Routing and WAN connections
BAT54-Rail/F..
Release
7.54
06/08
11.6
Advanced Routing and Forwarding
385
for each Internet provider. This allows the clients in the different company
networks, all of which use the same IP addresses, to access the Internet via
their own provider. Employing VLANs enables logical networks to be sepa-
rated from one another even though they use the same physical medium
(Ethernet).
U The differences between routing tags and interface tags
Routing tags as assigned by the firewall and interface tags as defined by
the IP networks have a great deal in common, but also some important dif-
ferences:
D The router interprets both tags in the same way. Packets with the inter-
face tag '2' are valid for routes with the routing tag set to '2' in the routing
table (and all routes with the default route tag '0'). The same routes ap-
ply for packets which the firewall has assigned with the routing tag '2'.
Thus the interface tag is used in the same way as a routing tag.
D Interface tags have the additional ability to delimit the visibility (or acces-
sibility) between different networks:
D In principle, only networks with the same interface tag are "visible" to
one another and thus able to interconnect.
D Networks with the interface tag '0' have a special significance; they
are in effect supervisor networks. The networks can see all of the
other networks and can connect to them. Networks with an interface
tag not equal to '0' cannot make connections to supervisor networks,
however.
D Networks of the type 'DMZ' are visible to all other networks, indepen-
dent of any interface tags—this is useful as the DMZ often hosts
public servers such as web servers, etc. The DMZ networks them-
selves can only see networks with the same interface tag (and any
other DMZ networks, of course).
D 'DMZ' type networks with the interface tag '0' are a special case: As
"supervisor networks" they can see all other networks, and they are
also visible to all other networks.
To Next Page
Loading...
Need help?
General
