Security Gateway Manual
XG-7100-1U
WAN
VLAN 4090
LAN
VLAN 4091
ETH1-8 are configured to act as
Access
ports.
• When data comes into the ETH1 interface, a VLAN tag of 4090 is added to the ethernet frame.
• When data comes into interfaces ETH2-8, a VLAN tag of 4091 is added to the ethernet frame.
PORT9-10 are configured to act as
Trunk
ports.
• By default, only ethernet frames containing a VLAN tag of 4090 or 4091 are allowed over the trunk.
Each VLAN configured on the switch uses the LAGG interface as its parent interface. For example, the default
interface assignment for WAN and LAN:
WAN
lagg0.4090
LAN
lagg0.4091
This means
vlan4090
and
vlan4091
, as well as any other VLANs created for the switch, all share the same 5Gbps
LAGG uplink across two 2.5Gbps links. The visual below demonstrates how the VLAN tagging works along with the
traffic flow:
Note:
Traffic leaving and entering the ETH1-3 interfaces in the visual above are untagged. Devices sending/receiving
traffic over these ports do not need to be VLAN aware. The VLAN tagging that occurs within the switch is completely
transparent to clients. It’s used solely for segmenting switch traffic internally.
Aside from being able to specify whether a switchport should act as an access or trunk port, it’s also possible to disable
802.1q VLAN mode. When this is done, a third mode called
Port VLAN Mode
is enabled. In this mode, any and all
VLAN tags are allowed on all ports. No VLAN tags are added or removed. Think of it as a dummy switch that retains
VLAN tags on frames, if present. This mode is useful when you have numerous VLANs on your network and want to
physically segment the switch, while allowing the same VLANs on all segments of the switch.
In
Port VLAN Mode
, rather than specifying which interfaces are associated to a VLAN, you can specify which
physical ports form a switch. For example, if I want to create two physical switches that act as individual dummy
switches - allowing tagged or untagged traffic, I could configure
Port VLAN Mode
like so:
// UPLINKS
VLAN group 9, Port 9, Members 1,2,3,4,10
VLAN group 10, Port 10, Members 1,2,3,4,9
// SWITCH-A
VLAN group 1, Port 1, Members 2,3,4,9,10
VLAN group 2, Port 2, Members 1,3,4,9,10
VLAN group 3, Port 3, Members 1,2,4,9,10
VLAN group 4, Port 4, Members 1,2,3,9,10
(continues on next page)
© Copyright 2020 Rubicon Communications LLC
79