Figure 3.4. A Service VLAN Use Case
Here, corporate departments A and B each use two VLANs where the VLAN IDs 10 and 20 can be
duplicated. A switch in each department connects it to another central corporate switch using
the unique VLAN IDs 101 and 102. This central switch can now connect to the NetDefend Firewall
using a single service LAN which tunnels the 101 and 102 VLANs.
Defining a Service VLAN
The standard NetDefendOS VLAN object is used to define a service VLAN but the Type property
for the object is set to 0x88a8. This Type property corresponds to the TPID setting in the VLAN tag
and this is explained further at the end of this section.
>
After the service VLAN object is defined, a non-service VLAN object can be placed inside it by
setting its Base Interface property to be the service VLAN object. This is demonstrated in the
example below.
Example 3.22. Defining a Service VLAN
This example defines a service VLAN called svlan_A with a ID of 100 on the physical interface If3.
Command-Line Interface
gw-world:/> add Interface VLAN svlan_A
Type=0x88a8
BaseInterface=If3
VLANID=100
IP=svlan_A_ip
Network=svlan_A_net
A VLAN object can now be added to this:
Chapter 3: Fundamentals
200
To Next Page
Loading...
