The VPN Gateway has an integrated 8-port intelligent switch that provides support for VLANS. If VLANs have been enabled, each port can potentially be configured as a separate virtual LAN, or multiple ports can provide access to the same VLAN. VLAN trunking is also supported. This allows more than one VLAN to be mapped to a single port. When trunking, a maximum of 24 VLANs can be configured on an VPN Gateway or VPN Gateway 8300. The VPN Gateway 8200 can have a maximum of 8 VLANs configured. VLAN configuration is defined in AT&T Administration Server and can be viewed through the VPN Gateway web interface. The web interface shows the mappings of ports to VLANS, the speed and duplex setting and IP/MAC addresses assigned to each port. If no VLANs are configured, all ports on the VPN Gateway are assigned to a default VLAN.

Each VLAN can be configured individually for tunnel mode type (see the section about Tunnel Configuration Options for more information); VPN Only mode, split tunneling, Internet Only mode, or No-NAT mode. In this way one VLAN can handle secure private business traffic, and another VLAN can be set to provide access only to the Internet.

By default, communications between devices on two VLANS was prohibited in the case where one of the VLANs was configured as secure and another for Internet access only. An optional inter-VLAN mode can allow traffic between an Internet only VLAN and secure VLANs. Devices on Internet Only VLANs cannot access any VPN tunnels that are available to the secure VLANs. When in this inter-VLAN mode, cascaded routes and LAN aliases associated with the Internet-Only VLAN will not have access to secure VLANs.

There is also the ability to mark a VLAN as no-NAT. Traffic from that VLAN leaving the VPN Gateway via a WAN interface that normally would be NAT’ed will not be. The VPN Gateway will issue a proxy ARP for each IP address in the no-NAT VLAN to allow the return traffic to be routed back through the VPN Gateway. These IP addresses in the no-NAT subnet also need to be real NIC registered addresses and ordered from the ISP so that they are routed properly through the Internet and ISP.

It is also possible to map each VLAN to a specific VPN tunnel, allowing administrators to limit which VLAN has access to each VPN. When the VLAN-to-VPN mapping feature is enabled for a VPN, each VLAN supports an individual routing table. Cascaded networks not marked as Internet Only that are attached to a specific VLAN will adhere to the routing behavior defined for the VLAN to which the network is attached. By default, VPN-enabled VLANs or cascaded networks are advertised down the VPN tunnel. However, a setting in the device’s profile on the AT&T Administration Server can disable the advertisement.

As with the WAN interface, the interface speed settings can either be set for automatic negotiation (default) or set to a specific speed and duplex setting. The setting is either at the VLAN or the VPN Gateway level depending on whether VLANs have been configured.

Unused LAN ports that are not going to be used in the target environment can be disabled in the central configuration. Any ports not specifically assigned to a VLAN will be considered part of the default VLAN (ID=4069). Plugging devices into default VLAN ports can cause routing problems in the AT&T network if more than one VPN Gateway reports the same subnet. Ports can now be centrally configured as ‘disabled’, and in that mode they will not give out IP addresses, or be able to route traffic through the VPN Gateway on either the LAN or WAN interfaces.

The Wi-Fi extender plugs into the Local LAN side of the VPN Gateway using an Ethernet connection, allowing the Wi-Fi radio inside the Wi-Fi extender to be further away from the VPN Gateway expanding the reach of Wi-Fi. All the IP services continue to exist within the VPN Gateway (routing, firewall, DHCP services etc.), the Wi-Fi extender is purely a wireless access point providing the Wi-Fi radio services bridging the traffic directly onto the LAN interface of the VPN Gateway.

Accelerated Concepts provides the Wi-Fi extender as a supported managed extension of the VPN Gateway LAN interface. Accelerated Concepts can be contacted through the following means: contact [email protected] or visit http://accelerated.com/products.