ubiquiti:vlan
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| ubiquiti:vlan [2020/12/10 00:17] – peter | ubiquiti:vlan [2020/12/10 01:30] (current) – [Ubiquiti - VLAN] peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Ubiquiti - VLAN ====== | ====== Ubiquiti - VLAN ====== | ||
| - | VLAN's and IP-intefaces: | + | VLANs (Virtual Local Area Networks), segregate traffic within a network. |
| + | |||
| + | They allow a single physical Ethernet network to appear to be multiple logical networks. | ||
| + | |||
| + | Benefits for using VLANs include: | ||
| + | |||
| + | * VLANs keep traffic from different networks separated from each other. | ||
| + | * They enhance network security by preventing wireless devices from accessing LAN resources. | ||
| + | * Increased performance by limiting broadcast domains. | ||
| + | |||
| + | While VLAN's are effective for separating network segments and limiting broadcast traffic, it is often a requirement for subnets separated by VLAN's to be able to communicate. | ||
| + | |||
| + | VLAN enabled ports are generally categorized in one of two ways, tagged or untagged. | ||
| + | |||
| + | * VLANs can be port-based (assigning a physical port on a device to a VLAN) or tag-based (tagging particular kinds of traffic with a VLAN tag, as defined by 802.1q). | ||
| + | |||
| + | Unifi, usually by default, have all switch ports able to consume both tagged and untagged traffic, but this can be modified. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Other Considerations ===== | ||
| + | |||
| + | * For greater security, no SSID should be untagged, i.e. be on the " | ||
| + | * The amount of broadcast traffic on the trunk port to which an AP is attached should be limited. | ||
| + | * Limiting broadcast traffic improves wireless performance. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ===== Common Terms ===== | ||
| + | |||
| + | |VLAN|Virtual Local Area Network, logical identifier for isolating a network.| | ||
| + | |Trunk|A port enabled for VLAN tagging.| | ||
| + | |Access|A port that does not tag and only accepts a single VLAN.| | ||
| + | |Encapsulation|The process of modifying frames of data to include additional information.| | ||
| + | |802.1Q|The most common encapsulation method for VLAN tagging.| | ||
| + | |Native VLAN|The VLAN associated with all untagged traffic on a trunk.| | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== VLAN's and IP-intefaces | ||
| * **VLAN** is a Layer 2 (L2) technology; data is sent between clients using mac-addresses. | * **VLAN** is a Layer 2 (L2) technology; data is sent between clients using mac-addresses. | ||
| Line 7: | Line 47: | ||
| * Only clients in the same VLAN and with IP-addresses in the same subnet, can send data to each other. | * Only clients in the same VLAN and with IP-addresses in the same subnet, can send data to each other. | ||
| * It is not possible to configure any DHCP on A VLAN, since VLAN is a L2 technology and DHCP requires an IP-interface, | * It is not possible to configure any DHCP on A VLAN, since VLAN is a L2 technology and DHCP requires an IP-interface, | ||
| - | |||
| * **IP-interfaces** is a Layer 3 (L3) technology; data is send between clients using IP-addresses. | * **IP-interfaces** is a Layer 3 (L3) technology; data is send between clients using IP-addresses. | ||
| + | ---- | ||
| + | |||
| + | ===== Summary of VLANs ===== | ||
| Ubiquiti always uses **VLAN 1** as the untagged native VLAN. | Ubiquiti always uses **VLAN 1** as the untagged native VLAN. | ||
| + | |||
| + | * Each VLAN is identified by a unique 802.1Q ID. | ||
| + | * VLAN IDs are 1 through 4094. | ||
| ---- | ---- | ||
| - | [[Ubiquiti: | + | [[Ubiquiti: |
| ---- | ---- | ||
ubiquiti/vlan.1607559434.txt.gz · Last modified: 2020/12/10 00:17 by peter