beautypg.com

4 vlan configuration, 1 vlan overview – PLANET FGSW-2620VM User Manual

Page 72

background image

User’s Manual of FGSW-Series

4.4 VLAN configuration

4.4.1 VLAN Overview

A Virtual Local Area Network (VLAN)

is a network topology configured according to a logical scheme rather than the

physical layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that

appears as a single LAN. VLAN also logically segment the network into different broadcast domains so that packets are

forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not

necessarily.

VLAN can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.

A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate

with each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a VLAN

can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which

the broadcast was initiated.

1.

No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN

membership, packets cannot cross VLAN without a network device performing a routing

function between the VLAN.

2.

The Managed Switch supports IEEE 802.1Q VLAN. The port untagging function can be used

to remove the 802.1 tag from packet headers to maintain compatibility with devices that are

tag-unaware.

The Managed Switch supports IEEE 802.1Q (tagged-based) and Port-Base VLAN setting in web management page. In

the default configuration, VLAN support is “802.1Q”.

„

Port-based VLAN

Port-based VLAN limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of

the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department.

On port-based VLAN.NIC do not need to be able to identify 802.1Q tags in packet headers. NIC send and receive normal

Ethernet packets. If the packet's destination lies on the same segment, communications take place using normal Ethernet

protocols. Even though this is always the case, when the destination for a packet lies on another switch port, VLAN

considerations come into play to decide if the packet is dropped by the Switch or delivered.

„

IEEE 802.1Q VLANs

IEEE 802.1Q (tagged) VLAN are implemented on the Switch. 802.1Q VLAN require tagging, which enables them to span

the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).

VLAN allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will

only be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes

broadcast, multicast and unicast packets from unknown sources.

72

VLAN can also provide a level of security to your network. IEEE 802.1Q VLAN will only deliver packets between stations

This manual is related to the following products: