Configuring VLAN Ports
Your network design might include VLANs to provide network segmentation. When connected to a trunk port on a VLAN-enabled switch, the system encounters traffic from all VLANs. This is useful for network designs with separate VLANs for separate classes of users or endpoints, and for making the system accessible from all VLANs. You can use RADIUS attributes to place different users in different network segments.
The system supports IEEE 802.1Q VLAN tagging. You must define a VLAN port for each VLAN. The internal port must be assigned to the root system and must be marked as the default VLAN. Routes to servers reachable from the VLAN interfaces must have the next-hop gateway set to the configured gateway for the VLAN interface, and must have the output port defined as the VLAN port.
When you save the configuration for a new VLAN port, the system creates two static routes by default:
- The default route for the VLAN pointing to the default gateway.
- The interface route to the directly connected network.
To configure a VLAN port:
- Select System > Network > VLANs.
- Click New Port to display the configuration page.
- Complete the configuration as described in table.
- Save your changes.
|
Settings |
Guidelines |
|---|---|
|
Use Port? |
|
|
Use Port? |
Select Enabled to use the port; otherwise, select Disabled. |
|
VLAN Settings |
|
|
Port Name |
Specify a name that is unique across all VLAN ports that you define on the system or cluster. Only alphanumeric characters, "-", or "_" are allowed. |
|
VLAN ID |
Specify a number between 1 and 4094. The VLAN ID assignment must be unique on the system. |
|
IPv4 Settings |
|
|
IP Address |
Specify an IP address and netmask combination that is from the same network as the VLAN. VLAN IP addresses must be unique. You cannot configure a VLAN to have the same network as the internal port. For example, if the internal port is 10.64.4.30/16 and you configure a VLAN as 10.64.3.30/16, you might get unpredictable results and errors. The format of an IPv4 address is a 32-bit numeric address written as four numbers separated by periods. Each number can be 0 to 255. |
|
Netmask |
Specify a netmask. A netmask indicates which part of an IP address indicates network identification and which part indicates the host identification. For example, the IP address and netmask 10.20.30.1 255.255.255.0 (or 10.20.30.1/24) refer to all the hosts in the 10.20.30.0 subnet. The IP address and netmask 10.20.30.1 255.255.255.255 (or 10.20.30.1/32) refer to a single host. |
|
Default Gateway |
Specify the IPv4 address for the default gateway for the routing domain to which the device belongs. A gateway is the router that resides at the point of entry to the current routing domain, often called the default gateway. |
|
IPv6 Settings |
|
|
IPv6 settings |
Select Enable IPv6 to use the port; otherwise, select Disable IPv6. |
|
IPv6 Address |
Specify a routable IPv6 address, such as a global unicast address that your network plan has provisioned for this host and interface. Automatic configuration methods are not supported. You must specify the appropriate address manually. |
|
Prefix Length |
Specify how many of the higher order contiguous bits of the IPv6 address comprise the prefix (the network portion of the IPv6 address). The default is 64. |
|
Default Gateway |
Specify the IPv6 address for the default gateway for the routing domain to which the device belongs. A gateway is the router that resides at the point of entry to the current routing domain, often called the default gateway. |
- Link speed, ARP ping timeout, and MTU settings are inherited from the internal port configuration.
- To configure an external VLAN port, Select System > Network > VLANs > External Port > New VLAN Port -Settings.
- To configure a Management port, Select System > Network > VLANs > Managment Port > New VLAN Port -Settings.