Virtual LAN Configuration Guide Version 9



Similar documents
Radius Integration Guide Version 9

Cyberoam Multi link Implementation Guide Version 9

High Availability Configuration Guide Version 9

HTTP Client Installation Guide Version 9

ADS Integration Guide

SSL VPN Client Installation Guide Version 9

Cyberoam IPSec VPN Client Configuration Guide Version 4

IPSec VPN Client Installation Guide. Version 4

SOFTWARE LICENSE LIMITED WARRANTY

Cyberoam Anti Spam Implementation Guide Version 9

CYBEROAM WINDOWS DOMAIN CONTROLLER INTEGRATION GUIDE VERSION:

Cyberoam Anti Spam Configuration Guide Version 9

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

Cyberoam Anti Virus Implementation Guide Version 9

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Cyberoam Anti Spam Implementation Guide Version 9

SSL VPN Management Guide Version 10

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Version: 4.10 Build 010 Date: April, 2008

User Guide Version 9 Document version /03/2007

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Thin Client Solution Installation Guide Version

User Guide Version 9.5.8

Unified Threat Management

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

What is VLAN Routing?

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

SSL VPN User Guide Version 10

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

SolarWinds. Packet Analysis Sensor Deployment Guide

User Manual. Page 2 of 38

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

VCCC Appliance VMware Server Installation Guide

axsguard Gatekeeper Internet Redundancy How To v1.2

Switching in an Enterprise Network

Self Help Guides. Create a New User in a Domain

How To - Deploy Cyberoam in Gateway Mode

Defender Delegated Administration. User Guide

Self Help Guides. Setup Exchange with Outlook

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Configuring PA Firewalls for a Layer 3 Deployment

System Requirements. Installation. Microsoft SQL Express 2008 R2 Installation

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

SonicWALL Security User Guide

Dell One Identity Cloud Access Manager How to Configure for High Availability

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

UTM Quick Installation Guide

Pulse Redundancy. User Guide

Quick Connect Express for Active Directory

GVRP Overview. Overview

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Internet Redundancy How To. Version 8.0.0

Dell One Identity Cloud Access Manager Installation Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Cisco Collaboration with Microsoft Interoperability

Abstract. Avaya Solution & Interoperability Test Lab

VPN Tracker for Mac OS X

Network Agent Quick Start

BlackBerry Mobile Voice System - BlackBerry MVS Client

1. GRANT OF LICENSE. Acunetix Ltd. grants you the following rights provided that you comply with all terms and conditions of this EULA:

Simulating Transparent Mode for Multiple Subnets

SANGFOR SSL VPN. Quick Start Guide

VLANs. Application Note

Intel Device View. User Guide

BES10 Self-Service. Version: User Guide

HyDraw License Server Manager

formerly Help Desk Authority Upgrade Guide

EMC Data Domain Management Center

MiSync Personal for Beams

Integrating Skype for SIP with UC500

Employee Time Clock User Manual

SolarWinds Technical Reference

Operation Manual Videohub Software Control. Mac OS X Windows

Copy Tool For Dynamics CRM 2013

Security Analytics Engine 1.0. Help Desk User Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

empower Authentication Manual, Version 3.7

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

MDM Zinc 3.0 End User License Agreement (EULA)

GFI Product Manual. Administration and Configuration Manual

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Installation of the On Site Server (OSS)

Palo Alto Networks User-ID Services. Unified Visitor Management

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Achieving PCI-Compliance through Cyberoam

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

VPNC Interoperability Profile

Barracuda IM Firewall Administrator s Guide

Transcription:

Virtual LAN Configuration Guide Version 9 Document version 96-1.0-12/05/2009

2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE The Appliance described in this document is furnished under the terms of Elitecore s End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by Commtouch. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore s or its supplier s liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 1999-2009 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com, www.cyberoam.com

3 Contents Technical Support 4 Typographic Conventions 5 Introduction 6 Cyberoam and VLAN support 6 VLAN Implementation Sample 7 Define Virtual Subinterface 9 VLAN Management 11

4 Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office elitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-26400707 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.

Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example Server Client User Username Part titles Bold and shaded font typefaces Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system Report Topic titles Shaded font typefaces Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Lowercase italic type Hyperlink in different color Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic Notes & points to remember Prerequisites Bold typeface between the black borders Bold typefaces between the black borders Note Prerequisite Prerequisite details 5

6 Introduction Local area network consists of the devices in the same broadcast domain. Routers stop broadcasts while switches just forward them. Virtual LAN (VLAN) is a broadcast domain configured on switch on a port-by- port basis. Generally, router creates the broadcast domain but with VLAN, a switch can also create a broadcast domain. VLAN allow you to segment your switched network so that broadcast domains are smaller, leaving more bandwidth for your end nodes. Devices that are in one VLAN can communicate with each other but cannot communicate with the devices in another VLAN. The communication among devices on a VLAN is independent of the physical network. A VLAN segregates devices by adding 802.1Q VLAN tags to all of the packets sent and received by the devices in the VLAN. VLAN ID/tags are 4-byte frame extensions that contain a VLAN identifier as well as other information. Advantages Increased Port density Logical segmentation of Network irrespective of physical placement Granular security on heterogeneous LANs Improved Network throughput as VLAN confines broadcast domain Cyberoam and VLAN support Cyberoam support VLANs for constructing VLAN trunks between an IEEE 802.1Q-compliant switch or router and the Cyberoam Appliances. Normally, the Cyberoam Appliance internal interface connects to a VLAN trunk on an internal switch, and the external interface connects to an upstream Internet router. Cyberoam can then apply different policies for traffic on each VLAN that connects to the internal interface. In a typical VLAN configuration, 802.1Q-compliant VLAN layer-2 switches or layer-3 routers add VLAN IDs to packets. Layer-2 switches can handle packets passing between devices in the same VLAN. A layer-3 device such as router or layer-3 switch must handle packets passing between devices in different VLANs. Cyberoam appliance functions as a layer-3 device to control the flow of packets between VLANs. Cyberoam can also remove VLAN IDs/tags from incoming VLAN packets and forward untagged packets to other networks, such as the Internet. VLAN support on Cyberoam is achieved by means of virtual interface, which are logical interfaces nested beneath a physical interface/port. Every unique VLAN ID requires its own virtual interface. You add virtual interfaces to the Cyberoam s internal interface that have VLAN IDs that match the VLAN IDs of packets in the VLAN trunk. Cyberoam then directs packets with VLAN IDs to interfaces with matching VLAN IDs. You can also define virtual interfaces on all the Cyberoam interfaces except the external interface i.e. interface for the WAN zone. Cyberoam can add VLAN IDs to packets leaving a VLAN interface or remove VLAN IDs from incoming packets and add a different VLAN IDs to outgoing packets.

7 Virtual interface has most of the capabilities and characteristics of a physical interface, including zone membership, security services, routing, access rule controls, virus, and spam scanning. Cyberoam supports up to 4093 interfaces. Using VLANs, a single Cyberoam appliance can provide security services and control connections between multiple domains. Configure Different VLAN IDs for the traffic of each domain. Cyberoam recognizes VLAN IDs and applies security policies to secure network between domains. Cyberoam also applies authentication, various policies, and firewall rule features for network. Note VLAN (Virtual LAN) tags will be preserved even when antivirus scanning, spam filtering and web filtering using Internet Access Policy (IAP) are applied to VLAN tagged traffic in Bridge mode. VLAN Implementation Sample VLAN is a switched network logically segmented by functions, project teams, or applications without regard to the physical location of users. For example, several workstations grouped as a department, such as engineering or accounting. When the workstations are physically located close to one another, you can group them into a LAN segment. You can group workstations in VLAN without regards to the physical location of workstations e.g. group workstations on different floors, building of an enterprise in a VLAN. You can assign each switch port to a VLAN. Ports in a VLAN share broadcast traffic. Ports that do not belong to that VLAN do not share the broadcast traffic. Below given example illustrates a typical deployment of a VLAN with an SME that spans over multiple floors.

8 In the above given example, Network has Cyberoam and VLAN switch, Web server farm and mail server (DMZ zone) are also located in the same room while Management workstations and laptops (LAN zone) are physically distributed. Switch on first floor provides connectivity to the Engineering department and all the ports of this switch are assigned to VLAN 100. Switch on second floor provides connectivity to the Sales & Marketing department and all the ports of this switch are assigned to VLAN 200. Switch on third floor provides connectivity to the HR & Admin department and all the ports of this switch are assigned to VLAN 300. Cyberoam internal interfaces connect to: A VLAN switch using an 802.1Q trunk and is configured with 3 Virtual Interfaces (VLAN 100, VLAN 200, and VLAN 300). Network in LAN zone Network in DMZ The external interface connects to the internet and is not configured with virtual subinterfaces. When the switch receives packets from VLAN 100, VLAN 200, and VLAN 300, it applies VLAN ID tags and forwards the packets to local ports and across the trunk to the Cyberoam appliance. The Cyberoam appliance has policies that allow traffic to flow between the VLANs and from the VLANs to the external network as well as to and from LAN zone.

Define Virtual Subinterface Select System Configure Network Manage Interface and click Add VLAN Subinterface button to open the create page Screen Add VLAN Subinterface screen elements Screen Elements Description Add VLAN Subinterface Physical Interface Select parent Interface of virtual subinterface. Virtual subinterface will be the member of selected physical Interface/Port VLAN ID Specify VLAN ID. The interface VLAN ID can be any number between 2 and 4094. The VLAN ID of each Virtual subinterface must match the VLAN ID of the packet. If the IDs do not match, the virtual subinterface will not receive the VLAN tagged traffic. Virtual Interfaces added to the same physical interface cannot have the same VLAN ID. However, you can add virtual subinterfaces with the same VLAN ID to different physical interfaces IP address and Netmask Specify IP address and netmask for the interface. Assign static IP address only. Only static IP address can be assigned and Subnet ID should be unique across all the physical/virtual subinterfaces Zone Select a Zone to assign to the virtual subinterface. Virtual subinterface will be the member of the selected zone. Virtual subinterface created will remain unused until it is included in a zone. Virtual subinterface can be the member of LAN, DMZ or custom zone. Please note: 1. Zone membership can be defined at the time 9

of defining virtual subinterface or later whenever required. 2. One can also create a custom zone for virtual subinterface and virtual subinterface can be the member of this custom zone. Refer To create Zone on how to create custom zone. Create button 3. Virtual subinterface cannot be the member of WAN zone Click to save the configuration and creates virtual subinterface. Interface details (System>Configuration Network>Manage Interface page) will display newly defined virtual subinterface under the physical interface selected in step 1 Table Add VLAN Subinterface screen elements If the custom zone is created for Virtual subinterface, two default firewall rules for the zone are automatically created depending on zone type of the custom zone. For example, if the zone type for the virtual interface is LAN, two default firewall rules under virtual subinterface to WAN zone are automatically created based on the default LAN to WAN zone firewall rules. To define Zone membership of Virtual Subinterface 1. Select System Zone Manage and click the Zone in which the virtual subinterface is to be included. 2. Click the virtual subinterface to be included from the Available Port(s) list and click to move to the Member Port(s) list. 3. Specify description 4. Click Save button Once the virtual interface is defined and is included in a zone, it can be treated exactly same as the physical interface. Customization of firewall rules that govern the traffic between VLANs and other interfaces, IDP policies and virus and spam scanning can be performed the same way as done with the physical interface. 10

11 VLAN Management Use to: Update virtual subinterface details Change Zone membership Delete virtual subinterface Update Virtual subinterface 1. Select System Configure Network Manage Interface and click the Edit icon against the Interface whose details is to be updated 2. Displays Interface name which cannot be updated 3. Displays IP address and netmask assigned to the Interface. Modify, if required. Assign static IP address only and subnet ID should be unique across all the physical/virtual subinterfaces. 4. Click Update button to save the changes. Screen Edit Virtual subinterface

12 To change Zone membership of Virtual subinterface To changes the zone membership, first remove the membership of the Virtual subinterface from the zone and then define the membership in the required zone. To remove the membership, refer To remove Zone membership of Virtual subinterface. To define the membership, refer To define Zone membership of Virtual subinterface. Delete Virtual subinterface Prerequisite Vertical subinterface should be the member of any zone No firewall rule created for the virtual subinterface Select System Configure Network Manage Interface and click the Delete icon against the Interface to be deleted Screen Delete Virtual subinterface

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information