Configuring Virtual LANs

Configuring Virtual LANs

The NetScaler supports (Layer 2) port and IEEE802.1Q tagged virtual LANs (VLANs). VLAN configurations are useful when you need to restrict traffic to certain groups of stations. You can configure a network interface to belong to multiple VLANs using IEEE 802.1q tagging.

You can bind your configured VLANs to IP subnets. The NetScaler (if it is configured as the default router for the hosts on the subnets) then performs IP forwarding between these VLANs. A NetScaler supports the following types of VLANs.

• Default VLAN. By default, the network interfaces on a NetScaler are included in a single, port-based VLAN as untagged network interfaces. This default VLAN has a VID of 1 and exists permanently. It cannot be deleted, and its VID cannot be changed.

• Port-Based VLANs. A set of network interfaces that share a common, exclusive, Layer 2 broadcast domain define the membership of a port-based VLAN. You can configure multiple port-based VLANs.

• Tagged VLAN. A network interface can be a tagged or untagged member of a VLAN. Each network interface is an untagged member of only one VLAN (its native VLAN). The untagged network interface forwards the frames for the native VLAN as untagged frames. A tagged network

interface can be a part of more than one VLAN. When you configure tagging, be sure that both ends of the link have matching VLAN settings. You can use the configuration utility to define a tagged VLAN (nsvlan) that can have any ports bound as tagged members of the VLAN. Configuring this VLAN requires a reboot of the NetScaler and therefore must be done during initial network configuration.

Note: The VLAN configuration is neither synchronized nor propagated. You must perform the configuration on each unit in a high availability (HA) pair independently. The best practice is to set the VLAN ID for an NSIP to 1.

Creating a VLAN

You can implement VLANs in the following environments:

• Single subnet

• Multiple subnets

• Single LAN

• VLANs (no tagging)

• VLANs (802.1q tagging)

You can use either of the following procedures to create a VLAN.

To create a VLAN using the configuration utility

1. In the navigation pane, expand Network and click VLANs. The VLANs page appears in the details pane.

2. Click Add. The Add VLAN dialog box appears.

3. In the VLAN Id text box, type the ID of the VLAN, for example, 2.

4. Click Create and click Close. The VLAN you added appears in the VLANs page.

To create a VLAN using the NetScaler command line

At a NetScaler command prompt, type:

add vlan 2

For more information about VLANs, see the Citrix NetScaler Networking Guide. When you create VLANs that have only untagged network interfaces as their members, the total number of possible VLANs is limited to the number of network interfaces available on the NetScaler. If more IP subnets are required with a VLAN configuration, 802.1q tagging must be used.

Binding a Network Interface to a VLAN

You can use either of the following procedures to bind a network interface to a VLAN.

To bind a network interface to a VLAN using the configuration utility

1. In the navigation pane, expand Network and click VLANs. The VLANs page appears in the details pane.

2. Select the VLAN to which you want to bind the interface, for example, 2.

3. Click Open. The Modify VLAN dialog box appears.

4. Under Interfaces, select the Active check box corresponding to the network interface that you want to bind to the VLAN, for example, 1/8.

5. Click OK.

To bind a network interface to a VLAN using the NetScaler command line

At a NetScaler command prompt, type:

bind vlan 2 -ifnum 1/8

Verifying the Configuration

Viewing the configuration enables you to troubleshoot any problem in the configuration.

Viewing the Properties of VLANs

You can view properties such as VLAN ID, members, and tagging of the configured VLANs. You can use either of the following procedures to view the properties of the VLANs.

To view the properties of VLANs using the configuration utility

1. In the navigation Pane, expand Network and click VLANs. The VLANs page appears in the details pane. The details of the available VLANs appear on this page.

2. Verify that the configured VLAN (with ID 2 if you used the example in the previous procedure) appears.

3. Select the configured VLAN and, in the Details section, verify that the parameters displayed are correctly configured.

To view the properties of VLANs using the NetScaler command line

At a NetScaler command prompt, type:

show vlan

Viewing the Statistics of a VLAN

You can view statistics such as packets received, bytes received, packets sent, and bytes sent of configured VLANs. You can use the statistics to monitor a VLAN and debug problems. You can use either of the following procedures to view the statistics of a VLAN.

To view the statistics of a VLAN using the configuration utility

1. In the navigation pane, expand Network and click VLANs. The VLANs page appears in the details pane.

2. Select the VLAN whose statistics you want to view, for example, 2.

3. Click Statistics. The VLAN Statistics dialog box appears.

To view the statistics of a VLAN using the NetScaler command line

At a NetScaler command prompt, type:

stat vlan 2