HAProxy ALOHA Documentation 13.5

VLAN

An HAProxy ALOHA network interface may be connected to a switch interface through a VLAN trunk link.

You can then create a VLAN interface on the HAProxy ALOHA instance to route traffic over the relevant VLAN.

https://cdn.haproxy.com/documentation/aloha/13-5/assets/vlan-diagram-b8738600046cf92db4a26485c4a60aa4baa942f4764cca9f1860d28175427d03.png

See also

VLAN tagging

Create a VLAN interface

To create a VLAN interface, you have to create a new service network:

  1. In the Services tab, click network setup setup_icon to display the current configuration of your network interfaces.

    https://cdn.haproxy.com/documentation/aloha/13-5/assets/interface_setup_bonding-fa9150a69f20efe3af0a4ad78b52e18da894956799caafbd0d266b00df7a9172.png
  2. Add a directive to create a new VLAN interface.

    The syntax is as follows:

    service network eth<id>.<vlanid>

    Create VLANs 100, 200, and 300 on interface eth0.

    service network eth0.100
       ip address 172.16.100.4/255.255.255.192
    
    service network eth0.200
       ip address 172.16.100.65/255.255.255.192
    
    service network eth0.300
       ip address 172.16.100.129/255.255.255.192

    A physical network interface can support both its own IP configuration (untagged network) and one or more VLAN (tagged) interfaces. In this configuration, traffic with a VLAN tag matching a defined VLAN goes to the VLAN, and traffic without a VLAN tag goes to the untagged network.

    The untagged network does not serve as a default destination for tagged traffic that does not match any of the defined VLANs; tagged traffic that does not match a defined VLAN is dropped.

    This configuration is not recommended because it relies on switches and routers to ensure untagged networks and tagged networks remain isolated. If an interface is intended to support multiple network schemes, a separate VLAN should be created for each scheme.

    Define two networks, one for untagged traffic and one for traffic tagged for VLAN 100. Traffic having any other tag is dropped. Not recommended.

    service network eth0
       ip address 172.16.100.4/255.255.255.192
    
    service network eth0.100
       ip address 172.16.100.65/255.255.255.192
  3. Apply the configuration:

    • If you just created the VLAN interface, click Restart restart_icon on the network line.

    • If you just updated an existing VLAN interface, click Reload reload_icon.

    You can manage IP configuration and VRRP settings in the same way as for a physical interface.

  4. In the Setup tab, click Save under Local Configuration to persist your changes after a reboot.

Verify the VLAN interface

The VLAN interface should have been assigned to the physical interface, for example VLAN 100 on physical interface eth0. To check this, use the ip command to verify that the MAC addresses (the link/ether value) for the physical interface and its VLAN network are the same.

Verify the MAC addresses are the same on eth0 and eth0.100. Both show matching link/ether values of 08:00:27:8d:c0:4d.

$ sudo ip addr show
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
   link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
   altname enp0s3
   inet 172.16.100.4/26 scope global eth0
      valid_lft forever preferred_lft forever
   inet6 fe80::a00:27ff:fe8d:c04d/64 scope link
      valid_lft forever preferred_lft forever
3: eth0.100@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
   link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
   inet 172.16.100.65/26 scope global eth0.100
      valid_lft forever preferred_lft forever

Next up

Users and Passwords