Vlan Support; Tag-Based Vlans; Configuring A Vlan - Nokia IP40 User Manual

6
Managing Your Local Area Network
Note
You can disable the DMZ network in Nokia IP40 v2.0 Security Platform.

VLAN Support

A VLAN is a logical network behind your Nokia IP40. Computers in the same VLAN behave
like computers that are on the same physical network. Any traffic flows freely between these
without the intervention of the firewalls. Traffic between a VLAN and other networks flows as
per the security policy set by the user.
By configuring a VLAN, you can assign each division within your organization to different
VLANs regardless of their physical location. You can partition your network into several virtual
networks.
By default, traffic from VLAN to any other internal network is blocked. Hence, VLANs increase
security and reduce network congestion.
Nokia IP40 v2.0 supports tag-based Virtual LANs (VLANs).

Tag-Based VLANs

In a tag-based VLAN you use one of the gateway's ports as a 802.1Q VLAN trunk, connecting
the Nokia IP40 to a VLAN switch. Each VLAN behind the this trunk is assigned an identifying
number called VLAN ID or VLAN tag. Tagging ensures that traffic is directed to the correct
VLAN.
All outgoing traffic from a tag-based VLAN contains the VLAN tag in the packet headers.
Incoming traffic to the VLAN must contain the VLAN tag as well, with out which, the packets
are dropped.

Configuring a VLAN

You can configure VLAN by using GUI and command-line interface.
The following sections provide information about how to configure a VLAN by using IP40 Web
portal (GUI).
To configure a VLAN
1. Choose Network from the main menu.
2. Click My Network.
The My Network window opens with a Add VLAN tab at the bottom.
3. Click Add VLAN.
The Edit Network Settings window opens.
100 Nokia IP40 Security Platform User's Guide v2.0