Skip to content

VLANs

Role

The manage_vlans role is required to use this feature.

ZEM allows for the creation and management of VLANs via the VLANs screen. The VLANs screen provides an overview of the active VLANs on the site and allows users to add, edit and delete VLANs. VLANs are commonly used to segregate network traffic based on certain criteria, such as function, location or department. Isolating parts of a network can limit the blast radius of faults and result in an increase in speed with which issues are resolved.

The VLANs screen

Adding VLANs

VLANs can be added to the site by clicking the blue plus icon in the top right corner.

Adding VLANs

ID

The 802.1Q tag to be used for this VLAN.

Name

The name of the VLAN, security-cam-floor-1 or sales-department for example.

IP range

The subnet that will be used for this VLAN in CIDR notation, for example 192.168.0.0/24 or 10.10.0.0/16.

Multicast

When enabled, multicast applies additional settings to switches where this VLAN is applied. Additionally, enitity intents for multicast troubleshooting will become available for devices connected via this VLAN.

Primary and secondary router

Configuring a primary router for a VLAN enables automatic configuration and usage of routed VLANs. For networks requiring redundancy, secondary routers can be configured.

VLANs, groups, and profiles

VLANs, groups, and profiles are linked together through automatic configuration in ZEM. We often refer to such a conceptual set of a VLAN, a group and a device profile as an allocation.

When a switch port is programmed, the VLAN that is connected to a group is applied to the specific Device Profile configuration template, thereby resulting in a switch port configuration. For example, imagine we have a network with two rooms, A and B, two VLANS, being 100 and 200, and a single device profile for a card reader. It is possible to assign VLAN 100 for card readers in room A and VLAN 200 for card readers in room B. When you program a switch port for a card reader it will automatically be configured with the VLAN based on where (which group) and what (which device profile) is programmed.

The resulting switch port configuration would then be:

### Switch in group A
int Gi1/0/10
    switchport mode access
    switchport access vlan 100

### Switch in group B
int Gi1/0/11
    switchport mode access
    switchport access vlan 200

Assigning VLANs to a group and device profile

To assign an VLAN to a group and device profile, click the 'groups' button in the "Allocations" column on the VLAN screen.

Assigning groups to VLANs

Select a group from the drop down menu or instantly copy all assignments from a profile using the "Copy allocations from" drop down menu.