Q tag, it determines the frame as having no tag, and relays the frame.
The switching hub of JP-A-2003-318937 allows plural mutually-unaffected independent VLANs to be built on a network because the frame is relayed by being determined as a different VLAN frame even when its VLAN-ID is the same, but when its VLAN domain is different.
As described above, many companies build a network using the VLAN. Accordingly, in backbone networks built by carriers, to provide broadband LAN connection services for companies, it is necessary to recognize a subscriber (company)-transmitted frame, make receivable and transmissible VLANs settable respectively for each port, and have plural groups of those settings.
There is a demand to make relays for a VLAN to which a computer belongs possible from all VLANs to which each project belongs, but to make relays between VLANs to which each project belongs settable respectively to permit some of the VLANs and prohibit the other.
For example, assuming that when connecting a VLAN to which a computer belongs to a port A, a VLAN to which a project B belongs to a port B, a VLAN to which a project C belongs to a port C, and a VLAN to which a project D belongs to a port D, there is a demand for the following VLAN settings for the relays between the ports in the switching hub:    1) Port A (computer)→port B (project B): permit    2) Port A (computer)→port C (project C): permit    3) Port A (computer)→port D (project D): permit    4) Port B (project B)→Port A (computer): permit    5) Port B (project B)→port C (project C): permit    6) Port B (project B)→port D (project D): prohibit    7) Port C (project C)→Port A (computer): permit    8) Port C (project C)→port B (project B): permit    9) Port C (project C)→port D (project D): prohibit    10) Port D (project D)→Port A (computer): permit    11) Port D (project D)→port B (project B): prohibit    12) Port D (project D)→port C (project C): prohibit
When using a typical port VLAN or IEEE802.1Q tag VLAN to realize the VLANs, each port VLAN setting is required to be the same for all ports:    Port A: VLAN1 (computer)    Port B: VLAN1 (project B)    Port C: VLAN1 (project C)    Port D: VLAN1 (project D)
However, this setting has the problem of relaying to the prohibited relay 6 port although relay 1 is permitted to be performed. Even relays 2-5 also have the problem of leaking to the other ports although the relays themselves are permitted to be performed.
In order to prevent this, when building plural VLANs, setting the plural VLANs for the ports to perform router routing between the VLANs is considered, but there is the problem that when building plural independent VLANs, a router which is adaptable for this is required, which makes configuration and setting complicated, leading to an increase in cost.