vlan(7)vlan(7)NAME
vlan, VLAN - Virtual LAN (VLAN) introductory information
DESCRIPTION
A Virtual Local Area Network (VLAN) provides administrators with the
ability to create logical groups of systems that can communicate as if
they were on the same LAN. Multiple VLANs can exist on the same physi‐
cal network. Traffic between VLANs is restricted. Bridges forward all
traffic, including broadcast traffic, only to LAN segments that serve
the VLAN to which the traffic belongs.
A VLAN is identified by a VLAN ID, which is contained in a special Eth‐
ernet frame called a tagged frame. This tagging format is defined in
the IEEE 802.1q standard.
VLAN requires an optional kernel subsystem (vlan.mod). You can verify
the presence of the VLAN subsystem by issuing the sysconfig -s vlan
command. If the vlan subsystem is not loaded, you can load it using
either of the following methods: Dynamically load it using the syscon‐
fig -c vlan command. Run the vlanconfig command. This loads vlan.mod
if it is not present in the kernel.
After the subsystem is loaded, you can configure a VLAN.
VLAN Configuration
You can configure VLANs either in multiuser mode or at boot time with
the vlanconfig command. When you configure a VLAN, you specify the vir‐
tual interface name (vlanx), the lower interface on which the VLAN vir‐
tual interface is configured, and a VLAN ID. This enables the lower
interface to participate in the VLAN identified by the VLAN ID. You can
enable an interface to participate in multiple VLANs by creating multi‐
ple virtual interfaces on it. The total number of VLAN virtual inter‐
faces is limited only by system resources.
After you create a VLAN virtual interface, you manage it like any
interface by using the ifconfig command (for example, to configure IP
addresses).
After an interface is configured for VLAN, all frames received on that
interface are either enqueued to a VLAN virtual interface, or dropped.
If the received frame is an IEEE 802.1q tagged frame, the VLAN ID is
extracted and the frame is delivered to the VLAN virtual interface with
the same VLAN ID or is dropped if none is found. If the frame is not a
tagged frame (that is, typical Ethernet traffic), it is delivered to
the untagged VLAN virtual interface, or dropped if the untagged inter‐
face is not found. (See vlanconfig(8) for more information.) This pro‐
vides maximum flexibility to the system manager in establishing a VLAN
environment.
Packets sent from a VLAN virtual interface are encapsulated in tagged
frames that include their VLAN ID. Packets sent from an untagged VLAN
virtual interface are sent as untagged frames. Interfaces that are
enabled for tagged frames must be connected to LAN segments, or
directly to switches, that support IEEE 802.1q tagging. A switch's VLAN
configuration must be done manually.
VLAN and NetRAIN
You can enable NetRAIN virtual interfaces (nr) for VLANs provided the
physical adapters that make up the NetRAIN set adhere to the restric‐
tions in the “Restrictions” section. Each adapter in the NetRAIN set
must be connected to a switch port that is configured into the same set
of VLANs as the NetRAIN virtual interface. You cannot configure VLAN
virtual interfaces into a NetRAIN set.
Interfaces in a NetRAIN set attempt to communicate with each other so
that nifftmt will maintain the correct state for each interface. If
the interfaces are connected to switch ports that only accept and for‐
ward tagged frames, these NetRAIN internal packets will not be deliv‐
ered until a tagged VLAN interface has been configured on the NetRAIN
virtual interface. In the interim, nifftmt will report the interfaces
as being dead.
VLAN and Link Aggregation
You can enable link aggregation group virtual interfaces (lag) for
VLANs provided the physical adapters that make up the group adhere to
the restrictions in the “Restrictions” section. Each adapter in the
group must be connected to a switch port that is configured into the
same set of VLANs as the link aggregation group virtual interface. You
cannot configure VLAN virtual interfaces into a link aggregation group.
RESTRICTIONS
The following restrictions apply: Supports only Ethernet (802.3
CSMA/CD) links. Supports only DEGPA (alt), DE60x (ee), DEGXA (bcm),
and TULIP (tu) network interface cards (NICs). VLAN virtual interfaces
copy the lower interface's MAC address when they are created. If the
lower interface's MAC address subsequently changes, the VLAN interface
MAC address will not be updated. This can occur in the following cases:
The lower interface is a NetRAIN virtual interface -- If you delete all
members in a NetRAIN set and then add one interface with a different
MAC address to the empty set. The lower interface is a Link Aggrega‐
tion virtual interface -- If static MAC addressing is not in use and
you delete the original port from the LAG group.
If these cases cannot be avoided, then all VLAN virtual inter‐
faces on that lower interface must be deleted and recreated in
order to use the new MAC address. VLAN virtual interfaces do
not currently support setting characteristics such as speed,
duplex mode, autonegotiation, or MAC address. Any required modi‐
fications to the lower interface must be made before configuring
a VLAN virtual interface on it. VLAN virtual interfaces support
setting their IP maximum transfer unit (MTU) to higher or lower
values. If the new MTU value reduces the value on the lower
interface, the change is applied only on the VLAN virtual inter‐
face. If the new MTU value increases the value on the lower
interface, it is applied on both the lower interface and the
VLAN virtual interface.
SEE ALSO
Commands: vlanconfig(8)
System Attributes: sys_attrs_vlan(5)
Files: inet.local(4)
Technical Overview
Network Administration: Connections
vlan(7)