Netgear FVS318N User Manual
LAN Configuration
55
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
same segment. The resources of other departments can be invisible to the marketing VLAN
members, accessible to all, or accessible only to specified individuals, depending on how the
IT manager has set up the VLANs.
members, accessible to all, or accessible only to specified individuals, depending on how the
IT manager has set up the VLANs.
VLANs have a number of advantages:
•
It is easy to set up network segmentation. Users who communicate most frequently with
each other can be grouped into common VLANs, regardless of physical location. Each
group’s traffic is contained largely within the VLAN, reducing extraneous traffic and
improving the efficiency of the whole network.
each other can be grouped into common VLANs, regardless of physical location. Each
group’s traffic is contained largely within the VLAN, reducing extraneous traffic and
improving the efficiency of the whole network.
•
They are easy to manage. The addition of nodes, as well as moves and other changes,
can be dealt with quickly and conveniently from a management interface rather than from
the wiring closet.
can be dealt with quickly and conveniently from a management interface rather than from
the wiring closet.
•
They provide increased performance. VLANs free up bandwidth by limiting node-to-node
and broadcast traffic throughout the network.
and broadcast traffic throughout the network.
•
They ensure enhanced network security. VLANs create virtual boundaries that can be
crossed only through a router. So standard, router-based security measures can be used
to restrict access to each VLAN.
crossed only through a router. So standard, router-based security measures can be used
to restrict access to each VLAN.
Port-Based VLANs
The wireless VPN firewall supports port-based VLANs. Port-based VLANs help to confine
broadcast traffic to the LAN ports. Even though a LAN port can be a member of more than
one VLAN, the port can have only one VLAN ID as its port VLAN identifier (PVID). By default,
all eight LAN ports of the wireless VPN firewall are assigned to the default VLAN, or VLAN 1.
Therefore, by default, all eight LAN ports have the default PVID 1. However, you can assign
another PVID to a LAN port by selecting a VLAN profile from the drop-down list on the LAN
Setup screen.
broadcast traffic to the LAN ports. Even though a LAN port can be a member of more than
one VLAN, the port can have only one VLAN ID as its port VLAN identifier (PVID). By default,
all eight LAN ports of the wireless VPN firewall are assigned to the default VLAN, or VLAN 1.
Therefore, by default, all eight LAN ports have the default PVID 1. However, you can assign
another PVID to a LAN port by selecting a VLAN profile from the drop-down list on the LAN
Setup screen.
After you have created a VLAN profile and assigned one or more ports to the profile, you
need to enable the profile to activate it.
need to enable the profile to activate it.
The wireless VPN firewall’s default VLAN cannot be deleted. All untagged traffic is routed
through the default VLAN (VLAN1), which you need to assign to at least one LAN port.
through the default VLAN (VLAN1), which you need to assign to at least one LAN port.
Note the following about VLANs and PVIDs:
•
One physical port is assigned to at least one VLAN.
•
One physical port can be assigned to multiple VLANs.
•
When one port is assigned to multiple VLANs, the port is used as a trunk port to connect
to another switch or router.
to another switch or router.
•
When a port receives an untagged packet, this packet is forwarded to a VLAN based on
the PVID.
the PVID.
•
When a port receives a tagged packet, this packet is forwarded to a VLAN based on the
ID that is extracted from the tagged packet.
ID that is extracted from the tagged packet.