This invention relates to data communication systems, and more particularly, to a system for enabling each port of a multiport network switch to support connections with members of multiple virtual local area networks (VLANs).
Virtual networking has become one of the major new areas in the intemetworking industry. Virtual networking refers to the ability of switches to configure logical topologies on top of the physical network infrastructure, allowing any arbitrary collection of network segments to be combined into an autonomous user group, appearing as a single network.
A virtual LAN (VLAN) is a local area network that maps workstations on some other basis than geographic location. For example, VLANs may be created to combine workstations by department, type of user, or primary application. The VLAN controller can delete or add workstations, and manage loadbalancing and bandwidth allocation. Workstations in a VLAN behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. One of the biggest advantages of VLANs is that when a workstation is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
A multiport network switch may be provided in a data communication network to enable data communication between multiple network nodes connected to various ports of the switch. A logical connection may be created between receive ports and transmit ports of the switch to forward received frames to appropriate destinations.
Many VLAN implementations define VLAN membership by groups of switch ports. For example, ports 1, 2, 3, 7 and 8 on a switch make up VLAN A, while ports 4, 5 and 6 make up VLAN B. Alternatively, VLAN membership may be based on MAC addresses.
In conventional network switches, each port supports connections with members of a single VLAN. However, to increase the flexibility of network switching, it would be desirable to provide a network switch that enables each switch port to support connections with members of multiple VLANs.
The invention offers a novel method of enabling a port of a network switch to support connections with multiple VLANs. The method comprises storing VLAN data indicating a plurality of VLAN identifiers corresponding to the multiple VLANs supported by the port. The VLAN identifier of a data packet received via the port is compared with the plurality of VLAN identifiers determined using the stored VLAN data. The data packet is forwarded for further processing if the VLAN identifier matches one of the plurality of VLAN identifiers. However, the data packet is discarded if the VLAN identifier does not match one of the plurality of VLAN identifiers.
Moreover, VLAN information corresponding to the VLAN identifier of a data packet to be transmitted from the port may be compared with the stored VLAN data to determine whether the VLAN identifier matches one of the plurality of VLAN identifiers supported by the port. The data packet is prevented from being transmitted from the port if the VLAN identifier does not match one of the plurality of VLAN identifiers. The VLAN data may be provided for each of multiple ports of the switch.
In accordance with another aspect of the invention, a network switching system comprises a first port for receiving data packets from members of a first plurality of VLANs, a second port for transmitting the data packets, and a decision making engine responsive to the data packets received by the first port for controlling forwarding of the received data packets to the second port. The decision making engine includes a first logic circuit responsive to the received data packets to prevent the switching system from forwarding to the second port a received data packet that does not belong to the first plurality of VLANs.
The decision making engine may comprise a first storage for storing a VLAN member set table having a first VLAN member set indicating information on the first plurality of VLANs supported by the first port. The first VLAN member set may comprise VLAN indices pointing to VLAN identifiers corresponding to the first plurality of VLANs. A second storage may be provided for storing a VLAN index to VLAN identifier table indicating correlation between the VLAN indices and the VLAN identifiers.
The second port may be configured for transmitting the data packets to a second plurality of VLANs. The decision making engine may comprise a second logic circuit responsive to the received data packets to prevent the second port from transmitting a data packet that does not belong to the second plurality of VLANs. The VLAN member set table may have a second VLAN member set indicating information on the second plurality of VLANs supported by the second port.
In accordance with a further aspect of the invention, a data communication system for switching data between multiple ports comprises an input logic circuit responsive to received data packets for discarding incoming data packets that do not belong to VLANs supported by receiving ports, and an output logic circuit responsive to data packets passed through the input logic circuit for preventing the ports from transmitting data packets that do not belong to VLANs supported by transmitting ports. A VLAN membership system is coupled to the input and output logic circuits for enabling each of the multiple ports to support connections with multiple VLANs.
The VLAN membership system may comprise a VLAN member set storage for storing a VLAN member set table having multiple entries corresponding to each of the multiple ports. Each entry in the VLAN member set table contains VLAN indices identifying the multiple VLANs supported by the corresponding port. The VLAN membership system may further comprise a VLAN index storage for storing a VLAN index to VLAN identifier table indicating correlation between the VLAN indices and VLAN identifiers of the received data packets.
Various objects and features of the present invention will become more readily apparent to those skilled in the art from the following description of a specific embodiment thereof, especially when taken in conjunction with the accompanying drawings.