ADC

Configuring Allowed VLAN List

Citrix ADC accepts and sends tagged packets of a VLAN on an interface if the VLAN is explicitly configured on the Citrix ADC appliance and the interface is bound to the VLAN. Some deployments (for example, Bump in the wire) require the Citrix ADC appliance to function as a transparent device to accept and forward tagged packets related to a large number of VLANs. For this requirement, configuring and managing a large number of VLANs is not a feasible solution.

Allowed VLAN list on an interface specifies a list of VLANs. The interface transparently accepts and sends tagged packets related to the specified VLANs without the need for explicitly configuring these VLANs on the appliance.

Points to Consider before Configuring Allowed VLAN List

Consider the following points before configuring allowed VLAN list

  • In a high availability setup, allowed VLAN list is not propagated or synchronized. Therefore, you have to configure allowed VLAN list on both the nodes.
  • The traffic of a native VLAN might leak to the non-member interfaces that specifies the native VLAN in its allowed VLAN list.
  • A Maximum of 60 VLAN ranges can be specified as part of allowed VLAN list for an interface.
  • The Citrix ADC appliance does not support allowed VLAN list on interfaces that are part of link aggregation channels or redundant interface sets. For more information on redundant interface set, see Redundant Interface Set.
  • Allowed VLAN list is not supported on a Citrix ADC cluster configuration.
  • The Citrix ADC appliance does not support allowed VLAN list for Bridge groups.
  • The Citrix ADC appliance does not support allowed VLAN list for VXLANs.

Configuring Allowed VLAN List

To configure allowed VLAN list by using the CLI:

At the command prompt, type:

  • **set interface** <id> **-trunkmode** (ON|OFF) **-trunkAllowedVlan** <int[-int]> …
  • show interface <id>

To configure allowed VLAN list by using the GUI:

Navigate to System > Network > Interfaces, select a network interface, click Edit, and then set the following parameters:

  • Trunk Mode
  • Trunk Allowed VLAN

Sample Configuration:

In the following sample configuration, VLANS in the ranges 100-120, 190-200, and 300-330 are specified as part of allowed VLAN list for interface 1/2.

> set int 1/2 -trunkmode on -trunkallowedVlan 100-120 190-200 300-330

Done

> sh int 1/2

1)      Interface 1/2 (Gig Ethernet 10/100/1000 MBits) #6
        flags=0xc020

        <ENABLED, UP, UP, AUTONEG OFF, HEARTBEAT, 802.1q, trunkmode>

        Trunk Allowed Vlans:  100-120 190-200 300-330

Done

<!--NeedCopy-->
Configuring Allowed VLAN List