Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

VLAN tag manipulation

Follow
Avatar
Neil

I can't find the answer to these anywhere so thought I'd ask. 

Let's say I have this network, with the Firewalla ports 2 & 3 configured in a VLAN network (VLAN 20): 


And a request is sent from Device A to Device B. Switch X will tag the outgoing frames with VLAN 20 when sending data to the Firewalla via the trunk port. So Firewalla knows it's for VLAN 20. 

Question 1 What does the Firewalla do with these frames before sending them to Switch Y? My understanding is that a router will strip off the frame header and replace it, meaning that the VLAN tag gets removed. But that would mean that Switch Y doesn't know which VLAN the frames are destined for. Does the Firewalla tag the frames sent to Y with the VLAN ID of the VLAN network? 

And similarly: 

Question 2 What happens to requests from Device A to the internet (over NAT), specifically what happens to frames received back from the internet? These will enter the network via the Firewalla. Does the Firewalla (e.g. via the NAT table or some other means) know that the device the frames are destined for is VLAN 20, and can therefore tag the frames with VLAN 20?

I know these might be novice questions, but I'm trying to plan whether I need resort to Native VLANs (e.g. if the Firewalla isn't tagging the frames)

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Csimet
    • Edited

    Question 1:  Since both Firewalla ports are trunks (one to each switch) and have VLAN20 on them, Firewalla doesn't do anything with the traffic between device A and B.  It switches (bridges) the traffic with no need to act on it since it is not being routed to another network, preserving the VLAN20 tag.  Those switches apply and strip the tagging.  Firewalla may collect data/stats on the traffic, but does not act on it... no rules since the traffic does not leave the (V)LAN.

     

    Question 2: Yes, Firewalla NAT builds a table of sources so it can direct traffic coming back to the proper internal source, even if it needs to apply a VLAN tag. 

    Remember that Firewalla natively handles VLAN tags, if they are present.  I use both these scenarios in my home network.

    1
    Comment actions Permalink
  • Avatar
    Neil

    Thanks, that's just what I was after Csimet

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post