Creating VLANs

Creating VLAN 10

In the Network > Interfaces menu, click on Add then Add a VLAN. In the first window of the wizard, select the option VLAN attached to 2 interfaces (crossing VLAN).

Next, fill in the fields in the various windows of the wizard as follows:

 

VLAN ID

  • Name: choose a name for this VLAN (vlan_10 in the example).
  • VLAN ID: select the 802.1q identifier associated with the VLAN (10 in the example).

 

VLAN address range

  • Select Create a new bridge and assign a name to this bridge (BridgeVlan10 in the example).
  • IPv4 address: leave the default dynamic IP assignment (DHCP) then confirm and click on Next.

 

Incoming VLAN ID

  • Name: select a name for the VLAN attached to the interface for incoming traffic. By default, this should be the name of the VLAN selected in the first window with the addition of the suffix "_1" (vlan_10_1 in the example).
  • Interface: select the interface through which packets belonging to the VLAN will enter the firewall. In the example, since the hosts are on the internal network, this will be the in interface.
  • This interface is: specify that the VLAN has to be considered as an internal (protected) interface.

 

Outgoing VLAN ID

  • Name: select a name for the VLAN attached to the interface for outgoing traffic. By default, this should be the name of the VLAN selected in the first window with the addition of the suffix "_2" (vlan_10_2 in the example).
  • Interface: select the GRETAP interface through which packets belonging to the VLAN will leave the firewall. In the example, this would be the GretapVLAN interface.
  • This interface is: specify that the VLAN has to be considered as an internal (protected) interface.

 

After having confirmed the configuration, the VLANs and their associated bridges can be seen in the list of interfaces:

Creating VLAN 20

To create the second VLAN that needs to be transported through the GRE tunnel, follow the method described in the paragraph Creating VLAN 10 using the following values:

VLAN ID

  • Name: vlan_20 in the example.
  • VLAN ID: 20 in the example.

 

VLAN address range

  • Select Create a new bridge. Name: BridgeVlan20 in the example.
  • IPv4 address: Dynamic IP (DHCP).

 

Incoming VLAN ID

  • Name: vlan_20_1 in the example.
  • Interface: in in the example.
  • This interface is: specify that the VLAN has to be considered as an internal (protected) interface.

 

Outgoing VLAN ID

  • Name: vlan_20_2 in the example.
  • Interface: GretapVLAN in the example.
  • This interface is: specify that the VLAN has to be considered as an internal (protected) interface.

 

By clicking on the GRETAP interface, you will be able to check that both VLANs vlan_10_2 and vlan_20_2 have been attached to it: