When configuring VLANs on the site level, it means that the Socket sends tagged packets with the VLAN ID (VID) attached to it.
On the switch, the configuration is straightforward - any layer 2 switch that supports VLAN tagging/ 802.1q can work with such a configuration. VLAN support does not require a layer 3 switch.
When configuring VLANs on the switch, the VLAN IDs (VIDs) must match between the Socket and the switch.
The Native Range of LAN01 can be configured with a specific VLAN ID, in this configuration:
Traffic in this Native Range is expected to be tagged with the configured VLAN ID.
Traffic arriving untagged or with a different VLAN ID will be dropped by the Socket.
The Socket can provide a DHCP range for the Native Range, which will be tagged with its configured VLAN ID. This can be useful for providing an IP address for the switch management interface on this VLAN.
The native VLAN can be a transit /30 network.
4 comments
Las Vlans en el socket funcionan saltando el FW o subenel trafico a la nube directo?
Hola Victor Manuel García,
Las VLAN en el Socket pueden saltar o no el Firewall, dependiendo de cómo configure su enrutamiento.
Supongamos que desea tener un control estricto del tráfico entre las VLAN. Simplemente no cree una ruta para ellos y cree una política para esto en el Firewall WAN. En ese caso, el tráfico va al PoP para ser revisado y usted puede controlar qué hosts de cada VLAN podrán establecer comunicación, o servicio, o horario del dia.
Por otro lado, supongamos que tiene una VLAN dedicada a impresoras o CCTV, por ejemplo, y en ese caso, desea permitir que otros hosts de VLAN accedan a ella y confía en esa VLAN específica. Puede crear una ruta local en el Socket para ayudarlo con eso. No se crean reglas de firewall y no se envía tráfico al PoP, siendo enrutado en el sitio, por el socket, como un modelo de enrutador en un stick.
=========================
The VLANs in the Socket may or may not jump the Firewall, depending on how you configure your routing.
Let's suppose you want to have strict control of the traffic between VLANs. You simply don't create a route for them and create a policy for this in the WAN Firewall. In that case, the traffic goes to the PoP to be checked, and you can control which hosts of each VLAN will be able to establish communication.
In another hand, let's suppose you have a VLAN that is dedicated to printers, or CCTV, for example, and in that case, you want to allow some other VLAN's hosts to access it, and you trust that specific VLAN. You can create a local route in the Socket to help you with that. No Firewall Rules are created, and no traffic is sent to the PoP, being routed in the Site, by the Socket, such as a Router-on-a-stick design.
Can this native vlan be a transient /30 network?
Angela Ramirez Yes. Updated the article to state: The native VLAN can be a transient /30 network.
Please sign in to leave a comment.