Manual:Network/VLAN

From Compex Wiki
Jump to: navigation, search

VLAN

A local area network (LAN) can be divided into multiple distinct virtual LANs (VLANs) with the use of VLAN switches. This improves the management and security of the network. The broadcast domain of a device on a VLAN is confined to all devices on the same VLAN.

VLAN in the newer QSDK firmware

QSDK VLAN Management Page.png

This is how the web page appears in the new QSDK firmware. It uses the OpenWRT style of tagging the VLANs. In this example, the VLAN ID 100 is for VLAN Sales. A Sales user will connect to the SSID "Sales1", which is ath0. This ath0 is "untagged". The eth0 is "tagged". This means that untagged packets moving from ath0 to eth0 will become tagged with VLAN ID 100.

Next, the VLAN ID 200 is for VLAN RD. An RD user will connect to the SSID "RD1", which is ath1. This ath1 is "untagged". The eth0 is "tagged". This means that untagged packets moving from ath1 to eth0 will become tagged with VLAN ID 200.

Therefore, eth0 is an Ethernet trunk. It contains packets tagged with VLAN ID 100 as well as packets tagged with VLAN ID 200.

Now for the other direction. Consider tagged packets being received by the AP on eth0. Packets tagged with VLAN ID 100 will be moved to ath0 and be untagged at the same time. The ath1 is "off", meaning that it is disconnected from this VLAN. Untagged packets received by the AP on eth0 will be discarded.

When the AP receives packets tagged with VLAN ID 200 on eth0, they will be moved to ath1 and be untagged at the same time. The ath0 is "off", meaning that it is disconnected from this VLAN.

When users connected to SSID "Sales1" navigate to 192.168.2.2, they will be able to login to see this AP's web page.

If there are multiple SSIDs or virtual APs (VAPs), these interfaces will appear as additional columns in this table.

You can select "tagged", "untagged", or "off" for each interface. It is not allowed to have multiple "untagged" on an interface. The following picture shows the error message:

Error Interface is untagged in multiple VLANs.png

Otherwise untagged packets received on this interface will go to multiple VLANs, which is not logical. A single VLAN would be sufficient.

VLAN in the older LSDK firmware

VLAN Client.jpg

VLAN Master.jpg

The next section describes the options available on the web page.

Following that, some scenarios that use the CompexWRT VLAN Management and VLAN Ethernet Trunk are explained in detail.

Options

The Network ➤ VLAN page contains the sections for VLAN Management and VLAN Ethernet Trunk.

VLAN Management

The VLAN Management section controls individual VLANs according to the IEEE802.1Q standards. Within the subsection for VLAN entries, each row represents one VLAN ID.

CpxWRT Network VLAN Entries.png

The first row is given by default. It is the native or untagged VLAN.

Add: Inserts a new row corresponding to a new VLAN. The IP address field should be distinct for different devices.

Managed VLAN: Allows computers on this VLAN to access the device's configuration web page.

VLAN ID: Specifies the identifier for the VLAN. It is an integer from 2 to 4094.

Priority: Chooses the priority for transmitting packets, which is IEEE802.1D compatible. This is a number from 0 to 7. The number 7 represents the highest priority.

DHCP Client: Specifies if the device receives a dynamic or static IP address.

IP address: Sets the IP address of the router as seen by other devices on this VLAN.

Netmask: States the netmask of the subnet defined by this VLAN.

Bridge WIFI: This option is deprecated. This selects the wireless network for which its interface would be bridged to the tagged VLAN Ethernet interface. The choice All Others would select all other wireless networks that are currently not selected.

Wifi Tagging: This option is deprecated. This tags the Ethernet frames sent over Wifi.

Bridge WIFI tagged: Selects the wireless network for which its interface would be bridged to the VLAN interface. There is no stripping of the VLAN tag.

Bridge WIFI untagged: Selects the wireless network for which its interface would be bridged to the VLAN interface. Packets sent out will be stripped of the VLAN tag. Packets received into the board will add the VLAN tag. This allows clients such as mobile phones and laptops to connect wirelessly.

Ethernet Selection: Selects the physical port for which its interface would be bridged to the VLAN interface of this row. For example, 'eth1.N (LEFT)' for the VLAN ID N=1051 means that packets will be sent out and received into the left physical port. There is no stripping of the VLAN tag. If 'eth1 (LEFT)' was selected, packets sent out from the left physical port will be stripped of the VLAN tag, and packets received into the left physical port will add the VLAN tag.

Description: Provides a short description of the VLAN.

VLAN Ethernet Trunk

This section may be removed in the future because any configuration here can be done in the VLAN Management Section.

The VLAN Ethernet Trunk links the tagged Ethernet interfaces to the untagged wireless interfaces. Within the subsection for the VLAN Ethernet Trunk Entries, each row represents one VLAN ID.

CpxWRT Network VLAN Ethernet Trunk.png

Ethernet Trunk VLAN ID: Sets the VLAN ID of the separate VLANs to connect.4

Priority: Chooses the priority for transmitting packets. This is a number from 0 to 7. The number 7 represents the highest priority.

Bridge WIFI: Selects the wireless network (untagged) that would be linked to the Ethernet interface (tagged).

Scenarios

VLAN Management Scenario 1:

3 SSIDs with different VLAN IDs
Examples of usage:
SSID1 (ath0) with VLAN1500 – Internet Traffic
SSID2 (ath1) with VLAN1600 – Wireless Radio Management
SSID3 (ath2) with VLAN1700 – Intranet Traffic

CpxWRT Network VLAN Scenario 1-1.png

SSID2 (ath1) has Managed VLAN ticked, and 192.168.4.0/24 is able to use webpage to manage the devices.

CpxWRT Network VLAN Scenario 1-2.png

AP connected to 3 stations with different VLAN IDs.

VLAN Management Scenario 2:

Multiple VAPs in same interface
Add multiple VAPs in same interface with VLAN ID.

CpxWRT Network VLAN Scenario 2-1.png

CpxWRT Network VLAN Scenario 2-2.png

Clients with different SSIDs to connect different servers.

VLAN Management Scenario 3:

SSID with different VLAN IDs

CpxWRT Network VLAN Scenario 3-1.png

CpxWRT Network VLAN Scenario 3-2.png

AP connected to Station with 3 different VLAN IDs on same SSID.

CpxWRT Network VLAN Scenario 3-3.png

Virtual AP (VAP) on the same Station with VLAN ID 1500 (Untagged).

The above VAP would be connected with the Station with VLAN ID 1500, and forward Internet Traffic to the users who are connected to the VAP.

VLAN Management Scenario 4:

DHCP client at VLAN Management

CpxWRT Network VLAN Scenario 4-1.png

CpxWRT Network VLAN Scenario 4-2.png

Device enabled DHCP client with VlanID at Ethernet port, set IP at Vlan Management as 0.0.0.0. If you ticked at the box, you can access the web page with DHCP client IP after device gotten IP from DHCP server. Please check the IP status at network status page.

VLAN Ethernet Trunk Scenario:

VLAN IDs at Ethernet port and untagged VLAN IDs at SSIDs

Example of usage:
SSID1 (ath0) with VLAN100 – Network Service Provider
SSID2 (ath1) with VLAN200 – Telco Server
SSID3 (ath2) with VLAN300 – Application Service Provide (ASP)

CpxWRT Network VLAN Scenario 5-1.png

If you want to add more VAPs in same interface that allow you to add it in as below figure. SSID4 (ath3), SSID5 (ath4) and SSID6 (ath5).

CpxWRT Network VLAN Scenario 5-2.png

CpxWRT Network VLAN Scenario 5-3.png

Examples of Applications:

Broadband Remote Access Servers (BRAS)

The BRAS makes use of VLAN ID to differentiate the services to the end-users. It would then provide the different services to different end-users connected with different SSIDs.