It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure VLANs

  • Last updated on

A VLAN is a logical network that is run on a switch or on top of a physical network. A VLAN jointly uses the same physical interface that is used for the physical network. Because both the sending and the receiving interface must be able to distinguish which traffic belongs to which kind of network, the transmitted traffic packets must be distinguishable. This is achieved by a tag – a label that is added to each packet of a session. Both communication partners must support this feature. You must use a properly configured 802.1q VLAN-capable switch and NICs that use drivers capable of tagging VLAN traffic.

The Barracuda CloudGen Firewall can use up to 256 VLANs on one physical network interface and a maximum of 4094 VLANs globally. The VLAN interfaces are named <physical interface>.<VLAN id> (e.g., eth2.200), where the VLAN id represents the tag. The firewall can serve both untagged and tagged VLANs simultaneously. Because untagged VLANs do not use the tagging information, an untagged VLAN is the same as a connection that uses its own physical interface. Therefore, if you want to use an untagged VLAN, assign a direct attached network to an interface of your choice. For more information, see How to Configure Direct Attached Routes.

To use tagged VLANs solely or simultaneously with an untagged VLAN, follow the steps below and use the same interface as for the untagged VLAN interface.

Step 1. Add a VLAN Interface

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select Virtual LANs.
  3. Click Lock.
  4. Add an entry in the VLAN table:
    • Name – Enter a name and click OK.
    • Physical VLAN Interface – Select the physical interface that will host the VLAN. E.g., eth2 
    • VLAN Tag – Enter the VLAN tag that was configured on the switch port the physical interface is plugged into. E.g., 200

    • Header Reordering  – This setting makes the virtual interface seem like a real Ethernet interface. Keep disabled for better performance. Enable if you are experiencing problems with network services, such as DHCP running in the VLAN.

  5. Click OK.
  6. Click Send Changes and Activate.

Step 2. Activate the Network Configuration

VLANs can be activated without interruption to the network subsystem. For more information, see How to Activate Network Changes.

  1. Go to CONTROL > Box.
  2. In the left navigation pane, expand Network and then click Activate new network configuration.
  3. Click Activate now.

To verify that the VLAN interface and its pending direct route were successfully introduced, go to CONTROL > Network.

Multi-Homed VLAN Interfaces

For ARP requests to work on multi-homed VLAN interfaces, use additional local IPs instead of the direct attached route and shared network for the VLAN interface.  

  1. Go to CONFIGURATION > Configuration Tree > Box > Box > Network.
  2. Click Lock.
  3. Click +  to add the VLAN network and IP address as an Additional Local IP.
  4. Enter a Name and click OK. The IP Address Configuration window opens.
    • Interface Name – Select the VLAN interface.
    • IP Address – Enter the IP address from the VLAN network.
    • Associated Netmask – Select the netmask of the VLAN network. 
    • Responds to Ping – Set to yes
    • Management IP – Set to no.
  5. Click OK.
  6. Click Send Changes and Activate.

Next Steps

  • Add a shared IP address for each VLAN. For more information, see Assigned Services.
  • The virtual network interfaces can be used just like physical network interfaces. The virtual network interfaces are now listed on the CONTROL > Network page. If you want to combine VLANs and bridging, see Bridging.