1. Home
    2. /
  2. Manuals
    3. /
  3. SnapGear
    4. /
  4. SG565
    5. /
  5. 18
Page 86 / 249 Scroll up to view Page 81 - 85
Network Connections
81
Port Based VLANs
Note
SG560, SG565, SG580 only.
CyberGuard SG appliance models SG560, SG565 and SG580 have a VLAN-capable
switch built in.
This gives you the flexibility to either use it as a simple switch that allows
access between all ports (this is the default), or use port based VLANs to control access
between each individual port in the switch.
This port based VLAN configuration makes it possible to assign each of the four ports its
own subnet address, declare it to be a LAN, WAN or DMZ independent of the other ports
and generally treat it as if it was a completely separate physical port.
The CyberGuard SG appliance may also participate on an existing VLAN.
When you add
a VLAN interface to connect to the existing VLAN, you may associate it with one or more
of the CyberGuard SG appliance’s ports.
Tagged and untagged VLANs
Note
When using port based VLANs, it is important to understand the differences between
tagged and untagged VLANs.
Tagged VLAN interfaces add a VLAN header (see the VLAN
Overview
section earlier in
this chapter) to outgoing network packets, and only accept incoming network packets that
contain an appropriate VLAN header.
Untagged VLAN interfaces do
not
add a VLAN
header to outgoing network packets, and do
not
accept incoming packets that contains a
VLAN header.
A port may be a member of either a single untagged VLAN, or one or more tagged
VLANs.
A port may
not
be a member of both tagged and untagged VLANs.
Once switch
A
has had port based VLANs enabled, ports that have not been explicitly
assigned to one or more VLANs will be assigned to the default VLAN.
The default VLAN
is untagged.
Page 87 / 249
Network Connections
82
Typically, you will use a tagged VLAN interface when you want to join an existing VLAN
on the network, and an untagged VLAN interface when you are using the port based
VLAN feature to isolate the ports so that you can configure each of them individually.
Limitations
There are few further limitations to keep in mind when using port based VLANs:
The total bandwidth from the switch into the CPU is 100Mbps, which is shared
between the 4 ports.
This may limit the bandwidth available to a single port when
perform general routing, packet filtering and other activities.
Port based VLANs can only be enabled if there are less than 16 total VLANs.
Switch
A
can only have one default VLAN, and any ports that are not explicity
assigned to another VLAN are automatically placed on the default VLAN.
The
default VLAN is untagged.
You cannot add tagged VLANs to port
A1
; it is a member of the default VLAN only.
Enabling port based VLANs
Note
If you previously selected
1 LAN Port, 3 Isolated Ports
in the
Switch Configuration
step of the Quick Setup Wizard, port based VLANs will already be enabled.
Select
Network Setup
from the
Networking
menu.
Next to
LAN
, select
Edit Ethernet
Configuration
from the
Configuration
drop down box.
The following settings will be
displayed:
Name:
A name to display in the
Network Setup
menu
for the default VLAN, of which
port
A1
is automatically a member.
There is typically no need to change this from
LAN
.
Enable port based VLANs:
Select
Yes
to enable port based VLANs.
Default port based VLAN ID:
As the default VLAN is always untagged, typically you
will only need to change this from the default setting of 2 if you want another port to
participate on an existing tagged VLAN with the ID of 2.
Page 88 / 249
Network Connections
83
Adding port based VLANs
Note
If you previously selected
1 LAN Port, 3 Isolated Ports
in the
Switch Configuration
step of the Quick Setup Wizard, a single isolated VLAN for each port will already have
been added.
Select
Network Setup
from the
Networking
menu.
Next to
LAN
(or whatever name you
gave to the first/default VLAN interface), select
Add VLAN
from the
Configuration
drop
down box.
The following settings will be displayed:
VLAN Name:
A name to display in the
Network Setup
menu
for this VLAN interface.
It is often convenient to have this correspond with the physical labeling on the
CyberGuard SG appliance, e.g.
Port A2
if this VLAN is being isolated to a single port,
or
Ports A2, A3
if this VLAN is being associated with multiple ports.
VLAN ID:
If you are adding a VLAN interface to participate on an existing VLAN, enter
its ID number here.
Otherwise enter the next available VLAN ID; if the
Default port
based VLAN ID
has been left at its default setting of 2,
Port A2
will use VLAN ID 3,
Port A3
will use VLAN ID 4, and so on.
Note
Some Cisco equipment uses tagged VLAN 1 for its own purposes.
We therefore
recommend setting the default VLAN ID to 2 or greater for tagged VLANs, unless you
intend for the CyberGuard SG appliance and Cisco equipment to interact over tagged
VLAN 1.
Disabled/Tagged/Untagged:
This is where you associate one or more of switch
A
’s
ports with this VLAN interface.
Select
Disabled
for the ports to exclude from this
VLAN.
If you are configuring a port or ports to participate on an existing tagged
VLAN, set them
Tagged
.
Otherwise, to isolate a single port so that it may be
configured individually, set the port
Untagged
.
Note
Refer to the section entitled
Tagged and untagged VLANs
earlier in this chapter for
further discussion of these settings.
Page 89 / 249
Network Connections
84
Click
Apply
, then
Reboot Now
.
This VLAN interface will now appear in the
Network
Setup
menu, and you may configure it as you would any other network interface.
Editing port based VLANs
Once a VLAN has been added, you may edit the settings your entered in
Adding port
based VLANs
by selecting
Edit VLAN configuration
from the VLAN interface’s
Configuration
drop down box in the
Network Setup
menu.
Removing port based VLANs
To remove a VLAN, select
Remove this VLAN device
from the VLAN interface’s
Configuration
drop down box in the
Network Setup
menu.
Page 90 / 249
Dialin Setup
85
4. Dialin Setup
CyberGuard SG appliance enables remote and secure access to your office network.
This chapter shows how to set up the dialin features.
Your CyberGuard SG appliance can be configured to receive dialin calls from remote
users/sites.
Remote users are individual users (e.g. telecommuters) who connect directly
from their client workstations to dial into modems connected to the serial ports on the
CyberGuard SG appliance.
Remote site dialin connections can be LAN-to-LAN
connections, where a router at a remote site establishes a dialin link using a modem
connected to the CyberGuard SG appliance.
The CyberGuard SG appliance’s dialin facility establishes a PPP connection to the
remote user or site.
Dialin requests are authenticated by usernames and passwords
verified by the CyberGuard SG appliance. Once authenticated, remote users and sites
are connected and have the same access to the LAN resources as a local user.
To configure the CyberGuard SG appliance for a dialin connection:
1.
Attach an external modem to the appropriate CyberGuard SG appliance serial port
(
COM1
).
2.
Enable and configure the CyberGuard SG appliance serial (
COM
) port for dialin.
3.
Set up and configure user dialin accounts for each person or site requiring dialin
access.
You can also apply filtering to dialin connections, as detailed in the chapter entitled
Firewall.

Rate

4 / 5 based on 3 votes.

Popular SnapGear Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top