Table of Contents
Advertisement
Network Setup menu options
VLAN
VLAN
VLAN (Virtual Local Area Network) is a method of creating multiple virtual network interfaces using a single
physical network interface. Packets in a VLAN are simply Ethernet packets that have an extra four bytes
immediately after the Ethernet header. The format for these bytes is defined by the standard IEEE 802.1Q.
Essentially, they provide for a VLAN ID and a priority. The VLAN ID is used to distinguish each VLAN. A
packet containing a VLAN header is called a tagged packet.
Note:
VLANs are not supported by the SG310.
When a packet is routed out the VLAN interface, the VLAN header is inserted and then the packet is sent
out on the underlying physical interface. When a packet is received on the physical interface, it is checked
for a VLAN header. If present, the router makes it appear as though the packet arrived on the
corresponding VLAN interface.
Caution:
Since the addition and removal of the VLAN header are performed in software, any network device can
support VLANs. Further, this means that VLANs should not be used for security unless you trust all the devices on
the network segment.
Once added, VLAN interfaces can be configured as if they were additional physical network interfaces. A
typical use of VLANs with the UTM Firewall appliance is to enforce access policies between ports on an
external switch that supports port-based VLANs. In this scenario, only the switch and other trusted devices
should be directly connected to the LAN port of the UTM Firewall appliance. The UTM Firewall appliance and
the switch are configured with a VLAN for each port or group of ports on the switch. The switch is
configured to map packets between its ports and the VLANs. The UTM Firewall appliance can then be
configured with firewall rules for the VLANs, and these rules are effectively applied to the corresponding
ports on the switch.
Additionally, Switch A on the SG560, SG560U, SG565, and SG580 supports port-based VLANs. One benefit
of this feature is that you can assign individual functions to each of the ports on the switch; for example,
you might decide to use port A2 to connect to a DMZ, and port A3 as a second Internet connection. For
details, see
Port-Based
Adding a VLAN
From the Network Setup menu, click Network Setup. The Connections page appears.
1
Select VLAN from the list and click Add. The VLAN Configuration tab appears
2
Figure 100 Network Setup VLAN Configuration
From the Interface list, select the network interface on which to add the VLAN.
3
Enter a value for the VLAN ID in the VLAN ID field. The value can be a decimal number between 1 and
4
4094. If this VLAN interface is to participate on an existing VLAN, the VLAN ID number entered in this
field must match the ID of the existing VLAN. This ID must be unique amongst the VLANs on this Ethernet
interface.
McAfee UTM Firewall 4.0.4 Administration Guide
VLANs.
(Figure
100).
99
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound