User Manual User guide

Rockwell Automation Publication 1783-UM004E-EN-P - June 2014 105
Switch Software Features Chapter 3
VLAN Assignments
When configuring NAT, you can assign one or more VLANs to a NAT instance.
When you assign a VLAN to a NAT instance, the traffic associated with that
VLAN is subject to the configuration parameters of the NAT instance.
Configuration parameters include whether traffic is translated, fixed up, blocked,
or passed through.
When assigning VLANs to a NAT instance, consider the following:
NAT supports both trunk ports and access ports.
NAT does not change VLAN tags.
You can assign a maximum of 128 VLANs to one or more instances.
You can assign the same VLAN to multiple instances as long as the VLAN
is associated with different ports. For example, you can assign VLAN 1 to
both instance A and instance B as long as VLAN 1 is associated with port
Gi1/1 on instance A and port Gi1/2 on instance B.
By default, each instance is assigned to all VLANs on port Gi1/1 and no
instances on port Gi1/2.
VLANs associated with a trunk port can or can not be assigned to a NAT
instance:
If a VLAN is assigned to a NAT instance, its traffic is subject to the
configuration parameters of the NAT instance.
If a VLAN is unassigned to a NAT instance, its traffic remains
untranslated and is always permitted to pass through the trunk port.
Management Interface and VLANs
The management interface can be associated with a VLAN that is or is not
assigned to a NAT instance:
If its associated VLAN is assigned to a NAT instance, the management
interface resides on the private subnet by default. To manage the switch
from the private subnet, no additional configuration is required. To
manage the switch from the public subnet, you must configure a private-
to-public translation.
If its associated VLAN is not assigned to a NAT instance, the management
interface’s traffic remains untranslated and is always permitted to pass
through the port.
IMPORTANT
Set up all Smartport roles and VLANs before creating NAT instances.
If you change a Smartport role or the native VLAN for a port associated with a
NAT instance, you must reassign VLANs to the NAT instance.