Huawei network devices can be configured with four types of interfaces: access, trunk interface, hybrid interface, and QinQ interface. To enable communication between these hosts, interfaces between switches must be able to identify and send frames of multiple VLANs. Hosts in the same VLAN may be connected to different switches, in which case the VLAN spans multiple switches. To enable communication between the switch and these devices, the switch interfaces must be able to identify whether an Ethernet frame is tagged, and then decide whether to add VLAN tags to or remove VLAN tags from the frames. All frames processed on a switch carry VLAN tags, but some devices connected to a switch cannot process tagged frames. This rule will allow the access to the internet through the ZyXEL appliance (if device is a gateway).The VLAN ID (VID) field in a data frame identifies the VLAN to which the data frame belongs (the VLAN in which the data frame can be transmitted). For “From” select the VLAN zone this particular rule will be for. Make sure the rule enable box is checked. Go to Configuration → Security Policy → Policy Control and click the Add button to insert the rule(s). Once the VLAN is created you need to add policy control rule(s) to allow the VLAN to WAN traffic.
![vlan router configuration vlan router configuration](https://i.ytimg.com/vi/kGMLJcrbXb0/hqdefault.jpg)
You can also configure DHCP server settings if you want the ZyXEL appliance to distribute IP addresses to the devices connecting to the VLAN. Because the VLAN is on the LAN side the “Interface Type” will be INTERNAL, the “Zone” will be one of the zone objects you created in Step A, the “Base Port” is the interface the switch with the VLAN’s is connected to (LAN1, LAN2 DMZ, etc.), specify the VLAN ID and the IP address the device will use on this particular VLAN. Once you have added the zones for the VLANs go to Configuration → Network → Interface → VLAN to add the VLAN interfaces. Creating a zone for each of the VLANs will allow us to continue keeping them separate from each other (segregated). NXC5500 – Firmware version 4.10 and newer Step A – Zone Setupīefore we can begin to configure the VLANs on the ZyXEL appliance we will need to create a zone for each of the VLANs, go to Configuration → Object → Zone to add a zone for each VLAN. NXC2500 – Firmware version 4.10 and newer UAG5100 – Firmware version 4.10 and newer UAG4100 – Firmware version 4.10 and newer UAG2100 – Firmware version 4.10 and newer USG2200-VPN – Firmware version 4.20 and newer USG20W-VPN – Firmware version 4.16 and newer USG20-VPN – Firmware version 4.16 and newer USG 1900 – Firmware version 4.10 and newer USG 1100 – Firmware version 4.10 and newer USG 310 – Firmware version 4.10 and newer USG 110 – Firmware version 4.10 and newer USG 60W – Firmware version 4.10 and newer
![vlan router configuration vlan router configuration](https://i.ytimg.com/vi/uU1CRuuSBQo/maxresdefault.jpg)
USG 40W – Firmware version 4.10 and newer USG 40HE – Firmware version 4.10 and newer ZyWALL 1100 – Firmware version 4.10 and newer ZyWALL 310 – Firmware version 4.10 and newer
![vlan router configuration vlan router configuration](https://1.bp.blogspot.com/-KzW7-ehniGc/XBel5mDH_xI/AAAAAAAAAR8/Avfcx1CMcTYeBGUwa9RX0EcStlhOn9MmQCLcBGAs/s1600/INTERVLAN%2BROUTING%2BSEPARATE%2BPHYSICAL%2BGATEWAYS.png)
ZyWALL 110 – Firmware version 4.10 and newer With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router. Stations on a logical network belong to one or more groups. OverviewĪ VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Please keep in mind that the appliance is VLAN aware only, you still need a managed switch to create the VLANs. This walkthrough will guide you through the configuration setup of VLANs on the ZLD Appliance.