In what scenario will I need to use IP subnet based VLAN?

Since Zyxel switches have a function called IP subnet based VLAN. When will I implement this feature?

Overview

Subnet based VLANs allow users to group traffic into logical VLANs based on the source IP address and IP subnet. When a frame is received on a port, the switch checks which IP subnet it came from and what the source IP address is. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN. The most significant advantage of using subnet based VLANs is that the priority can be divided and tuned based on which VLAN the traffic belongs to.

 

Scenario

Consider the following topology:

 

Purpose

Traffic from VoIP phone (source IP: 192.168.1.10) will be categorized into VLAN3.

Traffic from IPTV (source IP: 192.168.5.10) will be categorized into VLAN4.

Traffic from the PC (source IP: 192.168.10.10) will be categorized into VLAN5.

 

When there are different IP service requirements behind a modem (e.g. VoIP, IPTV, and Common data networking), to separate the IP services in the edge site, we can classify different VLANs for each IP service.

 

By distinguishing each service, Service Providers can do further policy controlling for each VLAN.

 

In this topology, three IP services are needed by the customer: VoIP, IPTV, and general network access. Each client belongs to different IP subnets. We can achieve this by using the switch with the IP Subnetting VLAN function.

 

Skip to configuration via CLI

 

Configuration using the web GUI

Step 1: Connect the MGMT port to a PC or Notebook with the RJ45 Cable.

 

Step 2: The default MGMT IP address of the out-band port is 192.168.0.1/24
The out-band port has a different default IP for the web GUI than your client ports. The main difference is, that when you change something for VLAN on the client ports, it won't apply for the out-band port.

 

Step 3: Set your NIC to192.168.0.100/24

 

Step 4: Open an Internet browser (e.g. IE) and enter http://192.168.0.1 into the URL field.

 

Step 5: By default, the username for the administrator is admin and the password is 1234.

 

Step 6: After successfully logging in you will see a screen similar to the one below.

 

Step 7: Go to the Static VLAN page by clicking Advanced Application > VLAN > Static VLAN.

 

Step 8: Create VLAN3, including port 1 and port 2.

1. Port 1 connects to the modem and packets going in and out of this port shouldn't have VLAN tags.
2. Port 2 connects to the router in the CO, and packets going in and out of port 2 should have different VLAN tags according to its IP address.

 

Step 9: Create VLAN4, including port 1 and port 2.

1. Port 1 connects to the modem and packets going in and out of this port shouldn't have VLAN tags.
2. Port 2 connects to the router in the CO, and packets going in and out of port 2 should have different VLAN tags according to its IP address.

 

Step 10: Create VLAN5, including port 1 and port 2.

1. Port 1 connects to the modem and packets going in and out of this port shouldn't have VLAN tags.
2. Port 2 connects to the router in the CO, and packets going in and out of port 2 should have different VLAN tags according to its IP address.

 

Step 11: Go to VLAN Port Setting by clicking on the Advanced Application > VLAN > VLAN Port Setting.

Step 12: Go to the Subnet Based VLAN.

 

Step 13: In the Subnet Based VLAN, first we have to activate this function. Check the Active check box to enable it.

 

Step 14: Create the Subnet Based VLAN entry for the VoIP phone.

Here we see that packets from 192.168.1.10/24 will be attached with a VLAN tag 3 and its priority will be set to 2.

 

Step 15: Create the Subnet Based VLAN entry for the IPTV device.

Here we see that packets from 192.168.5.10/24 will be attached with a VLAN tag 4 and its priority will be set to 5.

 

Step 16: Create the Subnet Based VLAN entry for the PC.

Here we see that packets from 192.168.10.10/24 will be attached with a VLAN tag 5 and its priority will be set to 7.

 

Configuration using the CLI

vlan 1

  name 1

  normal    

  fixed 1-28

  forbidden    

  untagged 1-28

  ip address 192.168.1.1 255.255.255.0

exit

vlan 3

  name  VLAN 3  

  normal 3-28

  fixed 1-2

  forbidden    

  untagged 1

exit

vlan 4

  name  VLAN 4  

  normal 3-28

  fixed 1-2

  forbidden    

  untagged 1

exit

vlan 5

  name  VLAN 5  

  normal 3-28

  fixed 1-2

  forbidden    

  untagged 1

exit

interface route-domain192.168.1.1/24

exit

ip address 192.168.0.1255.255.255.0

subnet-based-vlan

subnet-based-vlan name VoIP source-ip 192.168.1.10 mask-bits 24 vlan 3 priority 2

subnet-based-vlan name IPTV source-ip 192.168.5.10 mask-bits 24 vlan 4 priority 5

subnet-based-vlan name PC source-ip 192.168.10.10 mask-bits 24 vlan 5 priority 7

 

KB-00075