The following configuration can be performed in order to customize the VLAN-based switching operation of the unit:

Switch default configuration works as transparent Layer 2 bridge. Therefore, by default any frames with any VLAN tags and untagged frames too will flow freely through wireless link.

VLAN Management

It is possible to add VLAN management configuration and to keep transparent Layer 2 bridging operational.

Go to the "Network Access" → "Network Settings", add IP address and associate it with VLAN 100 (example), click the "Apply" button.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_15-23-43.png

Now, our unit has two management interfaces:

10.10.10.12 for untagged frame.
192.168.103.38 for VLAN 100.

Security considerations imply to remove management interface for untagged frames, leaving only management VLAN access operational. Such configuration do not allow to restrict any other VLAN transport except management VLAN. In order to allow switching of selected VLANs only, please proceed to the next chapters.

VLAN Creation

"Default VLAN" with "Untagged" mode for all ports is configured by default.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_15-33-18.png

"Default VLAN" could not be deleted.

In the section "Switch" → "VLAN-based Switching" enable VLAN-based Switching. Now only traffic based on connectivity matrix and VLAN is allowed.
Click the “Add VLAN” button, "VLAN 2" is added by default.
Modify the value for the VLAN tag according to the actual requirements.
Select VLAN mode.
Set the priority for the selected VLAN.
In the section "Radio" → "Radio Setting" enable "Traffic Prioritization".

VLAN modes and mapping between 802.1p priorities and 4 queues can be found in the section "Switch".

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_15-51-34.png

In order to allow both tagged and untagged traffic to pass the "Untagged" mode should be configured on selected VLAN. There can be maximum one VID for each port in "Untagged" mode.

Choosing the "Access" mode for a specific port will automatically disable all VLANs on that port.

Examples

Both tagged and untagged traffic transmission

"ge0" allows to pass tagged traffic VLAN 100 and VLAN 200.
"ge1" allows to pass traffic from untagged VLAN 100 and tagged VLAN 200.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-35-47.png

VLAN for management and traffic forwarding

This document uses the following network setup:

VLAN 100 is a management VLAN.
VLAN 200 is a data VLAN.

Configuration steps:

Connectivity Matrix configuration.
Set up management.
Set up traffic forwarding.

Connectivity Matrix configuration

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-44-41.png

Set up management

Go to the "Network Access" → "Network Settings", add IP address and associate it with VLAN 100, click the "Apply" button.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-51-22.png

Configured IP address could not be used for management if you begin by enabling the VLAN-based switching and remove the "Untagged" mode. The access to the unit is allowed using initial IP address, in this case 10.10.10.12.

In the section "Switch" → "VLAN-based Switching" enable VLAN-based Switching.
Add VLAN 100 and allow it to pass through ports "ge0", "mgmt" and "radio".
Set "off" mode on all "Default VLAN" ports.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-58-8.png

Set up traffic forwarding

Add VLAN 200 and allow it to pass through ports "ge0" and "radio", click "Apply".

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_17-7-51.png

At this point, the access to the unit is allowed using only VLAN 100 and the newly assigned IP address. Traffic tagged with VLAN 200 will be switched only between the "ge0" and the "radio" ports. Untagged traffic or tagged traffic with other VLANs besides 100 or 200 is not allowed.

Trunk and Trunk VLAN

Installation which requires VLAN tagged frames to flow in both directions through the unit wireless link, does not require any specific configuration. Just due to security reasons it is recommended to set up Management VLAN. All the rest configurartion is not needed in most cases, except the issue to deny certain VLANs. Please, use the configuration steps from chapter VLAN Management.

Access and Trunk VLAN

One unit receives VLAN tagged frames from switch trunk port (port configured to carry frames with different VLAN tags), another unit connects with end-customer LAN with requirement to egress untagged frames from certain VLAN only.

Infinet Wireless: Technical Documentation > VLAN Switching > Trunk and access VLAN example.jpg

XG1 Configuration
XG2 Configuration

XG1 Configuration

Configure Connectivity Matrix
Go to the "Network Access" → "Network Settings", add IP address and associate it with VLAN 100, click the "Apply" button.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-51-22.png

In the section "Switch" → "VLAN-based Switching" enable VLAN-based Switching.
Add VLAN 100 with "Tagged" mode on the ports "ge0", "mgmt" and "radio".
Add VLAN 200 with "Tagged" mode on the ports "ge0" and "radio".
Set "off" mode on all "Default VLAN" ports.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_17-19-20.png

XG2 Configuration

Configure Connectivity Matrix
Go to the "Network Access" → "Network Settings", add IP address and associate it with VLAN 100, click "Apply".

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_16-51-22.png

In the section "Switch" → "VLAN-based Switching" enable VLAN-based Switching.
Add VLAN 100 with "Tagged" mode on the ports "mgmt" and "radio".
Add VLAN 200 with "Access" mode on the port "ge0" and "Tagged" on "radio".
Set "off" mode on all "Default VLAN" ports.

Infinet Wireless: Technical Documentation > VLAN Switching > image2017-8-15_17-23-7.png

At this point, the access to the unit is allowed using only VLAN 100 and the newly assigned IP address. Traffic tagged with VLAN 200 will be received by "radio" port and switched untagged to customer’s LAN through "ge0" port.