Appendix E: DFL-260E/860E Port Based VLAN
VLAN support on the NetDefend DFL-260E and DFL-860E firewalls is divided into two types:
•
On Ethernet interfaces other than LAN interfaces, VLANs are created by configuring them in
NetDefendOS in the normal way. It is NetDefendOS that then takes on the task of adding and
recognizing VLAN tags in packets. It is not a hardware function.
Setting up these standard types of VLAN with the DFL-260E and DFL-860E is discussed in
•
For the LAN interfaces only, VLANs are configured in NetDefendOS in a different way.
All the LAN interfaces are connected together by a common hardware switch fabric and this
fabric also takes care of managing the packet tagging for any VLANs configured on the
interfaces. This allows the ability to configure
Port Based VLANs
.
This appendix describes configuring port based VLANs for of the LAN interfaces.
The arrangement of VLANs on the LAN interfaces has the following characteristics:
•
Each one of the DFL-260E and DFL-860E LAN interfaces has the possibility of being a separate
VLAN or part of a VLAN group.
•
The DFL-260E and DFL-860E LAN interfaces can be grouped together onto VLANs with
arbitrary numbers of physical ports in each VLAN. For example, the interfaces could be
divided so that the first 2 interfaces are part of one VLAN, the next 2 interfaces are part of a
second VLAN and the remainder are left in normal operation.
•
The LAN interfaces that are not part of a VLAN will continue to operate as a single interface
with the logical interface name LAN.
Configuring VLANs
How to configure port based VLANs will be illustrated with an example. Assume that the
requirement is to divide the LAN interfaces as follows:
•
The first LAN interface will continue to operate normally through the switch fabric. This will
therefore be the logical NetDefendOS interface
lan
.
•
The LAN interfaces 2, 3 and 4 will become a single VLAN with the logical name
lan_port2-4
.
•
The remaining LAN interfaces will become a single VLAN with the logical name lan_5_plus.
This will include just the 5th interface on the DFL-260E and the 5th to 8th interfaces on the
DFL-860E.
To configure these VLANs, perform the following steps in the Web Interface:
1. Define the VLAN objects
In the Web Interface, go to Network > Interfaces and VPN > VLAN > Add and add 2 new
VLAN
objects. Each VLAN should have an arbitrary value assigned for the
VLAN ID
,
IP Address
and
Network
properties. Only the
VLAN ID
needs to be unique for the LAN interface. The IP addresses
should not be public IPv4 addresses.
A screenshot of how the resulting VLAN list might look in the Web Interface is shown below.
893
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...