It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see for further information on our EoS policy.

How to Configure VLANs

  • Last updated on

VLANs allow you to split one physical network interface (with one MAC address) into several virtual LANs. The physical interface behaves like several interfaces, and the switch behaves like multiple switches. VLANs are useful when not enough network interfaces exist on the unit. The Barracuda NG can use up to 256 VLANs on one physical network interface and a maximum of 4096 VLANs globally. The VLAN interfaces are named <physical interface>.<VLAN id> (e.g., eth2.200). Only tagged traffic is handled by the Firewall - traffic on the physical interface is discarded. You must use a properly configured 802.1q VLAN capable switch and NICs that use one of the following kernel modules that are capable of 802.1q VLAN tagging on the Barracuda NG Firewall:

The interface label is formatted as <interface-name>.<VLAN ID>:<Virtual Server Name>. Verify that the length of the label does not exceed 15 characters. E.g., port10.1111:S01 would be a valid 15 character interface label.

Intel 100 MBit:
  • Intel 100 MBit Driver by Intel (e100.o)
  • Intel 100 MBit Driver by Intel (certified by Compaq) (e100compaq.o)
Intel 1000 MBit:  
  • Intel 1000 MBit Driver by Intel (e1000.o)
  • Intel 1000 MBit Driver by Intel (e1000e.o)
  • Intel 1000 MBit PCI-e Driver by Intel (igb.o)
Intel 10000 MBit:
  • Intel 10000 MBit Driver by Intel (ixgb.o)
  • Intel 10000 MBit PCI-e Driver by Intel (ixgbe.o) 
Broadcom 1000 MBit:
  • Broadcom 1000 MBit Netextreme I Driver (tg3.o)
  • Broadcom 1000 MBit Netextreme II Driver (bnx2.o)
  • Realtek RLT8139 (8139too.o) 
  • VMXnet3 (vmxnet3.o)
  • virtio (virtio.o, virtio-net.o)

In this article:

Step 1. Add a VLAN interface

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select Virtual LANs.
  3. Click Lock.
  4. Add an entry in the VLAN table:
    • Name – Enter a name and click OK.
    • Physical VLAN Interface – Select the physical interface that will host the VLAN. E.g., eth2 
    • VLAN Tag – Enter the VLAN tag that was configured on the switch port the physical interface is plugged in to. E.g., 200

    • Header Reordering – This setting makes the virtual interface seem like a real Ethernet interface. Keep disabled for better performance. Enable if you are experiencing problems with network services, such as DHCP running in the VLAN.

  5. Click OK.
  6. Click Send Changes and Activate.

Step 2. Create a Direct Route for the VLAN

Add a direct attached route for the VLAN network.

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select Routing.
  3. Click Lock.
  4. In the Routes table, add an entry for the VLAN route. Specify the following settings:
    • Target Network Address – Enter the network used on the VLAN. E.g.,
    • Route Type – Select directly attached network.
    • Interface Name – Select the virtual interface matching the VLAN and target network address. E.g., eth2.200
  5. Click OK.
  6. Click Send Changes and Activate.

Step 3. Activate the New Network Configuration

If you activate the network in failsafe mode, a short network interruption occurs, which may require a maintenance window. It is possible to carry out the network activation for VLAN interfaces without interruption by using the command line.

Failsafe activation with temporary network connectivity disruption:

  1. Go to CONTROL > Box.
  2. In the left navigation pane, expand Network and then click Activate new network configuration.
  3. Select the Failsafe mode.
  4. To verify that the VLAN interface and its pending direct route were successfully introduced, go to CONTROL > Network.

Soft activation without temporary network connectivity disruption:

  1. Change to the command-line interface and execute the following commands for each configured VLAN on device eth<n> with corresponding <VLAN-ID>:
    • /etc/phion/bin/vconfig add eth<n> <VLAN-ID>
    • ip link set eth<n>.<VLAN-ID> up
  2. Activate the network configuration by clicking the Soft activate button.

Next Steps

The virtual network interfaces can be used just like physical network interfaces. The virtual network interfaces are now listed on the CONTROL > Network page. If you want to combine VLANs and bridging, see Bridging.


Last updated on