Defining A Vlan - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
3.3.3. VLAN
VLAN Operation
NetDefendOS follows the IEEE 802.1Q specification for VLAN. On a protocol level, VLAN works
by adding a Virtual LAN Identifier (VLAN ID) to Ethernet frame headers. The VLAN ID is a
number from 0 up to 4095 which is used to identify the specific Virtual LAN to which the frame
belongs. In this way, Ethernet frames can belong to different Virtual LANs, but can still share the
same physical interface. With NetDefendOS, the VLAN ID must be unique for the physical
interface and the same VLAN ID can be used on different physical interfaces.
Packets received through Ethernet frames on a physical interface by NetDefendOS, are examined
for a VLAN ID. If a VLAN ID is found and a matching VLAN interface has been defined for that
interface, NetDefendOS will use the VLAN interface as the source interface in further processing
with rule sets.
If there is no VLAN ID attached to an Ethernet frame received on the physical interface then the
frame is treated as being received on the physical interface and not on any VLAN interface that may
be defined.
License Limitations
The number of VLAN interfaces that can be defined for a NetDefendOS installation is limited by
the parameters of the license used. Different hardware models have different licenses and different
limits on VLANs.
Summary of VLAN Setup
It is important to understand that the administrator should treat a VLAN interface just like a physical
interface in that they require at least IP rules and routes to be defined in order to function. If, for
instance, no Allow rule is defined in the IP rule set for a VLAN interface then packets arriving on
that interface will be dropped. Below are the key steps for setting up a VLAN interface.
1.
Assign a name to the VLAN interface.
2.
Select the physical interface for the VLAN.
3.
Assign a VLAN ID that is unique on the physical interface.
4.
Optionally specify an IP address for the VLAN.
5.
Optionally specify an IP broadcast address for the VLAN.
6.
Create the required route(s) for the VLAN in the appropriate routing table.
7.
Create rules in the IP rule set to allow traffic through on the VLAN interface.
Example 3.11. Defining a VLAN
This simple example defines a virtual LAN called VLAN10 with a VLAN ID of 10. Note that this Virtual LAN
interface will use the IP address of the corresponding Ethernet interface, as no IP address is specified.
CLI
gw-world:/> add Interface VLAN VLAN10 Ethernet=lan Network=all-nets VLANID=10
Web Interface
86
Chapter 3. Fundamentals
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
