Vigor2860 Series User’s Guide
553
A
A
p
p
p
p
e
e
n
n
d
d
i
i
x
x
I
I
:
:
V
V
L
L
A
A
N
N
A
A
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
s
s
o
o
n
n
V
V
i
i
g
g
o
o
r
r
R
R
o
o
u
u
t
t
e
e
r
r
Virtual Local Area Network is so-called VLAN. It offers the logical grouping technique to
separate the physical ports of Ethernet switches, thus we can manage our local network easier,
more flexible and secure. For instance, you’re a networking administrator in your company
and you’re planning to isolate the visitors’ traffics from your private network for security
considerations because you cannot ensure that visitors’ computer is clean. Or you want to
separate your private network into several parts by divisions because there are too many
computers in the same network segment and it results in the local traffics heavily.
VLAN
helps you to solve these situations, and DrayTek’s products support bellow two popular types:
Port-based
It uses a matrix table of the physical ports to define the traffics how to exchange between each
port, and the traffics will be isolated from the ports are not being ticked in the same line. It is
the easiest way to setup an isolate network, but not a flexible way to maintain a growing
network. Because the idea of port-based VLAN is grouping by physical ports, but the
difficulty is how to handle the traffics between two or more Ethernet switches. Thus, VLAN is
suitable for some circumstances, for example, the rental apartment, SOHO office…and so on.
These clients may need two or three isolated networks only and setup a network in a simple
way.
Tag-based
The idea of tag-based VLAN is to identify a virtual LAN with a specific ID, therefore,
VLAN
ID
introduced by tag-based VLAN. Through VLAN ID, ports with different
VID (VLAN ID)
will be
identified as in different LANs, so the traffics also will be isolated from each of
VLANs. Many administrators who manage an enterprise network or even the internet service
providers (ISP) adopt Tag-based VLAN popularly because it is convenient to maintain and
manage a distributed network. Setting a large-scale network is easy by giving each of them
with different VID and isolating the traffics at the same time. Besides the VLAN ID, there is
another feature,
Trunk
, introduced. While the role of a port on an Ethernet switch is setup as a
Trunk port, it means the VLAN ID will be kept while forwarding the packets between
switches. By this feature, VLANs are able to distribute over two or more Ethernet switches
easily, moreover design a large and secured network is possible through Trunk port. When
19216811.live