Vlan - Microhard Systems IP-921 Operating Manual

6.0 Configuration

6.1.4.7 VLAN

The IP Series implementation of VLAN (Virtual LAN) is currently only supported when the
unit is configured in Bridge Mode. Once configured VLAN functionality can be provided as
a VLAN filter, a VLAN tagger or a VLAN blocker. VLAN compatible devices can be config-
ured to provide a VLAN TAG in the ethernet frame. Using this tag, data can be virtually
filtered or blocked, and data from unsupported devices (serial data, etc) can be tagged,
then filtered or blocked as required. This can be done at the wired and/or wireless ports
eliminating unwanted or unneeded data, providing additional security and conserving valu-
VLAN: A virtual LAN
able bandwidth.
is a group of hosts
that communicate
as if they were
attached to the
same broadcast
domain, not
dependant upon
their actual physical
location.
Management VLAN is used for purposes such as telnet, SNMP, and syslog. By default,
VLAN 1 is the management VLAN.
Primary VLAN (VLAN 1) is a logic VLAN tag which can not be created or altered by the
users. All Ethernet frames without a VLAN tag ( i.e. Untagged frames) will be treated in this
logic VLAN.
User VLANs (VLAN 2 – 4094) are actual VLANs which can be created or deleted by the
users. All Ethernet frames in this VLAN will contain the specified VLAN tag.
Once VLAN is enabled, but before any VLANs are created other than the primary VLAN
(VLAN1), the unit will actually pass any untagged frames and drop any VLAN tagged
frames. VLAN ID's can then be created, lets say 2, 3. Once VLAN 2 and 3 are created a
user can define on the Wired Port and Wireless port what happens to the data. There are
3 options in the list: filter, tag and exclude. When you specify ―Filter‖ option on both ports
(by default), the unit will then pass all untagged frames as well as frames tagged with
VLAN ID 2 and 3. By this mean we can eliminate unwanted wireless traffic and save our
valuable bandwidth. When you specify ―Tag‖ option on the Wired Port and ―Filter‖ option on
the Wireless port, the unit will then ―tag‖ those untagged frames entering wired port with
VLAN id 2 (or 3) and pass them on the wireless port. You may also specify ―Exclude‖ op-
tion on either Wired port or Wireless port, which means frames with VLAN id 2 ( or 3) will
be blocked at the Wired or Wireless port specifically.
By default the management VLAN is set to Primary VLAN (VLAN 1). You may change it
to any user VLAN, let's say VLAN 3, all frames generated from this unit, for example the
serial data, will be tagged as VLAN ID 3. It can be passed or dropped by itself, depending
on the VLAN setting on the bridge. You can only telnet or web access the unit by VLAN 3
in this case.
© Microhard Systems Inc. CONFIDENTIAL
IP9xx Series
74