beautypg.com

2 managing protocol-based vlan – Fortinet MR1 User Manual

Page 486

background image

486

8.2.2.2 Managing Protocol-based VLAN

Protocol-based VLAN Configuration Page

You can use a protocol-based VLAN to define filtering criteria for untagged packets. By
default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged
packets will be assigned to VLAN 1. You can override this behavior by defining either
port-based VLANs or protocol-based VLANs, or both. Tagged packets are always handled
according to the IEEE 802.1Q standard, and are not included in protocol-based VLANs.

If you assign a port to a protocol-based VLAN for a specific protocol, untagged frames
received on that port for that protocol will be assigned the protocol-based VLAN ID.
Untagged frames received on the port for other protocols will be assigned the Port VLAN ID
- either the default PVID (1) or a PVID you have specifically assigned to the port using the
Port VLAN Configuration screen.

You define a protocol-based VLAN by creating a group. Each group has a one-to-one
relationship with a VLAN ID, can include one to three protocol definitions, and can include
multiple ports. When you create a group you will choose a name and a Group ID will be
assigned automatically.

Selection Criteria

Group ID - You can use this screen to reconfigure or delete an existing protocol-based VLAN, or create
a new one. Use this pull down menu to select one of the existing PBVLANs, or select 'Create' to add a
new one. A Group ID number will be assigned automatically when you create a new group. You can
create up to 128 groups.

Configurable Data

Group Name - Use this field to assign a name to a new group. You may enter up to 16 characters.

Protocol(s) - Select the protocols you want to be associated with the group. There are three
configurable protocols: IP, IPX, and ARP. Hold down the control key to select more than one protocol.

IP - IP is a network layer protocol that provides a connectionless service for the delivery of data.

ARP - Address Resolution Protocol (ARP) is a low-level protocol that dynamically maps network
layer addresses to physical medium access control (MAC) addresses

IPX - The Internetwork Packet Exchange (IPX) is a connectionless datagram Network-layer protocol
that forwards data over a network.

VLAN - VLAN can be any number in the range of (1 to 3965) . All the ports in the group will assign this
VLAN ID to untagged packets received for the protocols you included in this group.