Nortel Switched Firewall 2.3.3 User's Guide and Command Reference
VLAN tags
Virtual LAN (VLAN) tags configured on a Switched Firewall interface allow the VLAN-
configured hosts on that interface to participate as VLAN members.
This example describes an Switched Firewall configuration that includes VLANs on a DMZ
network.
network on port 1 that uses public addresses, a trusted network that uses public addresses on
port 3, and multiple DMZs using private IP addresses on port 2. The DMZs are connected to
the Switched Firewall using a single 802.1Q VLAN Tagged Trunk.
The VLANs are used to isolate traffic from different security zones. A Layer 2 switch is
configured with port-based VLAN access ports and VLAN Tagged Trunks that uplink to the
Switched Firewall. The VLANs map directly to interfaces (which represent subnets) on the
Switched Firewall. This allows you to apply policies on a per-VLAN basis. Multiple VLANs
can be used on multiple tagged connections up to the number of available interfaces on the
Switched Firewall (255). The vlanid (see the
VLAN tag on the respective VLAN.
N
OTE
Figure 51 DMZ network with VLAN tagging
84
Initial setup
Figure 51
shows Internet connectivity through a single gateway on port 4, an internal
–
If the vlanid is 0, VLAN tagging is disabled for that interface.
Interface Menu on page
328) must match the
213455-L, October 2005