ADC

Configuring a VLAN

You can implement VLANs in the following environments:

  • Single subnet
  • Multiple subnets
  • Single LAN
  • VLANs (no tagging)
  • VLANs (802.1q tagging)

If you configure VLANs that have only untagged network interfaces as their members, the total number of possible VLANs is limited to the number of network interfaces available in the Citrix ADC. If more IP subnets are required with a VLAN configuration, 802.1q tagging must be used.

When you bind a network interface to a VLAN, the network interface is removed from the default VLAN. If the network interfaces need to be a part of more than one VLAN, you can bind the network interfaces to the VLANs as tagged members.

You can configure the Citrix ADC to forward traffic between VLANs at Layer 3. In this case, a VLAN is associated with a single IP subnet. The hosts in a VLAN that belong to a single subnet use the same subnet mask and one or more default gateways connected to that subnet. Configuring Layer 3 for a VLAN is optional. Layer 3 is used for IP forwarding (inter-VLAN routing). Each VLAN has a unique IP address and subnet mask that define an IP subnet for the VLAN. In an HA configuration, this IP address is shared with the other Citrix ADC appliances. The Citrix ADC forwards packets between configured IP subnets (VLANs).

When you configure the Citrix ADC, you must not create overlapping IP subnets. Doing so impedes Layer 3 functionality.

Each VLAN is a unique Layer 2 broadcast domain. Two VLANs, each bound to separate IP subnets, cannot be combined into a single broadcast domain. Forwarding traffic between two VLANs requires a Layer 3 forwarding (routing) device, such as the Citrix ADC appliance.

Configuring VLANs in an HA Setup

VLAN configuration for a high-availability setup requires that the Citrix ADC appliances have the same hardware configuration, and the VLANs configured on them must be mirror images.

The correct VLAN configuration is implemented automatically when the configuration is synchronized between the Citrix ADC appliances. The result is identical actions on all the appliances. For example, adding network interface 0/1 to VLAN2 adds this network interface to VLAN 2 on all the appliances participating in the high-availability setup.

Note: If you use network-interface-specific commands in an HA setup, the configurations you create are not propagated to the other Citrix ADC appliance. You must perform these commands on each appliance in an HA pair to ensure that the configuration of the two appliances in the HA pair remains synchronized.

Creating or Modifying a VLAN

To configure a VLAN, you create a VLAN entity, and then bind network interfaces and IP addresses to the VLAN. If you remove a VLAN, its member interfaces are added to the default VLAN.

CLI procedures

To create a VLAN by using the CLI:

At the command prompt, type:

  • add vlan <id> [-aliasName <string>] [-ipv6DynamicRouting (ENABLED|DISABLED)]
  • sh vlan <id>

Example:

  > add vlan 2 –aliasName “Network A”   Done
<!--NeedCopy-->

To bind an interface to a VLAN by using the CLI:

At the command prompt, type:

  • bind vlan <id> -ifnum <slot/port>
  • sh vlan <id>

Example:

  > bind vlan 2 -ifnum 1/8   Done
<!--NeedCopy-->

To bind an IP address to a VLAN by using the CLI:

At the command prompt, type:

  • bind vlan <id> -IPAddress <IPAddress> <netMask>
  • sh vlan <id>

Example:

  > bind vlan 2 -IPAddress 10.102.29.54 255.255.255.0   Done
<!--NeedCopy-->

To remove a VLAN by using the CLI:

At the command prompt, type:

  • rm vlan <id>

GUI procedures

To configure a VLAN by using the GUI:

  1. Navigate to System > Network > VLANs, add a new VLAN, or edit an existing VLAN.
  2. To bind an IP address to a VLAN, under IP Bindings, select the Active option corresponding to the IP address that you want to bind to the VLAN (for example, 10.102.29.54). The Type column displays the IP address type (such as mapped IP, virtual IP, or subnet IP) for each IP address in the IP Address column.
  3. To bind a network interface to a VLAN, under Interface Bindings, select the Active option corresponding to the interface that you want to bind to the VLAN.

Monitoring VLANs

You can display VLAN statistics such as packets received, bytes received, packets sent, and bytes sent, and use the information to identify anomalies and or debug a VLAN.

To view the statistics of a VLAN by using the CLI:

At the command prompt, type:

  • stat vlan <vlanID>

Example:

  stat vlan 2
<!--NeedCopy-->

To view the statistics of a VLAN by using the GUI:

  1. Navigate to System > Network > VLANs.
  2. Select the VLAN, and click Statistics.
Configuring a VLAN