Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
7-9
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 7 Advanced Network Configuration
Figure 7-1
Using VLANs to increase the number of networks available on the appliance
VLANs can be used to segment networks for security purposes, to ease administration, or increase
bandwidth. VLANs appear as dynamic “Data Ports” labeled in the format of: “VLAN DDDD” where the
“DDDD” is the ID and is an integer up to 4 digits long (VLAN 2, or VLAN 4094 for example). AsyncOS
supports up to 30 VLANs. Duplicate VLAN IDs are not allowed on an Cisco IronPort appliance.
bandwidth. VLANs appear as dynamic “Data Ports” labeled in the format of: “VLAN DDDD” where the
“DDDD” is the ID and is an integer up to 4 digits long (VLAN 2, or VLAN 4094 for example). AsyncOS
supports up to 30 VLANs. Duplicate VLAN IDs are not allowed on an Cisco IronPort appliance.
VLANs and Physical Ports
A physical port does not need an IP address configured in order to be in a VLAN. The physical port on
which a VLAN is created can have an IP that will receive non-VLAN traffic, so you can have both VLAN
and non-VLAN traffic on the same interface.
which a VLAN is created can have an IP that will receive non-VLAN traffic, so you can have both VLAN
and non-VLAN traffic on the same interface.
VLANs can be created on all “Data” and “Management” ports, including fiber optic data ports available
on some Cisco IronPort X10x, C3x, and C6x appliances.
on some Cisco IronPort X10x, C3x, and C6x appliances.
VLANs can be used with NIC pairing (available on paired NICs) and with Direct Server Return (DSR).
illustrates a use case showing how two mail servers unable to communicate directly due to
VLAN limitations can send mail through the Cisco IronPort appliance. The blue line shows mail coming
from the sales network (VLAN1) to the appliance. The appliance will process the mail as normal and
then, upon delivery, tag the packets with the destination VLAN information (red line).
from the sales network (VLAN1) to the appliance. The appliance will process the mail as normal and
then, upon delivery, tag the packets with the destination VLAN information (red line).
IronPort appliance configured for VLAN1, VLAN2, VLAN3
NOC
DMZ
VLAN
“Router”
VLAN1
VLAN3
VLAN2