FEC Onlineservices
 
Configuration of a VLAN with Accesspoints of the Wx000 Series
What are the benefits of using a VLAN?

A virtual LAN means to structure organziationally the physical LAN in several (virtual) groups. A VLAN divdes the users  of a local Network in several logical groups. When a broadcast is send, it only reaches  those users, who are belonging to the group who has the permission to get the informations. In cause of this structuring the collisions are decreased and more security is achieved by the ability that only those users recieve the pakets whom they belong to. 

We divide the ports in Access Ports and Infrastructure Ports.

Access Ports have following characteristics:
- the wireless clients are connected on them
- Access Ports have one VLAN ID (PVID)
- Accesss Ports sending and recieving without a tag

Infrastructure Ports have following characteristics:
- they are connected to the infrastructure of the network  (Ethernet, Bridge) 
-Infrastructure ports have more than one VLAN ID.
-Infrastructure ports send and recive with tag
-PVID's are for infrastructure ports not important

A trunk Link: is a trunk of several virtual LAN's to a physical cable.

Ports who recieve the "untagged Frames", are only a member of one VLAN. They add the correspondent tag to the VLAN-ID (PVID) at the receipt. Those ports are always sending frames without  a VLAN-tag to the Clients.

Ports wich recieve tagged Frames,  recieve frames of several VLAN's. These ports are called also Trunk-Ports. They
are often members of quite a few VLAN's and sending always frames with tags, to get the VLAN affiliation of the frame and for identifying to which device this frame belongs.


An exemplary Scenario


In the following configuration guide we will picture an exemplary scenario, which is used in the most cases.



 

As we can see in the picture above, there are existing two Networks. One is the intranet and the other one is the public network where for example guests are allowed to go to the internet but are not allowed to access the intranet. This example can also be transferred to several Hotspot solutions. To configure this example please follow these steps:



1. Creating a  VLAN

After  the configuration of the SSIDs please go to the main menu and select following menu :
Config -> VLAN ->VLANs-> Add

                                 Config VLAN VLANs

     Command

----------------------------|----------------------------------------
                            |
   - Show         [ 3 ]     |
   - Add                    |
   - Edit         [ -> ]    |
   - Remove                 |

 

          Add a new VLAN.

 

Enter 'VLAN identifier' in prompt. [ESC] break.

16d20:05:56[admin]>
Here you've got to create the three Vlan's. Please notice that the VLAN ID 1 ist predefined as Management  ID. So therefor you've got to create only the VLAN's Intranet and Public. With please type in a number as VLAN ID (VLAN Identifier) and confirm with the return key.
Mit Eingabe geben Sie eine Zahl als VLAN ID (VLAN Identifier) ein . Afterwards you've got to give the VLAN a name. The next step then is to allocate a port for that VLAN. Therefore please navigate to the following menu: Config->VLAN->VLANs ->Edit->Select VLAN.



Select VLan

                   Config VLAN VLANs Edit

   Command                              vlan identifier

-----------------------------------|----------------------------------------
                                   |
   - Select VLAN  [ 1 ]            |  1
   - Add Port                      |  2
   - Edit Port                     |  3
   - Del Port                      |


          Select the VLAN (VLAN ID) to configure.


Select from list or enter 'vlan identifier' in prompt. [ESC] break.

16d20:08:47[admin]>
Now please select a VLAN ID or type in the number of the one which you want to edit. After that mark the port which you want to assign the VLAN via following menu:
- Menu: Config->VLAN->Edit->Add Port  selec the port which you want to add and confirm with return. 
To complete this part please change to the menu edit port which is in the same submenu. Here you can edit the sending rules (egress rules), for example whether the VLAN information element should be removed from the  frames which are send via this port or not. In this case you've got chose untag. If you don't want to remove them you've got to choose Tag. Please confirm your selection with Return.


Add/Edit Port
                     Config VLAN VLANs Edit

   Command                            Port

-----------------------------------|----------------------------------------
                                   |
   - Select VLAN  [ 2 ]            |  eth1
   - Add Port                      |  wl1_ap02
   - Edit Port                     |
   - Del Port                      |

   Edit a port of the selected VLAN, i.e. edit the egress rule
 
   (Tag/Untag frames transmitted out of this port).

Select from list or enter 'Port' in prompt. [ESC] break.

16d20:11:36[admin]>
To have an overview of the configuration please change to following
menu: Config -> VLAN ->VLANs->Show
Here you can see the whole configuration in a tabular overview.

Show VLAN
                  Config VLAN VLANs

 VID      Name           Port         Egress Rule

------------------------------------------------------------------------------

 1        Management     eth1         Tag
                         eth2         Untag

 2        Public         eth1         Tag
                         wl1_ap02     Untag

 3        Intranet       eth1         Tag
                         wl1_ap01     Untag
2.Configuring the recieve rules per port

After you've configured which leaving frame should be marked with a tag. Now you've got to configure what to do with the incoming frames.

In this case you've got to assign the Ports a PVID. To manage what happens with incoming frames. This is called as ingress rules. In a so called matrix  you can specifiy which pakets are allowed to pass the port an which should be dropped.

To configure that,  please navigate to the following menu:
Config->VLAN->PVID->Edit->Select -  choose the port which you want to configure for the incoming frames and confirm with return.

Select Port

                          Config VLAN PVID Edit

   Command                                              Parameters

-----------------------------------------------------|------------------------
                                                     |
 1 - Select Port  [ wl1_ap01 ]                       |  Port VID
 2 - PVID         [ 3 ]                              |
 3 - Drop Untagged[ disabled ]                       |
 4 - Drop NonMemb.[ enabled ]                        |


 
After that you've got to go the this menu Config->VLAN->PVID->Edit->PVID  and assign that port the VLAN ID with which that untagged frame should be tagged. For confirmation please enter the Return key.

PVID Edit

                       Config VLAN PVID Edit

   Command                                  port identifier

-----------------------------------------|------------------------------------
                                         |
   - Select Port  [ wl1_ap01 ]           |  wl1_ap02
   - PVID         [ 3 ]                  |  wl1_ap01
   - Drop Untagged[ disabled ]           |  eth2
   - Drop NonMemb.[ enabled ]            |  eth1
 

          Set the rx port's vlan identifier.
Enter a number or name, "=" main menu, [ESC] previous menu.

16d21:21:27[admin]>
Config->VLAN->PVID->Edit->Drop untagged 

if you want that all the untagged frames, which you recieve over this port should be dropped, you 've got to select enabled. Ohterwise please select disable.

Config->VLAN->PVID->Edit->Drop NonMemb

if you want that all the tagged frames which are not member of a chosen port and therefor has to be dropped you've got to chose enabled. If you want to let them pass select disabled.  

With the submenu "Show" you can have an overview of the of your configuration.

Show PVID
                              Config VLAN PVID

 Port         PVID     Drop non members     Drop untagged frame

------------------------------------------------------------------------------

 wl1_ap02     2        enabled              disabled
 wl1_ap01     3        enabled              disabled
 eth2         1        enabled              disabled
 eth1         1        enabled              enabled

 
The result of our configuration is the following matrix:

VLAN eth1 eth2 wl1_01ap wl1_02ap
1
2
3




 

= forwarding

= dropping

 
3. Activating the VLAN and setting the Management ID

The last step now is to activate the configuration To do this please change to following menu:
Config->VLAN->Admin->Mgmt VID and select the VLAN ID which you've want to be the Management VLAN. 
After that you've got to activate it with  Config->VLAN->Admin->Status by setting the status from disabled to enabled .


4. Configurin the  VLAN-Switch
To fullfill the example we will show a examlary configuration of a VLAN Switch. We've created following VLans:


Vlans:  NAME:   VID:
---------------------------
              default    1
              Public     2
              intranet   3

Below you can see the ports to whose we assigned a PVID.

 VLAN configuration and assignement of the ports

2013 bintec elmeg GmbH