Whole Network VLAN Configuration on Ruijie Cloud

Applicable Scenario
The intranet has a Layer 2 switch, Multiple VLANs needs to be created to implement multiple distinct service networks(e.g., wired surveillance network and an office network).
Configuration Steps
1. Adding a wired VLAN: Choose Project > Configuration > Network > Client Access, click Add and select Add Wired VLANs to add wired VLAN configuration for the current network, or select an existing wired VLAN and click Configuration.
Note: If there are unmanaged mode ES200 series switches in the network, add a VLAN may turn it into managed mode depending on the position of this switch in the topology.






2. Setting service parameters: Set the VLAN for wired access and create a Dynamic Host Configuration Protocol (DHCP) address pool for devices in the VLAN to automatically obtain IP addresses. The gateway can serve as the address pool server to assign addresses to access clients. If a core switch supporting the address pool function is deployed on a network, you can configure the switch as the address pool server. After configuring service parameters, click Next.



The following table lists the description of parameters.

Parameter	Description
Service Remarks	Enter  the VLAN description, for example, Office PC.
VLAN ID	The  VLAN ID can be set to any value from 2 to 232 and from 234 to 4060, except  the used value.
Default Gateway	After  the VLAN ID is configured, the value of the default gateway or the subnet  mask will be updated automatically 1s later.
DHCP Pool	You  are advised to keep the default configuration. If the DHCP pool is disabled,  a camera or PC needs to be manually configured with a static IP address. The  deployment location of the IP address pool can be selected as needed.  Generally, the gateway used as the DHCP server is applicable to a Layer 2  network, and the core switch used as the DHCP server is applicable to a Layer  3 network.
IP Segment	The  parameter is available only when the DHCP pool is enabled. When the VLAN ID  is configured, the IP segment will be updated automatically 1s later.
Assign IP from	You  are advised to keep the default configuration.

3 Select the interface for connecting the camera in the topology on the left, and select the port to connect the camera from port icons on the right. The port icon will change from gray-black to blue. Click  [strong]Next[/strong] .



4. Click Apply The configuration will be delivered to the gateway and the switch, and takes effect.



5. The service network is added successfully when the message indicating delivery success is displayed.



FAQs
1. Why Should I Classify VLANs?
(1) Reducing resource waste caused by broadcast traffic
In monitoring, door control, IPTV, and other scenarios, the heavy broadcast traffic of different services can easily affect each other, causing network jamming. Broadcast domains need to be isolated to reduce the bandwidth occupied by broadcast packets and avoid broadcast storms.
① There are broadcast packets of various network protocols, such as Address Resolution Protocol (ARP) requests for querying MAC addresses of identified devices, and DHCP requests for requesting IP addresses. When there are considerable clients on the network, broadcast packets will occupy numerous bandwidth resources, causing resource waste. VLANs can isolate broadcast domains and reduce bandwidth resource waste.
② In monitoring, door control, broadcast system, and other scenarios, broadcast or multicast packets (devices that do not support multicasting will process multicast packets as broadcast packets) are usually used. Therefore, separate VLANs need to be configured for monitoring and video (such as IPTV) devices to isolate such traffic from common service traffic.
2. Facilitating management
After VLANs are classified based on departments, policies can be conveniently configured for different departments and enterprise intranets can be better managed.
In hotel scenarios, there may be Internet access by guests, conference room and banquet network, reception office network, and monitoring network. The reception office network involves the check-in/refund handling. In enterprise office scenarios, different departments may have different intranet access permissions and different security requirements. It is necessary to classify VLANs by user category and configure access control lists (ACLs) and other policies to meet different service requirements.
3. Ensuring intranet security
① In a LAN, device information can be easily captured, and even data may be stolen, imposing security risks. After VLANs are configured, LANs can be divided into different VLANs to narrow down the broadcast scope of different packets, thereby enhancing information security.
For example, in the enterprise office scenario, configuring a guest VLAN can greatly reduce security threats imposed by visitors to the intranet.
② Some virus software identifies other devices in the same VLAN through scanning in broadcast mode, and spreads viruses to the other devices in the same VLAN. Classifying VLANs can restrict the spread within the same VLAN.
For example, in the primary and middle school scenarios, teachers’ Internet access devices and teaching devices can be added to different VLANs to prevent the spread of viruses on a teacher’s PC to the teaching devices.
In conclusion, on the enterprise network, hotel network, school network, multi-client network, and monitoring and IPTV service networks, classify VLANs to improve the network experience and security.
2. How Do I Set the Lease Time of DHCP Addresses?
Purpose of Lease Period
When clients are online, they renew the lease automatically when 1/2 or 7/8 of the lease period has elapsed. If the lease is not renewed because a client goes offline or other problems arise, the client can continue to use the original IP address after reconnection before the lease period expires. For example, if the lease period is 24 hours and a client goes offline, the client can still use the original IP address after re-login within one day. If the lease period expires, the IP address will be returned to the address pool. When the client connects to the network again, it will obtain an address again. In general scenarios, keep the default value for the lease period.
The DHCP lease time should be shorter for frequently changing devices, such as mobile devices used by passengers at a train station. A shorter lease time ensures that unused IP addresses are released quickly and become available for new devices joining the network. This prevents IP address exhaustion and optimizes network resource utilization.
Configuration Steps
(1) Choose Configuration > Network-Wide > Network > Planned, select a VLAN, and then click [strong]Configuration[/strong] at the upper right corner.



(2) Enter the lease period and click  [strong]Save.[/strong]