VLAN tagging is the division of a network into virtual subnetworks on the Ethernet level (OSI layer model level 2). For this purpose, each network packet is marked with an additional number, the VLAN tag. A manageable, VLAN-enabled switch can use these VLAN tags to seal off subnetworks or individual devices. The firewall of the Intra2net system can then monitor and control the communication between these subnetworks.

Each VLAN interface appears in the Network > Interfaces menu as a standalone interface. New VLAN interfaces can be created using the "New VLAN" button. The VLAN ID is a freely selectable number between 1 and 4095, and a physical interface is assigned to each VLAN interface.

	Hint
	Some switches assign a special position to VLAN ID 1. It is advisable to use a VLAN ID of 2 or greater.

By clicking the "Remove VLAN" button, a VLAN interface is deleted. Changes to the VLAN interfaces restart all network services, so the system will temporarily go offline.

For technical reasons it is not possible to create VLANs on DSL/Router interfaces. If the system is offline, the physical interface is switched off and would disable all VLANs. If multiple DSL/Router interfaces are to be bundled on one physical interface, configure the physical interface to the type "not used" and then create as many VLAN interfaces as desired on this interface.

For technical reasons, a maximum of 50 different VLAN interfaces can be used on the system.

For increased security, we recommend connecting LAN and WAN traffic over different physical interfaces instead of relying on VLANs. Incorrect configurations on the switch could otherwise send unfiltered Internet traffic to the local network.