We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VLANs

  • Last updated on

VLANs allow you to split one physical network interface into several virtual LANs. The physical interface behaves like several interfaces, and the switch behaves like multiple switches. VLANs allow for layer 2 separation whenever layer 1 separation is not possible. The Barracuda NextGen Firewall F-Series can use up to 256 VLANs on one physical network interface and a maximum of 4094 VLANs globally. The VLAN interfaces are named <physical interface>.<VLAN id> (e.g., eth2.200). Only tagged traffic is handled by the Firewall; untagged traffic sent directly to the physical interface is discarded. You must use a properly configured 802.1q VLAN-capable switch and NICs that use drivers capable of tagging VLAN traffic.

Step 1. Add a VLAN interface

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select Virtual LANs.
  3. Click Lock.
  4. Add an entry in the VLAN table:
    • Name – Enter a name and click OK.
    • Physical VLAN Interface – Select the physical interface that will host the VLAN. E.g., eth2 
    • VLAN Tag – Enter the VLAN tag that was configured on the switch port the physical interface is plugged into. E.g., 200

    • Header Reordering – This setting makes the virtual interface seem like a real Ethernet interface. Keep disabled for better performance. Enable if you are experiencing problems with network services, such as DHCP running in the VLAN.
      vlan01.png

  5. Click OK.
  6. Click Send Changes and Activate.

Step 2. Create a direct route for the VLAN

Add a direct attached route for the VLAN network.

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select Routing.
  3. Click Lock.
  4. In the Routes table, add an entry for the VLAN route. Specify the following settings:
    • Target Network  Address – Enter the network used on the VLAN. E.g., 10.0.82.0/24
    • Route Type – Select directly attached network .
    • Interface Name – Select the virtual interface matching the VLAN and target network address. E.g., eth2.200
  5. Click OK.
  6. Click Send Changes and Activate.

Step 3. (optional) Add additional local IPs to enable ARP on multi-homed VLAN interfaces

For ARP requests to work on multi-homed VLAN interfaces, an additional local IPs must be created for the VLAN interface.  

  1. Go to CONFIGURATION > Configuration Tree > Box > Box > Network.
  2. Click Lock.
  3. Click +  to add the VLAN network and IP address as an Additional Local IP.
  4. Enter a Name and click OK. The IP Address Configuration window opens.
    • Interface Name – Select the VLAN interface.
    • IP Address – Enter the IP address from the VLAN network.
    • Associated Netmask – Select the netmask of the VLAN network. 
    • Responds to Ping – Set to yes
    • Management IP – Set to no.
  5. Click OK.
  6. Click Send Changes and Activate.

Step 4. Activate the network configuration

If you activate the network in failsafe mode, a short network interruption occurs, which may require a maintenance window. It is possible to carry out the network activation for VLAN interfaces without interruption by using the command line.

  1. Go to CONTROL > Box.
  2. In the left navigation pane, expand Network and then click Activate new network configuration.
  3. Select the Failsafe mode.
  4. To verify that the VLAN interface and its pending direct route were successfully introduced, go to CONTROL > Network.

Next steps

The virtual network interfaces can be used just like physical network interfaces. The virtual network interfaces are now listed on the CONTROL > Network page. If you want to combine VLANs and bridging, see Bridging.

vlan02.png

Last updated on