100
McAfee UTM Firewall 4.0.4 Administration Guide
Network Setup menu options
VLAN
5
Port / Mode: If this table is displayed, this interface has been enabled for port-based VLANS. For more
information, see
Port-Based VLANs
. Select the VLAN mode for the port. This option is only available when
port-based VLANs are enabled. The choices are:
• Disabled – Packets on this VLAN are not sent or received on this port. If a port is disabled for all
VLANs, then the port is set to untagged mode for the default VLAN of the switch.
• Tagged – Packets on this VLAN are sent and received on this port as tagged packets that contain a
VLAN header. This is identical to how the switch would handle the packet when port-based VLANs are
disabled. Devices connected to this port must support VLANs.
• Untagged – Packets on this VLAN are sent and received on this port as untagged packets without a
VLAN header. This means that the VLAN ID will only be used while routing the packet within this
appliance. Devices connected to this port will not see the VLAN ID on the packet, and do not need to
support VLANs. If a port is set to untagged, then that port must be set to disabled for all other VLANs.
A port can be set to tagged for multiple VLANs. It is also allowable for more than one port to be set to
untagged for a given VLAN.
6
Click Update. You have now added a tagged VLAN interface that you can configure as you would any
other network interface. Select the connection type from the Change Type list and configure a
connection for the VLAN interface.
Port-Based VLANs
A port-based VLAN configuration is required for certain UTM Firewall models to be configured for an
additional WAN, LAN, or DMZ. The SG560, SG560U, SG565, and SG580 models have a built in
VLAN-capable switch. This gives you the flexibility to either use it as a simple switch that allows access
between all ports (the default), or use port-based VLANs to control access between each individual port in
the switch. This port-based VLAN configuration makes it possible to: assign each of the four ports its own
subnet address; declare it to be a LAN, WAN, or DMZ independent of the other ports; or treat the switch
port as if it were a completely separate physical port.
Note:
Port-based VLAN is applicable to models SG560, SG560U, SG565, and SG580 only.
The UTM Firewall appliance can also participate on an existing VLAN. When you add a VLAN interface to
connect to the existing VLAN, you can associate the VLAN with one or more UTM Firewall ports.
Tagged and untagged VLANs
When using port-based VLANs, it is important to understand the differences between tagged and untagged
VLANs. Tagged VLAN interfaces add a VLAN header (see
VLAN
) to outgoing network packets, and only
accept incoming network packets that contain an appropriate VLAN header. Untagged VLAN interfaces do
not add a VLAN header to outgoing network packets, and do not accept incoming packets containing a
VLAN header.
A port can be a member of either a single untagged VLAN, or one or more tagged VLANs. A port cannot be
a member of both tagged and untagged VLANs.
Once Switch A has port-based VLANs enabled, ports that have not been explicitly assigned to one or more
VLANs are assigned to the default VLAN, which is untagged.
Typically, a tagged VLAN interface is used when you want to join an existing VLAN on the network, and an
untagged VLAN interface is used when you are using the port-based VLAN feature to isolate the ports so
that you can configure each of them individually.
Rules and limitations of port-based VLANs
There are few rules and limitations to keep in mind when using port-based VLANs:
• Switch A can only have one default VLAN, and any ports that are not explicitly assigned to another VLAN
are automatically placed on the default VLAN. The default VLAN is untagged.
• You cannot add tagged VLANs to port A1; it is a member of the default VLAN only.
Summary of Contents for SG310
Page 1: ...McAfee UTM Firewall Administration Guide version 4 0 4...
Page 10: ...10 McAfee UTM Firewall 4 0 4 Administration Guide...
Page 148: ...148 McAfee UTM Firewall 4 0 4 Administration Guide Network Setup menu options SIP...
Page 372: ...372 McAfee UTM Firewall 4 0 4 Administration Guide System menu features Advanced menu...
Page 410: ...410 McAfee UTM Firewall 4 0 4 Administration Guide Index...
Page 411: ......
Page 412: ...700 2237A00...