beautypg.com

Ethernet switching/policy setup – Motorola 2200 User Manual

Page 79

background image

79

- LAN-side VLAN with IP inter face-to-VLAN binding

- Inter-VLAN routing groups to extend VLAN segmentation up through the IP routing layer.

❑ Bridged VLANs - these VLANs are used to bridge traffic from LAN to WAN
❑ Prioritization per VLAN and per port

Ethernet Switching/Policy Setup

Before you configure any VLANs, the unconfigured Gateway is set up as a router composed of a LAN
switch, a WAN switch, and a router in the middle, with LAN and WAN IP inter faces connected to their
respective switches. These bindings between Ethernet switch por ts, IP LAN inter face, IP WAN inter face
and WAN physical por ts are automatically created.

When you configure any VLANs, the default bindings are no longer valid, and the system requires
explicit binding between IP inter faces and layer 2 inter faces. Each VLAN can be thought of as a layer 2
switch, and enabling each por t or inter face in a VLAN is analogous to plugging it in to the layer 2
switch.

Thereafter, in order for devices to communicate on layer 2, they must be associated in the same VLAN.
For devices to communicate at layer 3, the devices must be either on the same VLAN, or on VLANs that
have an Inter-VLAN routing group enabled in common.

When configuring VLANs you must define how traffic needs to be for warded:

❑ If traffic needs to be bridged between LAN and WAN you can create a single VLAN that encompasses

the WAN por t and LAN por ts.

❑ If traffic needs to be routed then you must define four elements:

• LAN-side VLANs

• WAN-side VLANs

• Associate IP Inter faces to VLANs

• Inter-VLAN Routing Groups: configuration of routing between VLANs is done by association of a
VLAN to a Routing Group. Traffic will be routed between VLANs within a routing group. The LAN IP
Ethernet Inter face can be bound to multiple LAN VLANs, but for warding can be limited between an
Ethernet LAN por t and a WAN VLAN if you properly configure Inter-VLAN groups.

Inter-VLAN groups are also used to block routing between WAN inter faces. If each WAN IP inter face
is bound to its own VLAN and if you configure a different Inter-VLAN group for each WAN VLAN then
no routing between WAN IP inter faces is possible.

❑ Example: to route between a VCC and all the LAN ports, which effectively is similar to the default

configuration without any VLANs:

Create a VLAN named “VccWan” consisting of vcc1, ip-vcc1, routing-group 1

Create a VLAN named “Lan” consisting of eth0.1, eth0.2, eth0.3, eth0.4, ssid1, ssid2, ssid3, ssid4
(etc.), ip-eth-a, routing-group 1