Assigning L2V VLAN IDs (NSM Procedure)

You must use VLAN tags for vsys devices in Transparent mode. The device classifies traffic to or from the vsys based on the VLAN tag. A root device running ScreenOS 5.0-L2V supports a maximum of 4094 VLANs. You can assign each vsys 2 to 4094 VLANS, however, after a VLAN is assigned to one vsys it cannot be used in another. The root system reserves vlan 1, vlan0, and vlan4095.

By default, all VLAN IDS belong to the root system. To configure VLAN IDs for each vsys, you must import the VLAN IDs from the root system to a vsys:

  1. In the NSM navigation tree, select Device Manager >Security Devices, and then double-click a vsys device.
  2. In the vsys device navigation tree, select Network > Vlan > Import.
  3. Click the Add icon to display the New Vlan Import Entry dialog box, and then enter the range of VLAN IDs you want to import from the root system to the vsys.
  4. Click OK. NSM imports the VLAN IDs within the specified range from the root system; these IDs are now reserved and cannot be used by the root system or other vsys.

To export VLAN IDs to the root system, you must delete the VLAN IDs from the vsys (select the VLAN import entry and then click the Delete icon). When you delete an ID range, NSM no longer reserves those IDs, enabling you to import the IDs to another vsys.

After you have imported VLAN IDs to a vsys, you can group those IDs and assign them to a physical port and zone.

