test

System Administration Guide: IP Services

Configuring VLANs in Solaris 10 3/05 ONLY

Note –

This section contains information on configuring VLANs for users of the Solaris 10 3/05 OS only. If you are using an update to Oracle Solaris 10, refer to Administering Virtual Local Area Networks.

Virtual local area networks (VLANs) are commonly used to split up groups of network users into manageable broadcast domains, to create logical segmentation of work groups, and to enforce security policies among each logical segment. With multiple VLANs on an adapter, a server with a single adapter can have a logical presence on multiple IP subnets. By default, 512 VLANs can be defined for each VLAN-aware adapter on your server.

If your network does not require multiple VLANs, you can use the default configuration, in which case no further configuration is necessary.

For an overview of VLANs, refer to Overview of VLAN Topology.

VLANs can be created according to various criteria, but each VLAN must be assigned a VLAN tag or VLAN ID (VID). The VID is a 12-bit identifier between 1 and 4094 that identifies a unique VLAN. For each network interface (for example, ce0, ce1, ce2, and so on) 512 possible VLANs can be created. Because IP subnets are commonly used, use IP subnets when setting up a VLAN network interface. This means that each VID assigned to a VLAN interface of a physical network interface belongs to different subnets.

Tagging an Ethernet frame requires the addition of a tag header to the frame. The header is inserted immediately following the destination MAC address and the source MAC address. The tag header consists of two bytes of the Ethernet Tag Protocol Identifier (TPID, 0x8100) and two bytes of Tag Control Information (TCI). The following figure shows the Ethernet Tag Header format.

Figure 5–4 Ethernet Tag Header Format

The figure shows the layout of the Ethernet tag header, as described in the previous context.

ProcedureHow To Configure Static VLANs in Solaris 10 3/05 ONLY

Note –

This procedure contains information on configuring VLANs for users of the Solaris 10 3/05 OS only. If you are using an update to Oracle Solaris 10, refer to How to Configure a VLAN

  1. Assume the Primary Administrator role, or become superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Determine the type of interfaces in use on your system.

    The network adapter on your system might not be referred to by the letters ce, which is required for a VLAN.


    # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4>
mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2
        inet 129.156.200.77 netmask ffffff00 broadcast
129.156.200.255

  3. Create one hostname.cenum file (hostname6.cenum file for IPv6) for each VLAN that will be configured for each adapter on the server.

    Use the following naming format that includes both the VID and the physical point of attachment (PPA):

    VLAN logical PPA = 1000 * VID + Device PPA ce123000 = 1000*123 + 0

    For example: hostname.ce123000

    VLAN logical PPA = 1000 * VID + Device PPA ce11000 = 1000*11 + 0

    For example: hostname.ce11000

    This format limits the maximum number of PPAs (instances) you can configure to 1000 in the /etc/path_to_inst file.

    For example, on a server with the Sun Gigabit Ethernet/P 3.0 adapter having an instance of 0, that belongs to two VLANs with VIDs 123 and 224, you would use ce123000 and ce224000, respectively, as the two VLAN PPAs.

  4. Configure a VLAN virtual device:

    For example, you could use the following examples of ifconfig:


    # ifconfig ce123000 plumb up
# ifconfig ce224000 plumb up

    The output of ifconfig -a on a system with VLAN devices ce123000 and ce224000 should resemble the following:


    # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 129.144.131.91 netmask ffffff00 broadcast 129.144.131.255
        ether 8:0:20:a4:4f:b8 
ce123000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 199.199.123.3 netmask ffffff00 broadcast 199.199.123.255
        ether 8:0:20:a4:4f:b8 
ce224000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
        inet 199.199.224.3 netmask ffffff00 broadcast 199.199.224.255
        ether 8:0:20:a4:4f:b8

  5. On the switch, set VLAN tagging and VLAN ports to coincide with the VLANs you have set up on the server.

    Using the examples in Step 4, you would set up VLAN ports 123 and 224 on the switch or VLAN ports 10 and 11.

    Refer to the documentation that came with your switch for specific instructions for setting VLAN tagging and ports.