vlan - Configure 802.1q VLANs (Virtual LANs)
[1] vlan [(admin | antivirus | peer | file | mon | rweb | web) [<vlan-id>]]
This command allows you to define 802.1q VLANs (Virtual LANs). VLANs allow you to increase the network security by isolating each type of access crossing the same physical NIC (Network Interface Card) in a Virtual LAN (VLAN). When using VLANs an associated pseudo virtual NIC is implicitly defined for each defined VLAN.
A VLAN is identified by a <vlan-id> (VLAN identifier). This is a numeric value between 0 and 4095. By default, all access types are associated to the VLAN 0. Different access types may use the same VLAN. This vlan command allows you to define new VLANs and associate them to an access type. Valid access types are as follows:
• admin: access from remote administrators (SSH and Administration GUI). You can use this VLAN to connect privileged workstations having administration rights.
• antivirus: access to the antivirus as a service from external systems. You can use this VLAN to isolate all request/responses with the embedded antivirus.
• peer: access to/from peer appliances access. You can use this VLAN to connect all peer appliances.
• file: access to file server (FTP, TFTP and SFTP). You can use this VLAN to connect file servers.
• mon: monitoring (SNMP) access access to/from SNMP managers. You can use this VLAN to connect monitoring servers.
• rweb: access to backend Web servers (and/or Web application servers). You can use this VLAN for any other servers having the same security level as for Web servers.
• web: Web access from transparent and non transparent users. You can use this VLAN for all users having to access the internet.
VLANs are all associated to the internal network interface. The external network interface is associated to a unique type of access which is the access to the external untrusted world (internet). The auxiliary network interface is also associated to a unique type of access. You can use the auxiliary network interface as per your requirement (to connect the Back Office zone or the DMZ for instance).
Note that when using VLANs, the native internal network interface (ie. internal) is no longer available. To use VLANs activate the vlan feature with the command mode.
apply (1) ip (1) mode (1)
CacheGuard Technologies Ltd <www.cacheguard.com>
Send bug reports or comments to the above author.
Copyright (C) 2009-2024 CacheGuard - All rights reserved