Cisco Systems ISA550

Networking

Configuring a VLAN

Cisco ISA500 Series Integrated Security Appliances Administration Guide 138

STEP 1 To add a new VLAN, click Add. To modify the settings for a VLAN, click the Edit

(pencil) icon.

Other options: To delete a VLAN, click the Delete (x) icon. The default VLANs

cannot be deleted.

STEP 2 In the Basic Settings tab, enter the following information:

•Name: Enter the name for the VLAN.

•VLAN ID: Enter a unique identification number for the VLAN, which can be

any number from 3 to 4089. The VLAN ID 1 is reserve d for the DEFAULT VLAN

and the VLAN ID 2 is reserved for the GUEST VLAN.

•IP Address: Enter the subnet IP address for the VLAN.

•Netmask: Enter the subnet mask for the VLAN.

•Spanning Tree: Check this box to enable the Spanning Tree feature to

determine if there are loops in the network topology. The Spanning Tree

Protocol (STP) is a link layer network protocol that ensures a loop-free

topology for any bridged LAN. The STP is used to prevent bridge loops and

to ensure broadcast radiation.

•Voice VLAN: Check the box if you want voice applications to use this VLAN.

•Port: Assign the LAN ports to the VLAN. Traffic through the selected LAN

ports is directed to the VLAN. All available ports including the dedicated LAN

ports and the configurable ports appear in the Port list.

Choose the ports from the Port list and click Access to add them to the

Member list and set the selected ports as the Access mode. Alternatively,

you can choose the ports from the Port list and click Trunk to add them to

the Member list and set the selected ports as the Trunk mode.

NOTE: This setting will change the port type and access mode of the

selected physical ports. For example, choose a port that was set as a DMZ

port and add it to the Member list. The DMZ port will be configured as a LAN

port. Changing the port type will wipe out all configuration relative to the

physical port.

•Zone: Choose the zone to which the VLAN is mapped. By default, the

DEFAULT VLAN is mapped to the LAN zone, the GUEST VLAN is mapp ed to

the GUEST zone, and the VOICE VLAN is mapped to the VOICE zone. You can

click the Create Zone link to view, edit, or add the zones on the security

appliance.