Shulou(Shulou.com)06/01 Report--

VLAN can divide the network into multiple broadcast domains, which can effectively control the broadcast storm and control the mutual access between different departments and network segments in the network. If you already have a layer 3 switch, you can divide the VLAN directly on the layer 3 switch. Please refer to: how to connect the multi-VLAN layer 3 switch to the WFilter Internet behavior management system?

In an environment without a layer 3 switch, you can directly use WFilter NGF (WSG Gateway) to divide the VLAN. Two VLAN partitioning methods are supported:

VLAN partitioning based on ports. One VLAN per port to connect to the layer 2 switch.

802.1Q VLAN (one-arm routing). Connect with the trunk port of the switch and realize the encapsulation of multiple VLAN through one port.

This article describes how to configure these two ways.

1. Divide VLAN based on port

As shown in the figure, in the "unclassified" of "Interface Settings", click the "Edit" icon on the right side of the network card, and select "different network segments" of "intranet" to set a new network segment.

Enable DHCP services for new network segments (optional)

In this way, you can enable a new network segment on the interface and connect a switch to the interface. Port-based VLAN with no requirements for switch devices. Its disadvantage is that it can only have one VLAN per port, which requires multiple ports to support on the NGF device.

2. 802.1Q VLAN (one-arm routing)

Compared with port-based VLAN, 802.1Q VLAN has higher requirements for switches and relatively complex configuration. However, multiple VLAN can be implemented on a single interface, which is also an important way to partition VLAN. This mode is also known as "one-arm routing" mode. There are several points to pay attention to:

The gateway device needs to be connected to the trunk port of the switch.

You also need to divide the VLAN on the switch.

The interface on which the switch connects to the gateway device should be a layer 2 port.

The following is the relevant configuration of WFilter NGF (WSG Gateway). The configuration of the switch will not be described in detail.

First add the corresponding VLAN to the VLAN Settings.

Then go to Interface Settings, edit the newly added VLAN, and set the IP address and DHCP service. As shown in the figure:

Two VLAN partition schemes for WFilter NGF (WSG Gateway) are listed above. Reasonable VLAN division can bring great benefits to the management of local area network. It is recommended that you choose the most suitable scheme according to your actual environmental needs.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.