D-Link DFL-260-IPS-12 Product Manual - Page 98
VLAN Processing, Physical VLAN Connection with VLAN
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 98 highlights
3.3.3. VLAN Chapter 3. Fundamentals As explained in more detail below, VLAN configuration with NetDefendOS involves a combination of VLAN trunks from the NetDefend Firewall to switches and these switches are configured with port based VLANs on their interfaces. Any physical firewall interface can, at the same time, carry both non-VLAN traffic as well VLAN trunk traffic for one or multiple VLANs. VLAN Processing NetDefendOS follows the IEEE 802.1Q specification. The specifies how VLAN functions by adding a Virtual LAN Identifier (VLAN ID) to Ethernet frame headers which are part of a VLAN's traffic. The VLAN ID is a number between 0 and 4095 which is used to identify the specific Virtual LAN to which each frame belongs. With this mechanism, Ethernet frames can belong to different Virtual LANs but can still share the same physical Ethernet link. The following principles underlie the NetDefendOS processing of VLAN tagged Ethernet frames at a physical interface: • Ethernet frames received on a physical interface by NetDefendOS, are examined for a VLAN ID. If a VLAN ID is found and a matching VLAN interface has been defined for that interface, NetDefendOS will use the VLAN interface as the logical source interface for further rule set processing. • If there is no VLAN ID attached to an Ethernet frame received on an interface then the source of the frame is considered to be the physical interface and not a VLAN. • If VLAN tagged traffic is received on a physical interface and there is no VLAN defined for that interface in the NetDefendOS configuration with a corresponding VLAN ID then that traffic is dropped by NetDefendOS and an unknown_vlanid log message is generated. • The VLAN ID must be unique for a single NetDefendOS physical interface but the same VLAN ID can be used on more than one physical interface. In other words, a same VLAN can span many physical interfaces. • A physical interface does not need to be dedicated to VLANs and can carry a mixture of VLAN and non-VLAN traffic. Physical VLAN Connection with VLAN The illustration below shows the connections for a typical NetDefendOS VLAN scenario. 98