3Com 4.2.2 Marine Radio User Manual


 
Configuring Policy-based VLAN Auto-configuration 4-25
auto-configuration can be extended to include protocol-based VLAN
auto-configuration and application-based VLAN auto-configuration.
Automatic
Configuration of
VLANs and Network
Security
One of the most important considerations in automatic VLAN
configuration is network security. Network administrators must have
complete control over how known users access and use the network. In
addition to this, administrators must also have complete control over who
accesses the network and the times and locations where the network was
accessed from. Network intrusions must be detectable and dealt with
automatically.
When devices are setup for auto configuration based on a policy, all
unused ports, or ports whose link status is down, are automatically
placed in the default VLAN. The ports are moved out of the default VLAN
only when a recognized endstation or user connects to a port. This
ensures that unknown users do not have access to all VLANs in the
network. The default VLAN can be secured by not enabling any network
services within this VLAN, as well as not as connecting the default VLAN
to the rest of the routed network.
VLAN Server and
Automatic VLAN
Configuration
The VLAN server is a parameter database or repository that holds the
VLAN mapping information. The VLAN Server is an important component
of the VLAN auto-configuration system. Devices that support VLAN
auto-configuration query the VLAN Server to resolve the VLAN mapping
information based on a pre-defined policy or criteria. For example:
Devices that enforce the MAC address based automatic VLAN
configuration policy query the VLAN server to resolve MAC address to
VLAN mapping. The VLAN Server may contain VLAN mapping
information based on MAC address, IP subnet, Protocol type etc.,
depending on what policies are enforced on the network
There are two types of VLAN servers currently implemented:
1 Stand-alone NT based VLAN Server.
2 Integrated TEM/Unix or TEM/NT based VLAN server.
Stand-alone NT based VLAN Server.
This server is used by SuperStack II Switch1000/3000 and Desktop
switches when configured in AutoSelect Mode, to execute automatic
VLAN configuration based on MAC addresses. See the description of
AutoSelect Mode VLAN configuration.