We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure VLANs

  • Last updated on

A VLAN is a logical network that is run on a switch or on top of a physical network. A VLAN jointly uses the same physical interface that is used for the physical network.

Because both the sending and the receiving interface must be able to distinguish which traffic belongs to which kind of network, the transmitted traffic packets must be distinguishable. This is achieved by a tag – a label that is added to each packet of a session. Both communication partners must support this feature. You must use a properly configured 802.1q VLAN-capable switch and NICs that use drivers capable of tagging VLAN traffic.

The Barracuda CloudGen Firewall can use up to 256 VLANs on one physical network interface and a maximum of 4094 VLANs globally. The VLAN interfaces are named <physical interface>.<VLAN id> (e.g., eth2.200), where the VLAN id represents the tag.

The firewall can serve both untagged and tagged VLANs simultaneously. Because untagged VLANs do not use the tagging information, an untagged VLAN is the same like a connection that uses its own physical interface. Therefore, if you want to use an untagged VLAN, assign a direct attached network to an interface of your choice. For more information, see How to Configure Direct Attached Routes.

If you want to use tagged VLANs solely or simultaneously with an untagged VLAN, follow the steps below and use the same interface as for the untagged VLAN interface.

Step 1. Add a VLAN Interface

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select Virtual LANs.
  3. Click Lock.
  4. Add an entry in the VLAN table:
    • Name – Enter a name and click OK.
    • Physical VLAN Interface – Select the physical interface that will host the VLAN. E.g., eth2 
    • VLAN Tag – Enter the VLAN tag that was configured on the switch port the physical interface is plugged into. E.g., 200

    • Header Reordering  – This setting makes the virtual interface seem like a real Ethernet interface. Keep disabled for better performance. Enable if you are experiencing problems with network services, such as DHCP running in the VLAN.
      vlan01.png

  5. Click OK.
  6. Click Send Changes and Activate.

Step 2. Create a Direct Route for the VLAN

Add a direct attached route for the VLAN network.

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select Routing.
  3. Click Lock.
  4. In the Routes table, add an entry for the VLAN route. Specify the following settings:
    • Target Network  Address – Enter the network used on the VLAN. E.g., 10.0.82.0/24
    • Route Type – Select directly attached network .
    • Interface Name – Select the virtual interface matching the VLAN and target network address. E.g., eth2.200
  5. Click OK.
  6. Click Send Changes and Activate.

The pending route is now listed on the CONTROL > Networking page. A virtual server IP address is required for the route to be active.

Step 3. Activate the Network Configuration

VLANs can be activated without interruption to the network subsystem. For more information, see How to Activate Network Changes.

  1. Go to CONTROL > Box.
  2. In the left navigation pane, expand Network and then click Activate new network configuration.
  3. Click Soft.
    soft_activation.png
  4. To verify that the VLAN interface and its pending direct route were successfully introduced, go to CONTROL > Network.

Multi-Homed VLAN Interfaces

For ARP requests to work on multi-homed VLAN interfaces, use additional local IPs instead of the direct attached route and virtual server IP for the VLAN interface.  

  1. Go to CONFIGURATION > Configuration Tree > Box > Box > Network.
  2. Click Lock.
  3. Click +  to add the VLAN network and IP address as an Additional Local IP.
  4. Enter a Name and click OK. The IP Address Configuration window opens.
    • Interface Name – Select the VLAN interface.
    • IP Address – Enter the IP address from the VLAN network.
    • Associated Netmask – Select the netmask of the VLAN network. 
    • Responds to Ping – Set to yes
    • Management IP – Set to no.
  5. Click OK.
  6. Click Send Changes and Activate.

Next Steps

  • Add a virtual server IP address for each VLAN. For more information, see Virtual Servers and Services.
  • The virtual network interfaces can be used just like physical network interfaces. The virtual network interfaces are now listed on the CONTROL > Network page. If you want to combine VLANs and bridging, see Bridging.

vlan02.png

Last updated on