Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 246 / 944 Scroll up to view Page 241 - 245

Chapter 11 Interfaces

ZyWALL USG 50 User’s Guide

246

11.6

VLAN Interfaces

A Virtual Local Area Network (VLAN) divides a physical network into multiple

logical networks. The standard is defined in IEEE 802.1q.

Figure 160

Example: Before VLAN

In this example, there are two physical networks and three departments

A

,

B

, and

C

. The physical networks are connected to hubs, and the hubs are connected to

the router.

Alternatively, you can divide the physical networks into three VLANs.

Actions when over

% of time budget

or % of data

budget

Specify the actions the ZyWALL takes when the specified percentage

of time budget or data limit is exceeded. Enter a number from 1 to 99

in the percentage fields. If you change the value after you configure

and enable budget control, the ZyWALL resets the statistics.

Select

None

to not create a log when the ZyWALL takes this action,

Log

to create a log, or

Log-alert

to create an alert log. If you select

Log

or

Log-alert

you can also select

recurring every

to have the

ZyWALL send a log or alert for this event periodically. Specify how

often (from 1 to 65535 minutes) to send the log or alert.

OK

Click

OK

to save your changes back to the ZyWALL.

Cancel

Click

Cancel

to exit this screen without saving.

Table 61

Configuration > Network > Interface > Cellular > Add (continued)

LABEL

DESCRIPTION

A

B

C

Page 247 / 944

Chapter 11 Interfaces

ZyWALL USG 50 User’s Guide

247

Figure 161

Example: After VLAN

Each VLAN is a separate network with separate IP addresses, subnet masks, and

gateways. Each VLAN also has a unique identification number (ID). The ID is a 12-

bit value that is stored in the MAC header. The VLANs are connected to switches,

and the switches are connected to the router. (If one switch has enough

connections for the entire network, the network does not need switches

A

and

B

.)

•

Traffic inside each VLAN is layer-2 communication (data link layer, MAC

addresses). It is handled by the switches. As a result, the new switch is required

to handle traffic inside VLAN 2. Traffic is only broadcast inside each VLAN, not

each physical network.

•

Traffic between VLANs (or between a VLAN and another type of network) is

layer-3 communication (network layer, IP addresses). It is handled by the

router.

This approach provides a few advantages.

•

Increased performance - In VLAN 2, the extra switch should route traffic inside

the sales department faster than the router does. In addition, broadcasts are

limited to smaller, more logical groups of users.

•

Higher security - If each computer has a separate physical connection to the

switch, then broadcast traffic in each VLAN is never sent to computers in

another VLAN.

•

Better manageability - You can align network policies more appropriately for

users. For example, you can create different content filtering rules for each

VLAN (each department in the example above), and you can set different

bandwidth limits for each VLAN. These rules are also independent of the

physical network, so you can change the physical network without changing

policies.

In this example, the new switch handles the following types of traffic:

•

Inside VLAN 2.

•

Between the router and VLAN 1.

•

Between the router and VLAN 2.

A

B

Page 248 / 944

Chapter 11 Interfaces

ZyWALL USG 50 User’s Guide

248

•

Between the router and VLAN 3.

VLAN Interfaces Overview

In the ZyWALL, each VLAN is called a VLAN interface. As a router, the ZyWALL

routes traffic between VLAN interfaces, but it does not route traffic within a VLAN

interface. All traffic for each VLAN interface can go through only one Ethernet

interface, though each Ethernet interface can have one or more VLAN interfaces.

Note: Each VLAN interface is created on top of only one Ethernet interface.

Otherwise, VLAN interfaces are similar to other interfaces in many ways. They

have an IP address, subnet mask, and gateway used to make routing decisions.

They restrict bandwidth and packet size. They can provide DHCP services, and

they can verify the gateway is available.

11.6.1

VLAN Summary Screen

This screen lists every VLAN interface and virtual interface created on top of VLAN

interfaces. To access this screen, click

Configuration > Network > Interface

>

VLAN

.

Figure 162

Configuration > Network > Interface > VLAN

Each field is explained in the following table.

Table 62

Configuration > Network > Interface > VLAN

LABEL

DESCRIPTION

Edit

Double-click an entry or select it and click

Edit

to open a screen where you

can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms you

want to remove it before doing so.

Activate

To turn on an entry, select it and click

Activate

.

Inactivate

To turn off an entry, select it and click

Inactivate

.

Create

Virtual

Interface

To open the screen where you can create a virtual interface, select an

interface and click

Create Virtual Interface

.

Page 249 / 944

Chapter 11 Interfaces

ZyWALL USG 50 User’s Guide

249

11.6.2

VLAN Add/Edit

This screen lets you configure IP address assignment, interface bandwidth

parameters, DHCP settings, and connectivity check for each VLAN interface. To

access this screen, click the

Add

icon at the top of the

Add

column or click an

Edit

icon next to a VLAN interface in the

VLAN Summary

screen. The following

screen appears.

Object

References

Select an entry and click

Object Reference

s to open a screen that shows

which settings use the entry. See

Section 11.3.2 on page 230

for an

example.

#

This field is a sequential value, and it is not associated with any interface.

Status

This icon is lit when the entry is active and dimmed when the entry is

inactive.

Name

This field displays the name of the interface.

Port/VID

For VLAN interfaces, this field displays

•

the Ethernet interface on which the VLAN interface is created

•

the VLAN ID

For virtual interfaces, this field is blank.

IP Address

This field displays the current IP address of the interface. If the IP address is

0.0.0.0, the interface does not have an IP address yet.

This screen also shows whether the IP address is a static IP address

(

STATIC

) or dynamically assigned (

DHCP

). IP addresses are always static

in virtual interfaces.

Mask

This field displays the interface’s subnet mask in dot decimal notation.

Apply

Click

Apply

to save your changes back to the ZyWALL.

Reset

Click

Reset

to return the screen to its last-saved settings.

Table 62

Configuration > Network > Interface > VLAN (continued)

LABEL

DESCRIPTION

Page 250 / 944

Chapter 11 Interfaces

ZyWALL USG 50 User’s Guide

250

Figure 163

Configuration > Network > Interface > VLAN > Edit

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share