Configuring a VLAN

VLAN interfaces are configured at the network interface vlan level.

To add a new VLAN interface, use the following command:

Admin@nodename# create network interface vlan

Parameters:

Parameter

Description

enabled

Enable/disable a VLAN interface:

  • on

  • off

description

Interface description.

alias

The interface's alias.

iface-type

Interface type:

  • l3: Layer 3 (you can assign an IP address and use it in firewall, content filtering, and other rules; this is the standard interface operation mode).

  • mirror: interface works in Mirror mode (it can receive traffic from the network equipment SPAN port to analyze it).

iface-mode

IP address assignment mode:

  • dhcp: obtain a dynamic IP address via DHCP.

  • manual: no address.

Static mode is set automatically when an IP address is assigned to the interface.

tag

VLAN tag. Up to 4094 interfaces can be created.

node-name

Cluster node name where the VLAN is created.

interface

The physical interface on which the VLAN is being created.

zone

Zone to which the interface belongs.

link-info

Settings for network interface parameters:

  • bc_forwarding: control forwarding the directed broadcast packets arriving at the specified interface.

  • proxy_arp, proxy_arp_vlan: Proxy ARP mechanism. With proxy_arp, UserGate will respond to ARP requests for addresses outside the interface's network; with proxy_arp_vlan, UserGate will respond to ARP requests for addresses that belong to the interface's network.

To specify them, use the following format:

Admin@nodename# create network interface <iface-type> ... link-info [ key/value ]

where key is the parameter name. which can include lowercase Latin letters (a-z) and underscore (_), and

value is the parameter value. Parameter values can only be integers.

For example, use proxy_arp/1 to enable the Proxy ARP mechanism and proxy_arp/0 to disable it.

The link-info field is displayed only when adding parameters.

Important! You cannot delete the specified parameters.

netflow-profile

The Netflow profile to send statistical data to the Netflow collector. For more details on Netflow profile settings, see Configuring Netflow Profiles.

ip-addresses

Assign an IP address to the interface.

The IP addresses are specified as [ <ip_address/mask> ] or [ <ip_address/mask> <ip_address/mask> ]. In case of several IP addresses (with space used as the separator), the subnet mask is entered in the decimal format.

Important! Make sure to separate the square brackets with spaces on both sides.

mac

Interface MAC address.

mtu

Specify the MTU size.

dhcp-relay

Settings for the DHCP relay on the interface. You need to specify the following:

  • enabled: enable/disable the relay:

    • on

    • off

  • utm-address: IP address of the UserGate interface on which the relay function is added.

  • server-address: addresses of DHCP servers where DHCP requests from clients should be redirected.

To edit an existing VLAN, use the following command:

Admin@nodename# set network interface vlan <vlan-name>

The parameters available for setting are the same as those for creating a VLAN, except for tag, node-name, and interface (you cannot change these parameter values).

To delete a VLAN interface or its parameters, use the following command:

Admin@nodename# delete network interface vlan <vlan-name>

You can delete the following parameters:

Parameter

Description

ip-addresses

Specified IP address.

dhcp-relay server-address

DHCP server IP address.

To display information about all VLAN interfaces, use the following command:

Admin@nodename# show network interface vlan

To display information about a single interface, use the following command:

Admin@nodename# show network interface vlan <vlan-name>