We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure VLANs

  • Last updated on

VLANs allow you to split one physical network interface (with one MAC address) into several virtual LANs. The physical interface behaves like several interfaces, and the switch behaves like multiple switches. VLANs are useful when not enough network interfaces exist on the unit. The Barracuda NG can use up to 256 VLANs on one physical network interface and a maximum of 4096 VLANs globally. The VLAN interfaces are named <physical interface>.<VLAN id> (e.g., eth2.200). Only tagged traffic is handled by the Firewall - traffic on the physical interface is discarded. You must use a properly configured 802.1q VLAN capable switch and NICs that use one of the following kernel modules that are capable of 802.1q VLAN tagging on the Barracuda NG Firewall:

The interface label is formatted as <interface-name>.<VLAN ID>:<Virtual Server Name>. Verify that the length of the label does not exceed 15 characters. E.g., port10.1111:S01 would be a valid 15 character interface label.

Intel 100 MBit:
  • Intel 100 MBit Driver by Intel (e100.o)
  • Intel 100 MBit Driver by Intel (certified by Compaq) (e100compaq.o)
  • Intel 100 MBit Driver (eepro100.o) (not available in Barracuda NG Firewall version 5.0 and above) 
Intel 1000 MBit:  
  • Intel 1000 MBit Driver by Intel (e1000.o)
  • Intel 1000 MBit Driver by Intel (e1000e.o)
  • Intel 1000 MBit PCI-e Driver by Intel (igb.o)
  • Intel 1000 MBit Driver by Intel (certified by Compaq) (e1000compaq.o) (not available in Barracuda NG Firewall version 5.0 and above) 
Intel 10000 MBit:
  • Intel 10000 MBit Driver by Intel (ixgb.o)
  • Intel 10000 MBit PCI-e Driver by Intel (ixgbe.o) 
Broadcom 1000 MBit:
  • Broadcom 1000 MBit Driver by Broadcom (bcm57xx.o) (not available in Barracuda NG Firewall version 5.0 and above)
  • Broadcom 1000 MBit Netextreme I Driver (tg3.o)
  • Broadcom 1000 MBit Netextreme II Driver (bnx2.o)
Realtek:  
  • Realtek RLT8139 (8139too.o) 
VMware:
  • VMXnet3 (vmxnet3.o)
KVM
  • virtio (virtio.o, virtio-net.o)

In this article:

Step 1. Add a VLAN interface

  1. Open the Network page (Config > Full Config > Box > Network).
  2. From the Configuration menu in the left navigation pane, click Virtual LANs.
  3. Click Lock.
  4. Add an entry in the VLAN table:
    • Name – Enter a name and click OK.
    • Physical VLAN Interface – Select the physical interface that will host the VLAN. E.g., eth2 
    • VLAN Tag – Enter the VLAN tag that was configured on the switch port the physical interface is plugged in to. E.g., 200

    • Header Reordering – This setting makes the virtual interface seem like a real Ethernet interface. Keep disabled for better performance. Enable if you are experiencing problems with network services, such as DHCP running in the VLAN.
      vlan01.png

  5. Click OK.
  6. Click Send Changes and Activate.

Step 2. Create a Direct Route for the VLAN

Add a direct attached route for the VLAN network.

  1. Open the Network page (Config > Full Config > Box > Network).
  2. From the Configuration menu in the left navigation pane, click Routing.
  3. Click Lock.
  4. In the Routes table, add an entry for the VLAN route. Specify the following settings:
    • Target Network Address – Enter the network used on the VLAN. E.g.,192.168.8.10
    • Route Type – Select directly attached network.
    • Interface Name – Select the virtual interface matching the VLAN and target network address. E.g., eth2.200
  5. Click OK.
  6. Click Send Changes and Activate.

Step 3. Activate the New Network Configuration

If you activate the network in failsafe mode, a short network interruption occurs, which may require a maintenance window. It is possible to carry out the network activation for VLAN interfaces without interruption by using the command line.

Failsafe activation with temporary network connectivity disruption:

  1. Go to the Control > Box page.
  2. In the left navigation pane, expand Network and then click Activate new network configuration.
  3. Select the Failsafe mode.
  4. To verify that the VLAN interface and its pending direct route were successfully introduced, go to the Control > Network page.

Soft activation without temporary network connectivity disruption:

  1. Change to the command-line interface and execute the following commands for each configured VLAN on device eth<n> with corresponding <VLAN-ID>:
    • /etc/phion/bin/vconfig add eth<n> <VLAN-ID>
    • ip link set eth<n>.<VLAN-ID> up
  2. Activate the network configuration by clicking the Soft activate button.

Next Steps

The virtual network interfaces can be used just like physical network interfaces. The virtual network interfaces are now listed on the CONTROL > Network page.  If you want to combine VLANs and bridging, see Bridging

vlan02.png

Last updated on