VLAN : A VLAN is simply an administratively defined subset of switch ports that are in the same broadcast domain.

Create VLAN :  You can create a VLANs. Each VLAN must be configured with a unique VID (VLAN ID) with a value from 2 to 4094.

VLAN Configuration :  VLAN configuration lets you assign ports on the switch to a VLAN with an ID number in the range of 1–4094. By default, all ports are members of VLAN 1.

Membership: After you create a new VLAN ID, use the VLAN membership option to add ports to the VLAN.

Port Setting: For setting ports for mode like Hybrid, Access, Trunk, Tunnel and also PVID (1-4094).

Voice VLAN:  The voice VLAN feature can help ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high.

Property : You can select one VLAN as the voice VLAN, select the Class of Service (CoS) for voice traffic, and enable or disable the voice VLAN for specific ports that carry traffic from IP phones.

Voice OUI: Automatic assignment of traffic to Voice VLAN is done using the Organizationally Unique Identifier (OUI) MAC Address. The first three bytes in a MAC address contain the manufacturer ID (Organizationally Unique Identifiers - OUI) and the last three bytes contain a unique station ID.

Protocol VLAN: A protocol-based VLAN processes traffic based on protocol. You can use a protocol-based VLAN to define filtering criteria for untagged packets. If you do not change the port configuration or configure a protocol-based VLAN, the switch assigns untagged packets to VLAN 1.

Protocol Group :--> Groups of protocols can be defined and then bound to a port. After the protocol group is bound to a port, every packet originating from a protocol in the group is assigned the VLAN that is configured in the Protocol-Based Groups page.

Group Binding:-->To add group binding for available ports after selection to particular VLAN for a specific group ID.

MAC VLAN : You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to VLAN configurations are shared across all ports of the device

MAC Group :-->When a frame is received from a VLAN that is configured to forward , based on MAC group addresses

Group Binding--> Group Id can map the MAC addresses.

Surveillance VLAN: Surveillance VLAN function ensures the quality of real-time video for monitoring and control without compromising the transmission of conventional network data. This is a special feature of E2000 series Switches.

Property: VLAN configuration for CCTV is very important to protect the IP cameras against unauthorized access and also to separate the security camera system from other computers and devices that are connected to the IP network.

Surveillance OUI: IP surveillance cameras of multiple manufacture having different OUI . You can add a specific manufacturer with the OUI. Surveillance cameras will transmit their data on a Surveillance VLAN.

GVRP: The GVRP page displays information regarding GARP VLAN Registration Protocol (GVRP) frames that were sent or received from a port. GVRP is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information on switches.

Property: GARP VLAN Registration Protocol (GVRP) is required for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP helps VLAN-aware bridges to automatically learn VLANs to bridge ports mapping. Individual configuration of each switch and VLAN membership registration is not required.

Membership: GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.

Statistics: This page shows information for VLAN Configuration like VLAN creation, to assign VLAN Membership, assign per port VLAN configurations.

5.1 VLAN        

VLAN (Virtual Local Area Network) logically divide one LAN (Local Area Network) into a plurality of subsets, and each subset will form their own broadcast area network. In short, VLAN is a communication technology that logically divide one physical LAN into multiple broadcast area network (multiple VLAN). Hosts within a VLAN can communicate directly. But VLAN groups can not directly communicate with each other. So it will limit the broadcast packets within a VLAN. Since it cannot directly access between VLAN groups, thus it improves network security.

5.1.1 Create VLAN

This page allows user to add or delete VLAN ID entries. Each VLAN entry has a

unique name, user can edit VLAN name in edit page.

To Create VLAN, click VLAN >> VLAN >> Create VLAN

Fig 5.1.1 Create VLAN Default Page

VLAN Creation:

• Click on “Create VLAN” from menu, select the “Available VLAN” from the list, then Press “>” button & select required VLAN click on “Apply”.
• To change default name of VLAN, Select the VLAN ID & click on “Edit “from VLAN Table, Enter the Name for VLAN & Click on “Apply”.

Fig 5.1.2 VLAN Page after VLAN creation

Fig 5.1.3 VLAN Default name after VLAN creation

Fig 5.1.4  Edit VLAN name after VLAN creation

Fig 5.1.5  VLAN Table after VLAN name change page

5.1.2 VLAN Configuration

This page allow user to configure the membership for each port of selected VLAN.

For VLAN Configuration, click VLAN >> VLAN Configuration.

Click on “Create VLAN” from menu, Select “VLAN” name from Drop down & Select “Untagged” option on the Ports which required to add to the VLAN, then Click on “Apply”.

Fig 5.1.6  VLAN configuration table page

Fig 5.1.8 VLAN  Selection tap on VLAN configuration table page

Fig 5.1.9 VLAN  configuration for Ports selection page

5.1.3 Membership

This page allow user to view membership information for each port and edit

membership for specified interface.

For VLAN Membership page, click VLAN >> Membership

Fig 5.1.10 VLAN  Membership table age

Fig 5.1.11 VLAN membership to be changed for selected port GE8  page

Fig 5.1.12 Edit VLAN membership for selected port GE8 page

Fig 5.1.13 VLAN 3 membership for Port GE8 table page

5.1.4 Port Setting

This page allow user to configure ports VLAN settings. The attributes depend on different VLAN port mode.

For Port Setting page, click VLAN >> Port Setting

Fig 5.1.14 VLAN port setting table page

Fig 5.1.15 VLAN port setting for selected port  page

Fig 5.1.16 Edit  port setting for selected ports page

Fig 5.1.17 After Editing  port setting for selected ports page

5.2 Voice VLAN

In a LAN, voice devices, such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN. This VLAN is referred as the voice VLAN. Voice VLAN allows you to easily prioritize IP voice traffic through the switch. This page shows the configuration to enable the functional Voice VLAN on the device.

Voice VLAN can propagate the CoS/802.1p and DSCP settings by using LLDP[1]MED Network policies. The LLDP-MED is set by default to response with the Voice QoS setting if an appliance sends LLDP-MED packets. MED-supported devices must send their voice traffic with the same CoS/802.1p and DSCP values, as received with the LLDP-MED response.

You can disable the automatic update between Voice VLAN and LLDP-MED and use his own network policies. Working with the OUI mode, the device can additionally configure the mapping  and remarking (CoS/802.1p) of the voice traffic based on the OUI. By default, all interfaces are CoS/802.1p trusted. The device applies the quality of  service based on the CoS/802.1p value found in the voice stream. In Auto Voice VLAN, you can override the value of the voice streams using advanced QoS. For Telephony OUI voice streams, you can override the quality of service and optionally remark the 802.1p of the voice streams by specifying the desired CoS/802.1p values and using the remarking option under Telephony OUI.

5.2.1 Property

Voice VLAN Configuration:

Click on “Voice VLAN”, then “Property” from menu, Select/Deselect “State” to Enable/Disable, then select “VLAN” name from dropdown, Select “CoS/802.1p Remarking” & Click on “Apply”.

Configuration object and description:

CoS/802.1p: Select a CoS/802.1p value that to be used by LLDP-MED as a voice network policy. This page allow user to configure global and per interface settings of voice VLAN. For Voice VLAN Property, click VLAN>> Voice VLAN>> Property.

 Fig 5.2.1 Default Voice VLAN state setting table page

Fig 5.2.2  Changeing Voice VLAN setting CoS/802.1p Remarking  page

Fig 5.2.3 Voice VLAN setting CoS/802.1p Remarking  page

Fig 5.2.4 Voice VLAN Edit port setting page

Fig 5.2.5  Voice VLAN  Port setting table page

5.2.2 Voice OUI

Voice OUIs are assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority. Since the number of IP phone manufacturers is limited and well-known, the known OUI values cause the relevant frames, and the port on which they are seen, to be automatically assigned to a Voice VLAN. Organizationally Unique Identifiers (OUI) are the first three bytes of a MAC Address, while the last three bytes contain a unique station ID. You can add a specific manufacturer with the OUI. Once the OUI is added, all traffic received on voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN. Unlike the telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on auto smartport to dynamically add the ports to the voice VLAN.

This page allow user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined OUI MAC address. This page shows the configuration to enable the functional OUI Voice VLAN on the interfaces.

For Voice OUI, click VLAN >> Voice VLAN >> Voice OUI.

Fig 5.2.6 Voice VLAN Voice OUI Table page

Fig 5.2.7 Selecting Voice VLAN Voice OUI  page

Fig 5.2.8 Voice VLAN Add Voice OUI  page

Fig 5.2.9 Voice VLAN  Voice OUI Table  page

5.3 Protocol VLAN

A protocol-based VLAN processes traffic based on protocol. You can use a protocol-based VLAN to define filtering criteria for untagged packets. The protocol VLAN defines the protocol profile, which comprises the frame encapsulation and protocol type. One port can be configured with several protocol profiles. When the protocol VLAN is enabled on the port, the protocol profile is configured on the port.

5.3.1 Protocol Group

It shows the configuration to add protocol VLAN group with specified prototype and value. This page allow user to add or edit groups settings of protocol VLAN. For Protocol Group , click VLAN >> Protocol VLAN >> Protocol Group.

Fig 5.3.1 Default Protocol VLAN Protocol Group Table page

Fig 5.3.2 Add Protocol group page

Fig 5.3.3   Protocol group table page

5.3.2 Group Binding

This page allow user to bind protocol VLAN group to each port with VLAN ID.

For Group Binding , click VLAN>> Protocol VLAN >> Group Binding.

Fig 5.3.5 Default Group Binding Table page

Fig 5.3.5  Add Group Binding page

Fig 5.3.7  Group Binding  for hybrid port page

5.4 MAC VLAN

The MAC-based VLAN classification enables packets to be classified according to their source MAC address. MAC-based VLAN is to divide VLAN ID to the packet according to the source MAC address of the untag packet received by the port.

5.4.1 MAC Group

This page allow user to add or edit groups settings of MAC VLAN.

For MAC page , click VLAN >> MAC VLAN >> MAC Group.

Fig 5.4.1  Default MAC Group Table page

Click on “MAC Group” from menu, Click on “Add”, then select “Group ID”, “MAC Address” & ”Mask” value  and Click on “Apply”.

Fig 5.4.2 Add MAC Group ID page

Fig 5.4.3 Mac Group table page

5.4.2 Group Binding

 This page create MAC-based VLAN groups and map them to a specific interface (Ports/LAG).

Fig 5.4.5 Blank Group binding table page

Fig 5.4.5 Blank Group binding for hybrid ports page

5.5 Surveillance VLAN

Surveillance VLAN is a feature that allows you to automatically place the video traffic from IP cameras to an surveillance  VLAN to enhance the IP surveillance service. With a higher priority and individual VLAN, the quality and the security of surveillance traffic are guaranteed. VLAN configuration for CCTV or Surveillance cameras are very important to protect the IP cameras against unauthorized access and also to separate the security camera system from other computers and devices that are connected to the IP network. E2000 series switches supports Surveillance VLAN feature. The surveillance devices  can be put in Surveillance VLAN which segmenting their traffic from the rest of the network. The ensures security of the data, but also gives the traffic a higher priority through the switch, reducing the chances of the video freezing or being delayed on live streams. This page shows configuration to enable the functional Surveillance VLAN on the device. By default Surveillance VLAN are disabled and by default setting of CoS / 802.1p remarking of 6.

To configure and view Surveillance VLAN, click VLAN>>Surveillance VLAN.

5.5.1 Property

To configure Surveillance VLAN property and view surveillance VLAN port setting , click VLAN>>Surveillance VLAN>>Property.

Fig 5.5.1 Surveillance VLAN Property  page

Surveillance VLAN Configuration:

Click on “Surveillance VLAN”, then “Property” from menu, Select/Deselect “State” to Enable/Disable, then select “VLAN” name from dropdown, Select “CoS/802.1p Remarking” & Click on “Apply”.

Configuration object and description:

CoS/802.1p: Select a CoS/802.1p value that to be used by LLDP-MED as a voice network policy.

Fig 5.5.2 Surveillance VLAN port setting page for selected GE4 port

Fig 5.5.3 Surveillance VLAN Edit port setting  for GE8 port  page

Fig 5.5.4 Surveillance VLAN Port setting table  GE8 port enabled for Video packet

5.5.2 Surveillance OUI

The first six digits of a MAC are called the OUI, and each manufacturer is assigned one or more unique identifiers. For example, these are the OUIs of some common cameras manufacturers. Analog cameras (whether SD or HD), by definition of being analog, do not have or need IP addresses since they have no network interface. However, analog cameras are generally connected to recorders or encoders that do have network interfaces and therefore use IP addresses. To configure and view Surveillance OUI , click VLAN>>Surveillance VLAN>>Surveillance OUI.

Fig 5.5.5 Surveillance OUI Table page

Fig 5.5.6 Add Surveillance OUI page

Fig 5.5.7 Surveillance OUI Table page

5.6 GVRP

The GVRP is an IEEE 802.1Q-compliant method for facilitating automatic (dynamic) VLAN membership configuration. GVRP-enabled switches can exchange VLAN configuration information with other GVRP-enabled switches. Policy rules or other network management methods can determine who is admitted to a VLAN.

Adjacent VLAN-aware devices can exchange VLAN information with each other

by using the Generic VLAN Registration Protocol (GVRP). GVRP is based on the

Generic Attribute Registration Protocol (GARP) and propagates VLAN information

throughout a bridged network. Since GVRP requires support for tagging, the port must be configured in Trunk mode. GVRP—VLAN was dynamically created through Generic VLAN Registration Protocol (GVRP). VLANs on a device can be created statically or dynamically, based on the GVRP information exchanged by devices. A VLAN can be static or dynamic (from GVRP).GVRP must be activated globally as well as on each port. When it is activated, it  transmits and receives GARP Packet Data Units (GPDUs). VLANs that are defined but not active are not propagated. To propagate the VLAN, it must be up on at least one port.

By default, GVRP is disabled globally and on ports. This page shows GVRP configuration. Disable GVRP will clear all learned dynamic VLAN entry and do not learn dynamic VLAN anymore.

To configure and view Generic VLAN Registration Protocol (GVRP), click VLAN>>GVRP.

Fig 5.6.1 GVRP Function.

5.6.1 Property

By default GVRP is disabled in COMMANDO E2000 Series Switches. To Enable, configure GVRP Property and view GVRP Port setting, click VLAN>>GVRP>>Property.

Fig 5.6.1 Default GVRP Property  page

Fig 5.6.2 GVRP Property Port setting table selecting GE2 and GE3 ports page

Fig 5.6.3 GVRP Property Edit Port setting for GE2 and GE3 ports page

Fig 5.6.4 GVRP Property Port setting table after enabled GE2 and GE3 ports page

5.6.2 Membership

GARP VLAN Registration Protocol (GVRP) is required for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP propagates VLAN membership throughout a network. GVRP allows end stations and switches to issue and revoke declarations relating to VLAN. GVRP provides dynamic registration of VLAN membership; therefore, members can be added or removed from a VLAN at any time.

To view GVRP Membership , click VLAN>>GVRP>>Membership.

Fig 5.6.5 GVRP Membership Default page

5.6.3 Statistics

The GVRP statistics include those GARP packets sent or received that are exchanging VLAN information by using GVRP. To view GVRP statistics , click VLAN>>GVRP>>statistics.

Fig 5.6.7 Default GVRP statistics  page

Fig 5.6.8 GVRP  statistics for particular port page