Vlan Applications, Traffic Domain Isolation

VLANs

6.2 VLAN Applications

6.2.1 Traffic Domain Isolation

VLANs are most often used for their ability to restrict traffic flows between groups of devices.

Unnecessary broadcast traffic can be restricted to the VLAN that requires it. Broadcast storms in one VLAN need not affect users in other VLANs.

Hosts on one VLAN can be prevented from accidentally or deliberately assuming the IP address of a host on another VLAN.

By configuration of the management VLAN, a management domain can be established that restricts the number of users able to modify the configuration of the network.

The use of creative bridge filtering and multiple VLANs can carve seemingly unified IP subnets into multiple regions policed by different security/access policies.

Multi-VLAN hosts can assign different traffic types to different VLANs.

Figure 115: Multiple overlapping VLANs

RS400

175

ROS™ v3.5

Page 175

Image 175

RuggedCom RS400 manual Vlan Applications, Traffic Domain Isolation

Contents

Rugged Operating System ROS V3.5 User Guide Registered Trademarks WarrantyCopyright Disclaimer of liability Table Of Contents DNP 109 Igmp 221 Page Table Of Figures WIN and TIN Form 160 Port Lldp Parameters Form 216 Document Conventions Supported PlatformsWho Should Use This User Guide How Chapters are organized Firmware/User Guide Version Numbering System Applicable Firmware Revision Administration Using the RS232 Port to Access the User InterfaceROS User Interface Structure of the User Interface Making Configuration Changes ROS Secure Shell Server ROS Web Server Interface Using a Web Browser to Access the Web Interface Log in to The Device with a Web Browser ROS RS400 Main Menu via Web Server Interface Structure of the Web Interface Parameters Form Example Updating Statistics Displays Administration Menu Administration Menu IP Interfaces Table IP Interfaces Mgmt TypeIP Address Type IP Address Synopsis ###.###.###.### where ### ranges from 0 to DefaultSubnet Destination IP GatewaysGateway Web Server Users Allowed IP ServicesInactivity Timeout Telnet Sessions Allowed SSH Sessions Allowed Synopsis 1 to 254 or Disabled Default DisabledSynopsis Disabled, Enabled Default Enabled ModBus Address Location Login BannerSystem Identification System Name Synopsis Local, Radius Default Local PasswordsAuth Type Admin Username Administration Guest UsernameGuest Password Operator Password Time Zone Time and DateTime Date NTP Server Address Default UTC-000 Lisbon, LondonNTP Update Period Synopsis 1 to Default 60 min Snmp Users Snmp Management Auth Key NameAuth Protocol Priv Protocol SecurityModel Administration Priv KeySynopsis snmpV1, snmpV2c, snmpV3 Default snmpV3 Snmp Security to Group Maps Synopsis Any 32 characters Default Snmp AccessGroup WriteViewName Synopsis noView, V1Mib, allOfMib Default noViewSecurityLevel ReadViewName Administration NotifyViewName Radius overview User Login Authentication and Authorization Vendor Server Radius Server ConfigurationDefault Primary Synopsis ###.###.###.### where ### ranges from 0 to Auth UDP Port TACACS+ TACACS+ Server Configuration TACACS+ Server Form Auth TCP Port Dhcp Server Address Dhcp Relay Agent N/A for RMC30 Syslog Configuring Local SyslogAdministration Dhcp Client Ports Default Debugging UDP Port Configuring Remote Syslog ClientConfiguring Remote Syslog Server Synopsis 1025 to 65535 or Default Severity Facility Problem One Troubleshooting Serial Protocols 1 ‘Raw Socket’ protocol features2 ‘Preemptive Raw Socket’ protocol features Serial Protocols Overview 6 ‘WIN’ protocol features 3 ‘Modbus’ protocol features4 ‘DNP’ protocol features 5 ‘Microlok’ protocol features RTU Polling Serial Protocols Operation Broadcast RTU Polling Broadcast RTU Polling Permanent and Dynamic Master Connection Support Preemptive Raw Socket Message Packetization Use of Port Redirectors TCPModbus Performance Determinants Modbus Server and Client Applications RTU Worked Example Use of Turnaround Delay Concept of Links DNP 3.0, Microlok, TIN and WIN Applications Address Learning for DNP Address Learning Address Learning for TIN TIN Broadcast Messages Broadcast Messages DNP Broadcast Messages Transport for Protocols with Defined Links Use of Differentiated Services Code Point DscpTransport Protocols Transport for Raw Socket Optical loop topology Force Half Duplex Mode of Operation Serial Protocols Menu Serial Protocol Configuration and Statistics Serial Ports Table Serial Ports ForceHD Pack TimerSerial Protocols Port Protocol Raw Socket Default 0 ms Flow Control Pack CharTransport Rem Port Call DirMax Conns Loc Port Preemptive Raw Socket Table Preemptive Raw Socket Dyn Pack Timer Synopsis 3 to Default 10 msDyn Pack Char Synopsis 1 to maximum port number Serial Protocols TimeoutSynopsis 10 to Default 10 s Modbus Server Send Exceptions Response TimerModbus Client Auxiliary TCP Port Serial Protocols Forward Exceptions WIN and TIN TIN Transport Serial Protocols TIN ModeMessage Aging Timer Address Aging Timer WIN Dscp MicroLok 8 DNP Synopsis TCP, UDP Default TCPLearning Mirrored Bits Serial Protocols Aging Timer Mirrored Bits Form Device Address Table Device Addresses Synopsis 1 to maximum port number or Unknown Synopsis Any 31 characters DefaultAddress Remote IP Addr Synopsis Any 16 characters Default Default UnknownDynamic Device Addresses Aging Time Links Statistics Connection Statistics Serial Port Statistics Overrun Errors Packet ErrorsParity Errors Framing Errors Clearing Serial Port Statistics Resetting Serial Ports Problem Three Problem TwoProblem Four Page Ethernet Ports Controller Protection Through Link-Fault-Indication LFI Ethernet Ports Ethernet Ports Menu Ethernet Ports Configuration and Status Port Parameters Table Port Parameters Speed MediaState AutoN LFI Link Alarms Port Rate Limiting Table Port Rate Limiting Ingress Frames Port MirroringPort Mirroring Limitations Ingress Limit Target Port Synopsis Disabled, Enabled Default DisabledPort Mirroring Source Port Link Detection Options Synopsis Off, On, OnwithPortGuard Default OnwithPortGuardFast Link Detection Negative impact on overall system responsiveness PoE Parameters when applicable Pwr Limit AdminPowered Class Ethernet Ports Current EoVDSL Parameters when applicable ROS 106 RS400 Set Rate DS/US Mode SNR Mrgn Port StatusLink Link Rate DS/US Ethernet Ports Name Resetting PortsDuplex Page Ethernet Statistics Ethernet Statistics OutOctets Viewing Ethernet StatisticsSynopsis ----, Down, Up InOctets Ethernet Statistics InPkts ErrorPktsOutPkts Ethernet Port Statistics Table Viewing Ethernet Port Statistics Ethernet Port Statistics Form TotalInPkts CRCAlignErrorsEthernet Statistics InOctets TotalInOctets Pkt64Octets JabbersCollisions LateCollisions OutUcastPkts Ethernet Statistics OutMulticastsOutBroadcasts UndersizePkts Clear Ethernet Port Statistics Form Clearing Ethernet Port Statistics Rmon History Controls Remote Monitoring Rmon Interval IndexRequested Buckets Granted Buckets Rmon History Samples Synopsis Any 127 characters Default MonitorEthernet Statistics Owner StartTime SampleSynopsis Dddd days, Hhmmss Number of good Broadcast packets received Utilization Rmon Alarms ROS 126 RS400 Rising Thr Variable Rising Event Startup AlarmFalling Thr Value Rmon Events Table Rmon Events Last Time Sent Synopsis none, log, snmpTrap, logAndTrap Default logAndTrapSynopsis Any 31 characters Default public Community Rmon Event Log Table Rmon Event Log Synopsis Any 49 characters LogLogTime LogDescription Spanning Tree Rstp Operation State Rstp States and Roles Bridge and Port Roles Role How Port Costs Are Generated Edge PortsPoint-to-Point and Multipoint Links Path and Port Costs Bridge Diameter STP vs. Rstp Costs MST Regions and Interoperability Mstp Operation Msti Regional Root Mstp Bridge and Port Roles 5.2.2.1 Bridge RolesCist Root Cist Regional Root Boundary Ports Port RolesCist Port Roles Msti Port Roles Mstp versus Pvst Isolation of Spanning Tree ReconfigurationBenefits of Mstp Load Balancing Implementing Mstp on a Bridged Network Identify required legacy support Rstp in Structured Wiring ConfigurationsRstp Applications Select the design parameters for the network Decide upon port cost calculation strategy Rstp in Ring Backbone ConfigurationsChoose the root bridge and backup root bridge carefully Identify desired steady state topology Assign bridge priorities to the ring Rstp Port RedundancyIdentify edge ports Choose the root bridge Spanning Tree Menu Spanning Tree Configuration ERSTP Enhancements Synopsis STP, RSTP, Mstp Default RstpBridge Rstp Parameters Version Support Max Age Time Forward DelayBridge Priority Hello Time Bpdu Guard Timeout Synopsis STP 16 bit, Rstp 32 bit Default STP 16 bitCost Style Ports Port Rstp Parameters Rstp Cost Spanning Tree EnabledPriority STP Cost Spanning Tree Digest Synopsis Any 32 characters Default 00-0A-DC-00-41-74MST Region Identifier Revision Level Instance ID Bridge Msti Parameters Port Msti Parameter Table Port Msti Parameters Ports Bridge ID Spanning Tree StatisticsBridge Rstp Statistics Bridge Status Configured Max Age Configured Hello TimeConfigured Forward Delay Learned Forward Delay Port Rstp Statistics Table Port Rstp Statistics Role Status RX RSTs RX ConfigsTX Configs Cost Bridge Msti Statistics Table Bridge Msti Statistics Port Msti Statistics Table Port Msti Statistics Port Msti Statistics Form Spanning Tree Role Troubleshooting Problem Six Problem FiveProblem Seven Problem Nine Problem Eight Native Vlan Vlan OperationVLANs and Tags Tagged vs. Untagged Frames Vlan Ingress and Egress Rules Edge and Trunk Port TypesEdge Type Trunk Type Forbidden Ports List Egress RulesVLAN-aware and VLAN-unaware operation modes Gvrp Generic Vlan Registration Protocol QinQ not supported in RS400 and RS8000/RS1600 families Edge Switch ROS 174 RS400 Traffic Domain Isolation Vlan Applications Reduced Hardware Administrative Convenience VLAN-aware Vlan ConfigurationSynopsis No, Yes Default Yes Global Vlan Parameters VID Static VLANs Vlan Name Synopsis Any 19 characters DefaultForbidden Ports Port Vlan Parameters Table Port Vlan Parameters VLANs Ports Synopsis Edge, Trunk Default EdgeSynopsis Untagged, Tagged Default Untagged Synopsis Adv&Learn, Adv Only, Disabled Default Disabled Dynamic Vlan SummaryExplicit Implicit Don’t need VLANs at all. How do I turn them off? Page Classes of Service Inspection PhaseCoS Operation Determining The CoS Of a Received Frame Forwarding Phase Global CoS Parameters CoS ConfigurationCoS Weighting Synopsis 8421, Strict Default Port CoS Parameter Table Port CoS Parameters Inspect TOS Default CoSSynopsis Normal, Medium, High, Crit Default Normal Priority to CoS Mapping Priority to CoS Mapping Form CoS TOS Dscp to CoS Mapping Table Dscp to CoS Mapping CoS Access Priorities Table CoS Access Priorities RS8000 and RS1600 families only Crit Access Priority Normal Access PriorityPage Router and Host Igmp Operation IgmpMulticast Filtering Active Mode Switch Igmp Operation Igmp Snooping Rules Passive ModeIgmp and Rstp Processing Joins Combined Router and Switch Igmp Operation Processing Leaves Configuring Igmp Parameters Multicast Filtering Configuration and Status Router Forwarding Multicast Filtering ModeQuery Interval Router Ports Synopsis ##-##-##-##-##-## where ## ranges 0 to FF Default Configuring Static Multicast GroupsMAC Address Viewing IP Multicast Groups Synopsis ##-##-##-##-##-## where ## ranges 0 to FFJoined Ports Troubleshooting Problem Six Page MAC Address Tables MAC Address Tables Synopsis Normal, Medium, High, Crit Viewing MAC AddressesSynopsis 0 to 65535 or Multi, Local Synopsis Static, Dynamic Age Upon Link Loss Configuring MAC Address Learning OptionsConfiguring Static MAC Address Table Synopsis 15 to Default 300 s MAC address that is to be statically configured Purging MAC Address Table Page Network Discovery Lldp Operation Network Discovery Menu Network Discovery Menu Tx Interval Reinit DelayTx Delay Global Lldp Parameters Port Lldp Parameters Table Port Lldp Parameters Lldp Global Remote Statistics Lldp Neighbor Information Lldp Statistics Page Remote Dial-in For Monitoring PPP over Modem OperationPPP over Modem Router Concentration Router Concentration Assigning IP Addresses For PPP 11.1.4 PAP/CHAP Authentication 11.1.4.1 Users ProfilesUsing PAP Using Chap Static Routes PPP Configuration Menu PPP Configuration Country Code Modem SettingsAT Commands Synopsis Any 48 characters Default Remote IP Address PPP ControlPPP Status Local IP Address PPP over Modem Server Name Synopsis Any 15 characters Default ServerOutgoing PAP Password Synopsis Any 15 characters Default User Name PPP Users Remote Subnet PPP over Modem PasswordSynopsis Any 9 characters Default Remote Net Synopsis 0 to 2147483647 bps or Offline PPP StatisticsCurrent Status Modem Speed PPP over Modem Tx LCP Packets AuthenticationConnected User Clearing PPP Statistics Resetting PPP Can connect to the server, but I can’t ping or telnet to it Am having performance problems Page Diagnostics Using the Alarm System Viewing and Clearing Alarms Active AlarmsPassive Alarms Alarms and the Critical Failure Relay Synopsis Any 127 characters Viewing CPU DiagnosticsTotal Powered Time Synopsis MMM DD Hhmm RAM Available Diagnostics CPU UsageTemperature RAM Total Viewing the System Log Viewing and Clearing the System Log Viewing Product Information Resetting the Device Loading Factory Default ConfigurationRS900 v2, 40-00-0066, RS900 v2 ROS 244 RS400 Using the CLI Shell Summary Of CLI Commands available in ROSEntering and Leaving the Shell Viewing Files Getting Help for a CommandListing files Pinging a Remote Device Viewing and Clearing Log FilesTracing Events Enabling Trace Displaying Trace settings Starting Trace Executing Commands Remotely Through RSHViewing Dhcp Learned Information Resetting the Device Upgrading Firmware and Managing Configurations Upgrading Firmware using XModemUpgrading Firmware Checking Status of Download Upgrading Firmware Using a Tftp Client on Your Workstation Example of an Upgrade using ROS Tftp Client Upgrading Firmware Using ROS Tftp Client Capturing Configurations with XModem Capturing ConfigurationsCapturing Configurations with Tftp Getting Started Using SQL CommandsFinding the Correct Table Retrieving Parameter from a Table Retrieving a Table with Where Clause Changing Values in a Table Setting Default Values in a Table Using RSH and SQL Using RSH and SQL Module Name Standard MIBsGroups Supported Proprietary MIB Module Name RuggedCom proprietary MIBs Appendix B Snmp Trap Summary IfInUcastPkts IfInErrorsTcpInSegs IfInOctets UdpNoPorts UdpInErrorsTcpRetransSegs UdpInDatagrams EtherStatsOversizePkts EtherStatsCRCAlignErrorsEtherStatsMulticastPkts EtherStatsUndersizePkts Dot1dTpPortOutFrames Dot1dBasePortDelayExceededDiscardsDot1dBasePortMtuExceededDiscards Dot1dTpPortInFrames IfHCOutBroadcastPkts RcDeviceStsTemperature 0x10 Request0x040x03 Response Modbus Memory Map AlarmsPage Serial Uint32 TextCmd Uint16 PSStatusCmd AlarmRead Data from device using PortCmd Performing write actions on the device using PortCmd See ROS Read Power Supply Status from device using PSStatusCmd See Lldp Msti Tagging 169