Complete PDF manual
PDF of this chapter

Port-Based VLAN Example Configuration

This example demonstrates how the port-based VLANs work to meet your needs.

In this example, you create four new VLANS, you change the port membership for default VLAN 1, and you assign port members to the four new VLANs:

In the Basic VLAN Configuration screen (see Basic-VLAN Configuration), create the following VLANs, each with a defined description:
A VLAN with VID 1. Enter the following description: IT.
A VLAN with VID 2. Enter the following description: Sales.
A VLAN with VID 3. Enter the following description: Market.
A VLAN with VID 4. Enter the following description: Account.
In the VLAN Membership screen (see Advanced-VLAN Membership) specify the VLAN membership as follows:
For the default VLAN with VID 1 (IT), remove all members except for port 7 and port 8. (All ports were automatically assigned to the default VLAN.)
For the VLAN with VID 2 (Sales), specify the following members: port 1, port 2, port 3, and port 8.
For the VLAN with VID 3 (Market), specify the following members: port 2, port 3, port 4, and port 8.
For the VLAN with VID 4 (Account), specify the following members: port 5, port 6, and port 8.

In this example, the specified VLANs and ports have the following functions:

For the VLAN with VID 1, port 7 is used by the IT department to monitor and control activities on all other VLANs.
For the VLAN with VID 2, port 1 is used by the Sales department, port 2 connects to the file archives, and port connects to the printer server.
For the VLAN with VID 3: port 4 is used by the Marketing department, port 2 connects to the file archives, and port connects to the printer server. The file archives and the printer server are shared with the Sales department,
For the VLAN with VID 4: port 5 and port 6 are used by the for Accounting department. Its work is kept secret from other departments except for the IT department.
For all VLANs: port 8 provides Gigabit speed for an e-mail server and an Internet connection and is accessible to all departments.
With the VLAN configuration that you set up, the following situations produce results as described:

If a packet comes in on port 1, it can go to ports 1, 2, 3, and 8, as these ports are the only ports in the VLAN with VID 1. A Sales person who uses port 1 can access the Internet, send and receive e-mail, and access the file archives and print server, but cannot access ports that are assigned to the Marketing and Accounting departments.
If a Marketing person sends a broadcast message, the Sales and Accounting departments are not affected by the message, because it does not go out on their ports. Only the Marketing department and the IT group receive the broadcast message.
If an IT person sends a broadcast message, everyone receives it.