Any broadcast or multicast packets that originate from a member of a VLAN are confined to the members of that VLAN. The communication among VLANs, therefore, must go through a router. A network switch distinguishes among VLANs by associating end-stations to a specific VLAN. This is known as VLAN membership. An end-station must become a member of a VLAN before it can share the broadcast domain with other end-stations on that VLAN.
In Data ONTAP, VLAN membership is based on switch ports. With port-based VLANs, ports on the same or different switches can be grouped to create a VLAN. As a result, multiple VLANs can exist on a single switch. The switch ports can be configured to belong to one or more VLANs (static registration), or end-stations can register their VLAN membership dynamically, with VLAN-aware switches.
The following figure illustrates how the communication occurs among geographically dispersed VLAN members:
In this figure, VLAN10 (Engineering), VLAN20 (Marketing), and VLAN30 (Finance) span three floors of a building. If a member of VLAN10 on Floor 1 wants to communicate with a member of VLAN10 on Floor 3, the communication occurs without going through the router, and packet flooding is limited to port 1 of Switch 2 and Switch 3 even if the destination MAC address to Switch 2 and Switch 3 is not known.