ICR-1601
40
Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one
Ethernet LAN port, there will be only one VLAN group for the device. Under such situation, it still supports
both the NAT and Bridge mode for the Port-based VLAN configuration.
Tag-based VLAN
Tag-based VLAN function can group Ethernet ports, Port-1 ~ Port-4, and WiFi Virtual Access Points,
VAP-1 ~ VAP-8, together with different VLAN tags for deploying subnets in Intranet. All packet flows can
carry with different VLAN tags even at the same physical Ethernet port for Intranet. These flows can be
directed to different destination because they have differentiated tags. The approach is very useful to
group some hosts at different geographic location to be in the same workgroup.
Tag-based VLAN is also called a VLAN Trunk. The VLAN Trunk collects all packet flows with different
VLAN IDs from Router device and delivers them in the Intranet. VLAN membership in a tagged VLAN is
determined by VLAN ID information within the packet frames that are received on a port. Administrator
can further use a VLAN switch to separate the VLAN trunk to different groups based on VLAN ID. Following
is an example.
For example, in a company, administrator schemes out 3 network segments, Lab, Meeting Rooms,
and Office. In a Security VPN Gateway, administrator can configure Office segment with VLAN ID 12. The
VLAN group is equipped with DHCP-3 server to construct a 192.168.12.x subnet. He also configure Meeting
Rooms segment with VLAN ID 11. The VLAN group is equipped with DHCP-2 server to construct
a 192.168.11.x subnet for Intranet only. That is, any client host in VLAN 11 group can’t access the Internet.
At last, he configures Lab segment with VLAN ID 10. The VLAN group is equipped with DHCP-1 server to
construct a 192.168.10.x subnet.