Vlan - D-Link NetDefend DFL-210 User Manual

3.3.3. VLAN

gw-world:/> set Interface Ethernet wan DHCPEnabled=Yes
Web Interface
1. Go to Interfaces > Ethernet
2. In the grid, click on the ethernet object of interest
3. Enable the Enable DHCP client option
4. Click OK
3.3.3. VLAN
Overview
Virtual LANs (VLANs) are useful in several different scenarios, for instance, when filtering of
traffic is needed between different VLANs in an organization, or for any other reason where the
administrator would like to expand the number of interfaces.
Virtual LAN support in NetDefendOS allows the definition of one or more Virtual LAN interfaces
to be associated with a particular physical interface. These are then considered to be logical
interfaces by NetDefendOS and can be treated like physical interfaces in rule sets and routing tables.
VLAN Operation
NetDefendOS follows the IEEE 802.1Q specification for VLAN. On a protocol level, VLAN works
by adding a Virtual LAN Identifier (VLAN ID) to Ethernet frame headers. The VLAN ID is a
number from 0 up to 4095 which is used to identify the specific Virtual LAN to which the frame
belongs. In this way, Ethernet frames can belong to different Virtual LANs, but can still share the
same physical interface. With NetDefendOS, the VLAN ID must be unique for the physical
interface and the same VLAN ID can be used on different physical interfaces.
Packets received through Ethernet frames on a physical interface by NetDefendOS, are examined
for a VLAN ID. If a VLAN ID is found and a matching VLAN interface has been defined for that
interface, NetDefendOS will use the VLAN interface as the source interface in further processing
with rule sets.
If there is no VLAN ID attached to an Ethernet frame received on the physical interface then the
frame is treated as being received on the physical interace and not on any VLAN interface that may
be defined.
License Limitations
The number of VLAN interfaces that can be defined for a NetDefendOS installation is limited by
the parameters of the license used. Different hardware models have different licenses and different
limits on VLANs.
Summary of VLAN Setup
It's important to understand that the administrator should treat a VLAN interface just like a physical
interface in that they require at least IP rules and routes to be defined in order to function. If, for
instance, no Allow rule is defined in the IP rule set for a VLAN interface then packets arriving on
that interface will be dropped. Below are the key steps for setting up a VLAN interface.
1. Assign a name to the VLAN interface.
2. Select the physical interface for the VLAN.
60
Chapter 3. Fundamentals