How To Cyberoam Virtual LAN in Cyberoam

Applicable Version: 10.00 onwards

Overview
This article documents how to implement IEEE 802.1Q Virtual LAN (VLAN) technology between
Cyberoam appliance and 802.1Q-compliant devices, such as Cisco switches and routers.

Virtual Local Area Networks (VLANs) use tag-based LAN multiplexing technology to simulate multiple
LANs within a single physical LAN using IP header tagging. VLAN ID/tags are 4-byte frame
extensions that contain a VLAN identifier as well as other information.

VLANs multiply the capabilities of Cyberoam appliance. VLAN tags added to network frames
increases the number of network interfaces (ports) beyond the available physical ports on the
Cyberoam appliance.

Advantages of VLANs

- Increased Port density
- Logical segmentation of Network irrespective of physical placement
- Granular security on heterogeneous LANs
- Improved Network throughput as VLAN confines broadcast domain

Using VLANs, a single Cyberoam appliance can provide security services and control connections
between multiple domains. Traffic from each domain is given a different VLAN ID. Cyberoam can
recognize VLAN IDs and apply security policies to secure network between domains. Cyberoam can
also apply authentication, various policies, and firewall rule features for network.
Scenario
Configure VLANs on LAN Port C in Cyberoam.
Configuration
The entire configuration is to be done from Cyberoam Web Admin Console using profile having read-
write administrative rights for relevant feature(s).
Configure VLAN
Go to Network > Interface > Interface and click Add VLAN to configure a VLAN according to
parameters given below.


How To Configure Virtual LAN in Cyberoam
How To Cyberoam Virtual LAN in Cyberoam




Parameter Description

Parameters Value Description
Physical Interface PortC 1.1.1.1
Select parent Interface for the virtual sub-
interface. Virtual sub-interface will be the member
of selected physical Interface/Port.
Zone LAN
Select a Zone to assign to the virtual sub-
interface.
IP Assignment Static Select IP Assignment type.
VLAN ID 10
Specify VLAN ID. The interface VLAN ID can be
any number between 2 and 4094. The VLAN ID of
each Virtual sub-interface must match the
VLAN ID of the packet. If the IDs do not match,
the virtual sub-interface will not receive the VLAN
tagged traffic.
IP Address 10.10.10.1
Specify IP Address for the interface. Only static IP
Address can be assigned.
Netmask /24 (255.255.255.0) Specify Network Subnet mask.



Click OK to save VLAN.
How To Cyberoam Virtual LAN in Cyberoam





Note:
After VLAN has been created successfully, make sure that you create ACL/Firewall Rules for VLANs
to communicate between the VLANs.


Document Version: 2.0 04/09/2013