It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VLANs

  • Last updated on

VLANs allow you to split one physical network interface into several virtual LANs. The physical interface behaves like several interfaces, and the switch behaves like multiple switches. VLANs allow for layer 2 separation whenever layer 1 separation is not possible. The firewall can use up to 256 VLANs on one physical network interface and a maximum of 4094 VLANs globally. The VLAN interfaces are named physical interface.VLAN id (e.g., eth2.200). Only tagged traffic is handled by the firewall; untagged traffic sent directly to the physical interface is discarded. You must use a properly configured 802.1q VLAN-capable switch and NICs that use drivers capable of tagging VLAN traffic.

The interface label is formatted as interface-name.VLAN ID:Virtual Server Name. Verify that the length of the label does not exceed 15 characters. E.g., port10.1111:S01 would be a valid 15-character interface label.

vlan_config01.png

Step 1. Add Two VLAN Interfaces

  1. Go to NETWORK > IP Configuration.
  2. In the Virtual Interface Configuration section, add the first entry for the VLAN:

    • VLAN Name – Enter the name for the VLAN.

    • Host Interface – Select the hardware interface.

    • VLAN ID – Enter the VLAN ID for differentiating between multiple VLANs.

  3. Click Add.

    add_vlan.png

  4. In the Virtual Interface Configuration section, add the second entry for the VLAN.

    • VLAN Name – Enter the name for the VLAN.

    • Host Interface – Select the hardware interface.

    • VLAN ID – Enter the VLAN ID for differentiating between multiple VLANs.

  5. Click Add.
    add_2nd_vlan.png

Step 3. Perform a Network Activation

After you create or change basic network configurations such as routing, you must activate your new network configurations.

  1. Scroll to the top of the page.
  2. Click on the link inside of the warning message to execute the new network configuration.
    network_activation.png

Step 4. Create a Static Network Interface for the First VLAN

  1. Go to NEWORK > IP Configuration.
  2. In the Static Interface Configuration section, click Add Static Network Interface. The Add Static Interface window opens.
  3. From the Network Interface list, select the first VLAN port, e.g, eth2.100.
  4. Enter a Name for the first VLAN network interface, e.g., vlanprv1.
  5. Enter the static WAN IP address, e.g., 10.0.20.1.
  6. Enter the Netmask of the interface, e.g., 255.255.255.0.
  7. From Services to Allow, select Ping to allow the interface to respond to ping packets.
  8. From the Classification list, select Trusted.
    add_static_network_interface_vlan1.png
  9. Click Save.

Step 5. Create a Static Network Interface for the Second VLAN

  1. Go to NEWORK > IP Configuration.
  2. In the Static Interface Configuration section, click Add Static Network Interface. The Add Static Interface window opens.
  3. From the Network Interface list, select the first VLAN port, e.g., eth2.200.
  4. Enter a Name for the first VLAN network interface, e.g., vlanprv2.
  5. Enter the static WAN IP address, e.g., 10.0.21.1.
  6. Enter the Netmask of the interface, e.g., 255.255.255.0.
  7. From Services to Allow, select Ping to allow the interface to respond to ping packets.
  8. From the Classification list, select Trusted.
    add_static_network_interface_vlan2.png
  9. Click Save.

Step 6. Perform a Network Activation

After you create or change basic network configurations such as routing, you must activate your new network configurations.

  1. Scroll to the top of the page.
  2. Click on the link inside of the warning message to execute the new network configuration.
    network_activation.png

Step 7. Verify the New Configuration

There are two places to verify that the two VLAN interfaces have been configured as expected:

Go to NETWORK > IP Configuration. If no errors occurred during the configuration, you can see the two VLAN interfaces both in the Network Interface Configuration and Static Interface Configuration tables.

two_vlans_added_nw_itfc_sect.png

two_vlans_added_nw_static_itfc_sect.png

Go to NETWORK > Routing. If no errors occurred during the configuration, you can see the two VLAN interfaces in both the Network Routes and the Network Interfaces tables.

two_vlans_added_nw_route.png