How is Management, Data, and Membership VLANs traffic handled at the port level?

A VLAN configuration establishes a logical group within the network. Each computer in the VLAN, regardless of initial or eventual physical location, has access to the same data based on the VLAN architecture. For the network operator, this provides flexibility in network segmentation, simpler management and enhanced security.

Management VLAN

Enabled: The SM management interface can be assigned to a Management VLAN to separate management traffic (remote module management via SNMP or HTTP) from user traffic (such as internet browsing, voice, or video). Once the management interface is enabled for a VLAN, an SM’s management interface can be accessed only by packets tagged with a VLAN ID matching the management VLAN ID.  Management packets which are not tagged with a matching VLAN ID are dropped at the port.

Disabled: When disabled, all untagged IP management traffic is allowed to the device.

Data VLAN

Enabled: A VLAN tag will be added to all untagged traffic entering the SM’s LAN port before sending it to the AP and the SM will remove tags in the opposite direction from traffic (tagged with Data VLAN ID) entering on the SM’s WAN port before sending to the SM’s LAN port.

Disabled: When disabled, no changes are made to untagged traffic passing through the SM.

Membership VLANs

Configure the Membership VLAN Table to include the SM in one or more VLANs. When the SM receives a packet tagged from either the Ethernet (LAN) or Wirless (WAN) side with a VLAN ID which is contained in the Membership VLAN Table, the packet is forwarded and sent out the other interface. When the SM receives a packet tagged with a VLAN ID which is not present in the Membership VLAN Table, the frame is dropped (assuming there is at least one VLAN ID present in the Membership VLAN table or configured as a Data VLAN).

1 Like