Network
VLAN
This page applies to:
- HAProxy ALOHA - all versions
An HAProxy ALOHA network interface may be connected to a switch interface through a VLAN trunk link. You can then create a VLAN interface on the HAProxy ALOHA instance to route traffic over the relevant VLAN. For example, you might isolate your application’s traffic onto a VLAN for better security, or to reduce network traffic and improve performance.

This feature is based on the VLAN tagging capability.
Create a VLAN interface Jump to heading
To create a VLAN interface, you have to add a new service network configuration section. You can do this either through the UI or through the Network Management CLI. The new VLAN interface will apply to an existing, physical network interface, such as eth1.
A physical network interface can support both its own IP configuration (untagged network) and one or more VLAN (tagged) interfaces. Traffic with a VLAN tag matching a defined VLAN goes to that VLAN, and traffic without a VLAN tag goes to the untagged network.
The untagged network does not serve as a default destination for tagged traffic that does not match any of the defined VLANs. HAProxy ALOHA will drop tagged traffic that does not match a defined VLAN.
Use the UI Jump to heading
To add the VLAN interface via the HAProxy ALOHA UI:
- 
In the Services tab, click network setup to display the current configuration of your network interfaces.  
- 
Add a directive to create a new VLAN interface. The syntax is as follows: service network eth<id>.<vlanid>service network eth<id>.<vlanid>You can use a portion of your address space for VLAN traffic. Below, we define two networks, one for untagged, non-VLAN traffic and one for traffic tagged for VLAN 100. Traffic having any other tag is dropped. This should match the settings on your network switch. service network eth1 ip address 172.16.100.4/25 service network eth1.100 ip address 172.16.100.131/25service network eth1 ip address 172.16.100.4/25 service network eth1.100 ip address 172.16.100.131/25You can also use the entire address space for VLANs. In the example below, we create VLANs 100,200,300, and400on interfaceeth1:service network eth1.100 ip address 172.16.100.4/26 service network eth1.200 ip address 172.16.100.67/26 service network eth1.300 ip address 172.16.100.131/26 service network eth1.400 ip address 172.16.100.195/26service network eth1.100 ip address 172.16.100.4/26 service network eth1.200 ip address 172.16.100.67/26 service network eth1.300 ip address 172.16.100.131/26 service network eth1.400 ip address 172.16.100.195/26
- 
Click OK and Close to return to the Services tab. 
- 
Apply the configuration: - If you just created the VLAN interface, click Restart on the network line.
- If you just updated an existing VLAN interface, click Reload.
 Version > 16.0 In versions greater than 16.0, click the Apply new configuration button on the network line to apply the changes and automatically restart the network interface service. You can manage IP configuration and VRRP settings in the same way as for a physical interface. 
- 
To make your changes persistent after a reboot, click the Setup tab. Then click Save under Configuration. 
Use the Network Management CLI Jump to heading
This section applies to:
- HAProxy ALOHA 16.5 and newer
To add the VLAN interface via the Network Management CLI:
- 
If you have not already done so, install the Network Management CLI. 
- 
Go to the Tools tab and click Launch terminal. 
- 
Use the netctl connection showcommand to show existing connection profiles. From the output, get theIDto use in subsequent commands.nixsudo netctl connection shownixsudo netctl connection showoutputtextID UUID TYPE DEVICEethernet-eth0 b6a82f6f-3fdd-467f-b2a1-9e343ba66288 ethernet eth0ethernet-eth1 8805fda9-b1a7-4d5c-bd83-615ceb9e9fdd ethernet eth1outputtextID UUID TYPE DEVICEethernet-eth0 b6a82f6f-3fdd-467f-b2a1-9e343ba66288 ethernet eth0ethernet-eth1 8805fda9-b1a7-4d5c-bd83-615ceb9e9fdd ethernet eth1
- 
Using the connection profile’s ID, modify your existing network interface to use only a portion of the IP address space so that VLAN traffic can use another portion. Use thenetctl connection modifyandnetctl connection upcommands. The IP range should match the settings on your network switch.nixsudo netctl connection modify ethernet-eth1 \ipv4.method manual \ipv4.addresses 172.16.100.4/25sudo netctl connection up ethernet-eth1nixsudo netctl connection modify ethernet-eth1 \ipv4.method manual \ipv4.addresses 172.16.100.4/25sudo netctl connection up ethernet-eth1outputtext# Stopping network[eth1] ...==> stop network[eth1] : Done.# Starting network[eth1] ...==> start network[eth1] : Done.==> load ip config network[eth1] : Done.Connection successfully activatedoutputtext# Stopping network[eth1] ...==> stop network[eth1] : Done.# Starting network[eth1] ...==> start network[eth1] : Done.==> load ip config network[eth1] : Done.Connection successfully activated
- 
You can use a portion of your address space for VLAN traffic. Below, we use the netctl connection addandnetctl connection upcommands to define an interface for traffic tagged for VLAN 100. Traffic having any other tag is dropped.nixsudo netctl connection add connection.type vlan \connection.id vlan-100 \vlan.id 100 \vlan.parent eth1 \ipv4.addresses 172.16.100.131/25sudo netctl connection up vlan-100nixsudo netctl connection add connection.type vlan \connection.id vlan-100 \vlan.id 100 \vlan.parent eth1 \ipv4.addresses 172.16.100.131/25sudo netctl connection up vlan-100outputtextWarning: service/instance not found in /var/state/network.rc, using default values.# Stopping network[eth1.100] ...==> stop network[eth1.100] : Done.# Starting network[eth1.100] ...==> start network[eth1.100] : Done.==> load ip config network[eth1.100] : Done.Connection successfully activatedoutputtextWarning: service/instance not found in /var/state/network.rc, using default values.# Stopping network[eth1.100] ...==> stop network[eth1.100] : Done.# Starting network[eth1.100] ...==> start network[eth1.100] : Done.==> load ip config network[eth1.100] : Done.Connection successfully activated
- 
Save the configuration to make your changes persistent after a reboot: nixsudo config savenixsudo config save
Verify the VLAN interface Jump to heading
The VLAN interface should have been assigned to the physical interface, for example, VLAN 100 on physical interface eth1. To check this, use the ip command to verify that the MAC addresses (the link/ether value) for the physical interface and its VLAN network are the same.
Below, we verify that the MAC addresses are the same on eth1 and eth1.100. Both show matching link/ether values of 08:00:27:8d:c0:4d.
nix
nix
outputtext
outputtext
See also Jump to heading
- You can also configure VLANs using the HAProxy Data Plane API. For details, see VLANs.
Do you have any suggestions on how we can improve the content of this page?