Page 26 / 270 Scroll up to view Page 21 - 25
Unified Services Router
User Manual
24
number from 2 to 4091. VLAN ID 1 is reserved for the default VLAN, which is use d
for untagged frames received on the interface. By enabling Inter VLAN Routing, you
will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other
configured VLAN IDs that have Inter VLAN Routing enabled.
Figure 7: Adding VLAN me mbe rships to the LAN
2.2.1
Associating VLANs to ports
In order to tag all traffic through a specific LAN port with a VLAN ID, you can
associate a VLAN to a physical port.
Setup > VLAN Settings > Port VLAN
VLAN membership properties for the LAN and wireless LAN are listed on this page.
The VLAN Port table displays the port identifier, the mode setting for that port and
VLAN membership information. The configuration page is accessed by selecting
one of the four physical ports or a configured access point and clicking Edit.
The edit page offers the following configuration options:
Mode: The mode of this VLAN can be General, Access, or Trunk. The
default is access.
In General mode the port is a member of a user selectable set of VLANs.
The port sends and receives data that is tagged or untagged with a VLAN
ID. If the data into the port is untagged, it is assigned the defined PVID. In
the configuration from Figure 4, Port 3 is a General port with PVID 3, so
untagged data into Port 3 will be as signed PVID 3. All tagged data sent out
of the port with the same PVID will be untagged. This is mode is typically
used with IP Phones that have dual Ethernet ports. Data coming from phone
to the switch port on the router will be tagged. Data passing through the
phone from a connected device will be untagged .
Page 27 / 270
Unified Services Router
User Manual
25
Figure 8: Port VLAN list
In Access mode the port is a member of a single VLAN (and only one). All
data going into and out of the port is untagged. Traffic through a port in
access mode looks like any other Ethernet frame.
In Trunk mode the port is a member of a user selectable set of VLANs. All
data going into and out of the port is tagged. Untagged coming into the port
is not forwarded, except for the default VLAN with PVID=1, which is
untagged. Trunk ports multiplex traffic for multiple VLANs over the same
physical link.
Select PVID for the port when the General mode is selected.
Configured
VLAN
memberships
will
be
displayed
on
the VLAN
Membership Configuration for the port. By selecting one more VLAN
membership options for a General or Trunk port, traffic can be routed
between the selected VLAN membership IDs
Page 28 / 270
Unified Services Router
User Manual
26
Figure 9: Configuring VLAN me mbe rship for a port
2.2.2 Multiple VLAN Subnets
Setup > VLAN Settings > Multi VLAN Settings
This page shows a list of available multi-VLAN subnets. Each configured VLAN ID
can map directly to a subnet within the LAN. Each LAN port can be assigned a
unique IP address and a VLAN specific DHCP server can be configured to assign IP
address leases to devices on this VLAN.
VLAN ID
: The PVID of the VLAN that will have all member devices be part of the
same subnet range.
IP Address
: The IP address associated with a port assigned this VLAN ID.
Subnet Mask
: Subnet Mask for the above IP Address
Page 29 / 270
Unified Services Router
User Manual
27
Figure 10: Multiple VLAN Subne ts
2.2.3 VLAN configuration
Setup > VLAN Settings > VLANconfiguration
This page allows enabling or disabling the VLAN function on the router. Virtual
LANs can be created in this router to provide segmentation capabilities for firewall
rules and VPN policies. The LAN network is considered the default VLAN. Check
the Enable VLAN box to add VLAN functionality to the LAN.
Page 30 / 270
Unified Services Router
User Manual
28
Figure 11: VLAN Configuration
2.3
Configurable Port: DMZ Setup
DSR-150/150N/250/250N does not have a configurable port
there is no DMZ
support.
This router supports one of the physical ports to be configured as a secondary WAN
Ethernet port or a dedicated DMZ port. A DMZ is a sub network that is open to the
public but behind the firewall. The DMZ adds an additional layer of security to the
LAN, as specific services/ports t hat are exposed to the internet on the DMZ do not
have to be exposed on the LAN. It is recommended that hosts that must be exposed to
the internet (such as web or email servers) be placed in the DMZ network. Firewall
rules can be allowed to permit access specific services/ports to the DMZ from both
the LAN or WAN. In the event of an attack to any of the DMZ nodes, the LAN is not
necessarily vulnerable as well.
Setup > DMZ Setup > DMZ Setup Configuration
DMZ configuration is identical to the LAN configuration. There are no restrictions on
the IP address or subnet assigned to the DMZ port, other than the fact that it cannot
be identical to the IP address given to the LAN interface of this gateway.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top