1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 11
Page 51 / 414 Scroll up to view Page 46 - 50
51
3
3.
LAN Configuration
This chapter describes how to configure the advanced LAN features of your wireless VPN
firewall. This chapter contains the following sections:
Manage IPv4 Virtual LANs and DHCP Options
Configure IPv4 Multihome LAN IP Addresses on the Default VLAN
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
Manage the IPv6 LAN
Configure IPv6 Multihome LAN IP Addresses on the Default VLAN
Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic
Manage Static IPv4 Routing
Manage Static IPv6 Routing
Manage IPv4 Virtual LANs and DHCP Options
A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges,
or switches in the same physical segment or segments connect all end node devices.
Endpoints can communicate with each other without the need for a router. Routers connect
LANs together, routing the traffic to the appropriate port.
A virtual LAN (VLAN) is a local area network with a definition that maps workstations on
some basis other than geographic location (for example, by department, type of user, or
primary application). To enable traffic to flow between VLANs, traffic needs to go through a
router, just as if the VLANs were on two separate LANs.
A VLAN is a group of computers, servers, and other network resources that behave as if they
were connected to a single network segment—even though they might not be. For example,
all marketing personnel might be spread throughout a building. Yet if they are all assigned to
a single VLAN, they can share resources and bandwidth as if they were connected to the
same segment. The resources of other departments can be invisible to the marketing VLAN
members, accessible to all, or accessible only to specified individuals, depending on how the
IT manager has set up the VLANs.
Page 52 / 414
LAN Configuration
52
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
VLANs have a number of advantages:
It is easy to set up network segmentation. Users who communicate most frequently with
each other can be grouped into common VLANs, regardless of physical location. Each
group’s traffic is contained largely within the VLAN, reducing extraneous traffic and
improving the efficiency of the whole network.
They are easy to manage. The addition of nodes, as well as moves and other changes,
can be dealt with quickly and conveniently from a management interface rather than from
the wiring closet.
They provide increased performance. VLANs free up bandwidth by limiting node-to-node
and broadcast traffic throughout the network.
They ensure enhanced network security. VLANs create virtual boundaries that can be
crossed only through a router. So standard, router-based security measures can be used
to restrict access to each VLAN.
Port-Based VLANs
The wireless VPN firewall supports port-based VLANs. Port-based VLANs help to confine
broadcast traffic to the LAN ports. Even though a LAN port can be a member of more than
one VLAN, the port can have only one VLAN ID as its port VLAN identifier (PVID). By default,
all eight LAN ports of the wireless VPN firewall are assigned to the default VLAN, or VLAN 1.
Therefore, by default, all eight LAN ports have the default PVID 1. However, you can assign
another PVID to a LAN port by selecting a VLAN profile from the drop-down list on the LAN
Setup screen.
After you have created a VLAN profile and assigned one or more ports to the profile, you
need to enable the profile to activate it.
The wireless VPN firewall’s default VLAN cannot be deleted. All untagged traffic is routed
through the default VLAN (VLAN1), which you need to assign to at least one LAN port.
Note the following about VLANs and PVIDs:
One physical port is assigned to at least one VLAN.
One physical port can be assigned to multiple VLANs.
When one port is assigned to multiple VLANs, the port is used as a trunk port to connect
to another switch or router.
When a port receives an untagged packet, this packet is forwarded to a VLAN based on
the PVID.
When a port receives a tagged packet, this packet is forwarded to a VLAN based on the
ID that is extracted from the tagged packet.
When you create a VLAN profile, assign LAN ports to the VLAN, and enable the VLAN, the
LAN ports that are members of the VLAN can send and receive both tagged and untagged
packets. Untagged packets that enter these LAN ports are assigned to the default PVID 1;
packets that leave these LAN ports with the same default PVID 1 are untagged. All other
packets are tagged according to the VLAN ID that you assigned to the VLAN when you
created the VLAN profile.
Page 53 / 414
LAN Configuration
53
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
This is a typical scenario for a configuration with an IP phone that has two Ethernet ports, one
of which is connected to the wireless VPN firewall, the other one to another device:
Packets coming from the IP phone to the wireless VPN firewall LAN port are tagged. Packets
passing through the IP phone from the connected device to the wireless VPN firewall LAN
port are untagged. When you assign the wireless VPN firewall LAN port to a VLAN, packets
entering and leaving the port are tagged with the VLAN ID. However, untagged packets
entering the wireless VPN firewall LAN port are forwarded to the default VLAN with PVID 1;
packets that leave the LAN port with the same default PVID 1 are untagged.
Note:
The configuration of the DHCP options for the default VLAN are
explained in
Configure the IPv4 Internet Connection and WAN
Settings
on page 26. For information about how to add and edit a
VLAN profile, including its DHCP options, see
Configure a VLAN
Profile
on page 56.
Assign and Manage VLAN Profiles
To assign VLAN profiles to the LAN ports and manage VLAN profiles:
1.
Select
Network Configuration > LAN Setup
. In the upper right of the screen, the IPv4
radio button is selected by default. The LAN submenu tabs display, with the LAN Setup
screen in view, displaying the IPv4 settings. (The following figure contains some VLAN
profiles as an example.)
Figure 28.
Page 54 / 414
LAN Configuration
54
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
For each VLAN profile, the following fields display in the VLAN Profiles table:
Check box
.
Allows you to select the VLAN profile in the table.
Status icon
. Indicates the status of the VLAN profile:
-
Green circle
. The VLAN profile is enabled.
-
Gray circle
. The VLAN profile is disabled.
Profile Name
. The unique name assigned to the VLAN profile.
VLAN ID
. The unique ID (or tag) assigned to the VLAN profile.
Subnet IP
. The subnet IP address for the VLAN profile.
DHCP Status
. The DHCP server status for the VLAN profile, which can be either
DHCP Enabled or DHCP Disabled.
Action
. The Edit table button, which provides access to the Edit VLAN Profile screen.
2.
Assign a VLAN profile to a LAN port by selecting a VLAN profile from the drop-down list. The
enabled VLAN profiles are displayed in the drop-down lists.
3.
Click
Apply
to save your settings.
VLAN DHCP Options
For each VLAN, you need to specify the Dynamic Host Configuration Protocol (DHCP)
options (see
Configure a VLAN Profile
on page 56). The configuration of the DHCP options
for the wireless VPN firewall’s default VLAN, or VLAN 1, is explained in
Configure the IPv4
Internet Connection and WAN Settings
on page 26.
This section provides further information
about the DHCP options.
DHCP Server
The default VLAN (VLAN 1) has the DHCP server option enabled by default, allowing the
wireless VPN firewall to assign IP, DNS server, WINS server, and default gateway addresses
to all computers connected to the wireless VPN firewall’s LAN. The assigned default gateway
address is the LAN address of the wireless VPN firewall. IP addresses are assigned to the
attached computers from a pool of addresses that you need to specify. Each pool address is
tested before it is assigned to avoid duplicate addresses on the LAN. When you create a new
VLAN, the DHCP server option is disabled by default.
For most applications, the default DHCP server and TCP/IP settings of the wireless VPN
firewall are satisfactory.
The wireless VPN firewall delivers the following settings to any LAN device that requests
DHCP:
An IP address from the range that you have defined
Subnet mask
Gateway IP address (the wireless VPN firewall’s LAN IP address)
Primary DNS server (the wireless VPN firewall’s LAN IP address)
Page 55 / 414
LAN Configuration
55
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
WINS server (if you entered a WINS server address in the DHCP Setup screen)
Lease time (the date obtained and the duration of the lease)
DHCP Relay
DHCP relay options allow you to make the wireless VPN firewall a DHCP relay agent for a
VLAN. The DHCP relay agent makes it possible for DHCP broadcast messages to be sent
over routers that do not support forwarding of these types of messages. The DHCP relay
agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from
a DHCP server on a remote subnet. If you do not configure a DHCP relay agent for a VLAN,
its clients can obtain IP addresses only from a DHCP server that is on the same subnet. To
enable clients to obtain IP addresses from a DHCP server on a remote subnet, you need to
configure the DHCP relay agent on the subnet that contains the remote clients, so that the
DHCP relay agent can relay DHCP broadcast messages to your DHCP server.
DNS Proxy
When the DNS proxy option is enabled for a VLAN, the wireless VPN firewall acts as a proxy
for all DNS requests and communicates with the ISP’s DNS servers (as configured on the
Broadband ISP Settings screens). All DHCP clients receive the primary and secondary DNS
IP addresses along with the IP address where the DNS proxy is located (that is, the wireless
VPN firewall’s LAN IP address). When the DNS proxy option is disabled for a VLAN, all
DHCP clients receive the DNS IP addresses of the ISP but without the DNS proxy IP
address.
LDAP Server
A Lightweight Directory Access Protocol (LDAP) server allows a user to query and modify
directory services that run over TCP/IP. For example, clients can query email addresses,
contact information, and other service information using an LDAP server. For each VLAN,
you can specify an LDAP server and a search base that defines the location in the directory
(that is, the directory tree) from which the LDAP search begins.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top