Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Virtual LANs
© 2008 Foundry Networks, Inc.
Page 3 of 73
Virtual LANs
A virtual (or logical) LAN is a local area network with a definition that maps workstations on some
basis other than geographic location (for example, by department, by user type, or by primary
application). The Virtual LAN (VLAN) management allows the user to change or add workstations
and manage load-balancing and bandwidth allocation more easily because it offers a physical
picture of the LAN. The application software keeps track of the VLAN by relating the virtual
picture of the local area network to the actual physical picture.
VLAN Associated Features
Super VLAN
The Super VLAN is a mechanism that isolates hosts that reside in the same Local Area Network
(LAN). It provides several advantages over traditional VLAN architectures employed in large
switched LANs today. The primary advantages are that the device configuration is simpler and the
security is much higher.
For more information about the Super VLAN feature, refer to “
Super VLANs
” later in this chapter.
Transparent LAN Services (TLS)
Service providers can use the application software TLS to offer services that provide the same
high-speed, VLAN-based experience that customers enjoy in the LAN across the Metropolitan
Area Network (MAN) and the Wide Area Network (WAN).The application software TLS changes
the EtherType field in the 802.1Q tag of the customer traffic in the device at the edge of the service
provider network.
If the device receives an untagged packet, it adds a tag header to the packet with EtherType that is
not the standard EtherType (0x8100). If the device receives a packet with a tag header, it adds
another tag header with EtherType that is not the standard EtherType (0x8100).
For more information about the TLS feature, refer to “
Configuring
Transparent LAN Services
(TLS)
”.
Access Control List (ACL)
Access Control Lists filter network traffic by determining whether packets are forwarded or
blocked at the interfaces or VLANs. The device examines each packet to determine whether to
forward or drop the packet, according to the criteria that the user has specified within the access
lists. Access list criteria could be the source IP address of the traffic, the destination IP address of
the traffic, the upper-layer protocol and other information.
There are many reasons for configuring access lists. For example, the user can use access lists to
provide traffic flow control and to provide security for the network.
The user should use access lists to provide a basic level of security for accessing the network. If the
user do not configure access lists, all packets passing through the router could be allowed onto all
parts of the network.
For more information about the ACL feature refer to “
Configuring
Access Control Lists (ACLs)
”.