Before You Begin
This procedure assumes that the zones are already created on the system. For information about zone configuration, refer to Chapter 1, How to Plan and Configure Non-Global Zones, in Creating and Using Oracle Solaris Zones .
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
# dladm show-link
# dladm create-vlan -l link -v vid VLAN-link
Specifies the link on which the VLAN interface is being created.
Indicates the VLAN ID number.
Specifies the name of the VLAN, which can also be a meaningful custom name. For information about VLAN names, see Assigning VLAN Names.
# dladm show-vlan
# ipadm create-ip interface
where interface provides the VLAN name.
# ipadm create-addr -a address interface
This example shows how to create the VLAN configuration that is illustrated in Figure 3–1.
Check the available links and create the VLANs over the specific links.
# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 up --
Host A:
# dladm create-vlan -l net0 -v 123 infotech0
Host C:
# dladm create-vlan -l net0 -v 123 infotech0
Host F:
# dladm create-vlan -l net0 -v 456 humres0
Host B:
# dladm create-vlan -l net0 -v 456 humres0
Host D:
# dladm create-vlan -l net0 -v 789 acctg0
Host E:
# dladm create-vlan -l net0 -v 789 acctg0
Display the VLANs created.
# dladm show-vlan LINK VID OVER FLAGS infotech0 123 net0 ---- infotech0 123 net0 ---- humres0 456 net0 ---- humres0 456 net0 ---- acctg0 789 net0 ---- acctg0 789 net0 ----
This example shows how to create the VLAN configuration that is illustrated in Figure 3–3. This example assumes that you have already configured different zones in the system. For more information about configuring zones, see Creating and Using Oracle Solaris Zones .
Check the available links that can be used for configuring VLANs and then create the VLANs over the specific links.
global# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 up -- global# dladm create-vlan -l net0 -v 111 web1 global# dladm create-vlan -l net0 -v 112 auth1 global# dladm create-vlan -l net0 -v 113 app1 global# dladm create-vlan -l net1 -v 111 web2 global# dladm create-vlan -l net1 -v 112 auth2 global# dladm create-vlan -l net1 -v 113 app2 global# dladm create-vlan -l net2 -v 111 web3 global# dladm create-vlan -l net2 -v 112 auth3 global# dladm show-vlan LINK VID OVER FLAGS web1 111 net0 ---- auth1 112 net0 ---- app1 113 net0 ---- web2 111 net1 ---- auth2 112 net1 ---- app2 113 net1 ---- web3 111 net2 ---- auth3 113 net2 ----
When link information is displayed, the VLANs are included in the list.
global# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 up -- web1 vlan 1500 up net0 auth1 vlan 1500 up net0 app1 vlan 1500 up net0 web2 vlan 1500 up net1 auth2 vlan 1500 up net1 app2 vlan 1500 up net1 web3 vlan 1500 up net2 auth3 vlan 1500 up net2
Assign the VLANs to their respective zones and display information for each zone similar to the following:
global# zonecfg -z webzone1 info net net: address not specified physical: web1 net: address not specified physical: web2 net: address not specified physical: web3 global# zonecfg -z authzone1 info net net: address not specified physical: auth1 net: address not specified physical: auth2 net: address not specified physical: auth3 global# zonecfg -z appzone2 info net net: address not specified physical: app1 net: address not specified physical: app2
The value of the property physical indicates the VLAN that is set for the given zone.
Display the assigned VLANs in the zones.
global# dladm show-vlan LINK VID OVER FLAGS webzone1/web1 111 net0 -- authzone1/auth1 112 net0 -- appzone1/app1 113 net0 -- webzone1/web2 111 net1 -- authzone1/auth2 112 net1 -- appzone1/app2 113 net1 -- webzone1/web3 111 net2 -- authzone2/auth3 111 net2 --
Log in to each non-global zone to configure the VLAN with an IP address.
In webzone1:
webzone1# ipadm create-ip web1 webzone1# ipadm create-addr -a 10.1.111.0/24 web1 ipadm: web1/v4
In webzone2:
webzone2# ipadm create-ip web2 webzone2# ipadm create-addr -a 10.1.111.1/24 web2 ipadm: web2/v4
In webzone3:
webzone3# ipadm create-ip web3 webzone3# ipadm create-addr -a 10.1.111.2/24 web3 ipadm: web3/v4
In authzone1:
authzone1# ipadm create-ip auth1 authzone1# ipadm create-addr -a 10.1.112.0/24 auth1 ipadm: auth1/v4
In authzone2:
authzone2# ipadm create-ip auth2 autzone2# ipadm create-addr -a 10.1.112.1/24 auth2 ipadm: auth2/v4
In authzone3:
authzone3# ipadm create-ip auth3 authzone3# ipadm create-addr -a 10.1.112.2/24 auth3 ipadm: auth3/v4
In appzone1:
appzone1# ipadm create-ip app1 appzone1# ipadm create-addr -a 10.1.113.0/24 app1 ipadm: app1/v4
In appzone2:
appzone2# ipadm create-ip app2 appzone2# ipadm create-addr -a 10.1.113.1/24 app2 ipadm: app2/v4
After all the VLANs have been configured with IP addresses, the configuration is complete. The three VLANs are operative and can host traffic for their respective zones.