vlan, VLAN - Virtual LAN (VLAN) introductory information
A Virtual Local Area Network (VLAN) provides administrators
with the ability to create logical groups of systems
that can communicate as if they were on the same LAN. Multiple
VLANs can exist on the same physical network. Traffic
between VLANs is restricted. Bridges forward all traffic,
including broadcast traffic, only to LAN segments
that serve the VLAN to which the traffic belongs.
A VLAN is identified by a VLAN ID, which is contained in a
special Ethernet frame called a tagged frame. This tagging
format is defined in the IEEE 802.1q standard.
VLAN requires an optional kernel subsystem (vlan.mod).
You can verify the presence of the VLAN subsystem by issuing
the sysconfig -s vlan command. If the vlan subsystem
is not loaded, you can load it using either of the following
methods: Dynamically load it using the sysconfig -c
vlan command. Run the vlanconfig command. This loads
vlan.mod if it is not present in the kernel.
After the subsystem is loaded, you can configure a VLAN.
VLAN Configuration [Toc] [Back]
You can configure VLANs either in multiuser mode or at
boot time with the vlanconfig command. When you configure
a VLAN, you specify the virtual interface name (vlanx),
the lower interface on which the VLAN virtual interface is
configured, and a VLAN ID. This enables the lower interface
to participate in the VLAN identified by the VLAN ID.
You can enable an interface to participate in multiple
VLANs by creating multiple virtual interfaces on it. The
total number of VLAN virtual interfaces is limited only by
After you create a VLAN virtual interface, you manage it
like any interface by using the ifconfig command (for
example, to configure IP addresses).
After an interface is configured for VLAN, all frames
received on that interface are either enqueued to a VLAN
virtual interface, or dropped. If the received frame is an
IEEE 802.1q tagged frame, the VLAN ID is extracted and the
frame is delivered to the VLAN virtual interface with the
same VLAN ID or is dropped if none is found. If the frame
is not a tagged frame (that is, typical Ethernet traffic),
it is delivered to the untagged VLAN virtual interface, or
dropped if the untagged interface is not found. (See vlanconfig(8) for more information.) This provides maximum
flexibility to the system manager in establishing a VLAN
Packets sent from a VLAN virtual interface are encapsulated
in tagged frames that include their VLAN ID. Packets
sent from an untagged VLAN virtual interface are sent as
untagged frames. Interfaces that are enabled for tagged
frames must be connected to LAN segments, or directly to
switches, that support IEEE 802.1q tagging. A switch's
VLAN configuration must be done manually.
VLAN and NetRAIN [Toc] [Back]
You can enable NetRAIN virtual interfaces (nr) for VLANs
provided the physical adapters that make up the NetRAIN
set adhere to the restrictions in the "Restrictions" section.
Each adapter in the NetRAIN set must be connected to
a switch port that is configured into the same set of
VLANs as the NetRAIN virtual interface. You cannot configure
VLAN virtual interfaces into a NetRAIN set.
Interfaces in a NetRAIN set attempt to communicate with
each other so that nifftmt will maintain the correct state
for each interface. If the interfaces are connected to
switch ports that only accept and forward tagged frames,
these NetRAIN internal packets will not be delivered until
a tagged VLAN interface has been configured on the NetRAIN
virtual interface. In the interim, nifftmt will report
the interfaces as being dead.
VLAN and Link Aggregation [Toc] [Back]
You can enable link aggregation group virtual interfaces
(lag) for VLANs provided the physical adapters that make
up the group adhere to the restrictions in the "Restrictions"
section. Each adapter in the group must be connected
to a switch port that is configured into the same
set of VLANs as the link aggregation group virtual interface.
You cannot configure VLAN virtual interfaces into a
link aggregation group.
The following restrictions apply: Supports only Ethernet
(802.3 CSMA/CD) links. Supports only DEGPA (alt), DE60x
(ee), DEGXA (bcm), and TULIP (tu) network interface cards
(NICs). VLAN virtual interfaces copy the lower interface's
MAC address when they are created. If the lower
interface's MAC address subsequently changes, the VLAN
interface MAC address will not be updated. This can occur
in the following cases: The lower interface is a NetRAIN
virtual interface -- If you delete all members in a
NetRAIN set and then add one interface with a different
MAC address to the empty set. The lower interface is a
Link Aggregation virtual interface -- If static MAC
addressing is not in use and you delete the original port
from the LAG group.
If these cases cannot be avoided, then all VLAN
virtual interfaces on that lower interface must be
deleted and recreated in order to use the new MAC
address. VLAN virtual interfaces do not currently
support setting characteristics such as speed,
duplex mode, autonegotiation, or MAC address. Any
required modifications to the lower interface must
be made before configuring a VLAN virtual interface
on it. VLAN virtual interfaces support setting
their IP maximum transfer unit (MTU) to higher or
lower values. If the new MTU value reduces the
value on the lower interface, the change is applied
only on the VLAN virtual interface. If the new MTU
value increases the value on the lower interface,
it is applied on both the lower interface and the
VLAN virtual interface.
System Attributes: sys_attrs_vlan(5)
Network Administration: Connections
[ Back ]