Review the following information to understand how Cloud Edge supports VLANs in Bridge Mode.
Bridge Mode Supported Interfaces
-
Cloud Edge 5.3 or later devices: Only the MGMT interface is supported for VLAN configuration
-
Cloud Edge earlier than 5.3: All interfaces except eth0 and eth1 are supported for VLAN configuration
-
Bridge interface (br0 or sw0): Does not support VLAN configuration
Bridge Mode Considerations
There are special considerations when configuring VLANs in Bridge Mode.
- Cloud Edge does not natively support VLANs like a standard switch, which
leads to the following limitations:
- You cannot configure access/trunk mode on a Cloud Edge port, so Cloud Edge cannot tag or untag any pass-through traffic.
- Cloud Edge cannot isolate broadcast or multicast traffic from different VLANs.
- Cloud Edge can only support pass-through VLAN traffic by keeping existing VLAN tags. Cloud Edge provides all security functions on pass-through VLAN traffic.
Bridge Mode Scenario
If Cloud Edge is deployed on a trunk link,
Trend Micro recommends that you only use two Cloud Edge ports:
-
Connect WAN to the upstream trunk port.
-
Connect LAN1 to the downstream trunk port.
 |
ImportantDo not connect more than two ports on a trunk link.
|
 |
NoteIf you are deploying a gateway with hardware switch chipset or other model in
software switch mode, connect the WAN port to the upstream trunk port and any LAN
port to
the downstream trunk port.
|
The following scenario depicts the recommended Bridge Mode deployment.
In this scenario, to register the Cloud Edge
gateway with Cloud Edge Cloud Console, you must set up
the gateway in a native VLAN.
- On a trunk link, all traffic is carried with VLAN tags except the traffic that belongs to the native VLAN. The Cloud Edge gateway itself can only send traffic without a VLAN tag.
- Therefore, if br0 is configured with DHCP, you must setup the DHCP server and gateway on a native VLAN. If br0 is configured with a static IP address, you must setup the gateway on a native VLAN.