Skip to main content

Configure VLANs over physical ports

Contributors netapp-aoife netapp-aherbin netapp-barbe netapp-ahibbard netapp-thomi netapp-dbagwell
PDFs

You can use VLANs in ONTAP to provide logical segmentation of networks by creating separate broadcast domains that are defined on a switch port basis as opposed to the traditional broadcast domains, defined on physical boundaries.

A VLAN can span multiple physical network segments. The end-stations belonging to a VLAN are related by function or application.

For example, end-stations in a VLAN might be grouped by departments, such as engineering and accounting, or by projects, such as release1 and release2. Because physical proximity of the end- stations is not essential in a VLAN, you can disperse the end-stations geographically and still contain the broadcast domain in a switched network.

In ONTAP 9.13.1 and 9.14.1, untagged ports that are unutilized by any Logical Interfaces (LIFs) and lack native VLAN connectivity on the connected switch are marked as degraded. This is to help identify unused ports and does not indicate an outage. Native VLANs allow untagged traffic on the ifgrp base port, such as ONTAP CFM broadcasts. Configure native VLANs on the switch to prevent blocking untagged traffic.

You can manage VLANs by creating, deleting, or displaying information about them.

Note You should not create a VLAN on a network interface with the same identifier as the native VLAN of the switch. For example, if the network interface e0b is on native VLAN 10, you should not create a VLAN e0b-10 on that interface.

Create a VLAN

You can create a VLAN for maintaining separate broadcast domains within the same network domain by using System Manager or the network port vlan create command.

Before you begin

Confirm that the following requirements have been met:

  • The switches deployed in the network must either comply with IEEE 802.1Q standards or have a vendor-specific implementation of VLANs.

  • For supporting multiple VLANs, an end-station must be statically configured to belong to one or more VLANs.

  • The VLAN is not attached to a port hosting a cluster LIF.

  • The VLAN is not attached to ports assigned to the Cluster IPspace.

  • The VLAN is not created on an interface group port that contains no member ports.

About this task

Creating a VLAN attaches the VLAN to the network port on a specified node in a cluster.

When you configure a VLAN over a port for the first time, the port might go down, resulting in a temporary disconnection of the network. Subsequent VLAN additions to the same port do not affect the port state.

Note You should not create a VLAN on a network interface with the same identifier as the native VLAN of the switch. For example, if the network interface e0b is on native VLAN 10, you should not create a VLAN e0b-10 on that interface.

The procedure you follow depends on the interface that you use—​System Manager or the CLI:

System Manager

Use System Manager to create a VLAN

Beginning with ONTAP 9.12.0, you can automatically select the broadcast domain or manually select on from the list. Previously, broadcast domains were always automatically selected based on layer 2 connectivity. If you manually select a broadcast domain, a warning appears indicating that manually selecting a broadcast domain could result in loss of connectivity.

Steps

  1. Select Network > Ethernet port > + VLAN.

  2. Select the node from the drop-down list.

  3. Choose from the following:

    1. ONTAP to Automatically select broadcast domain (recommended).

    2. To manually select a broadcast domain from the list.

  4. Select the ports to form the VLAN.

  5. Specify the VLAN ID.

  6. Save your changes.

CLI

Use the CLI to create a VLAN

In certain circumstances, if you want to create the VLAN port on a degraded port without correcting the hardware issue or any software misconfiguration, then you can set the -ignore-health-status parameter of the network port modify command as true.

Steps

  1. Use the network port vlan create command to create a VLAN.

  2. You must specify either the vlan-name or the port and vlan-id options when creating a VLAN.
    The VLAN name is a combination of the name of the port (or interface group) and the network switch VLAN identifier, with a hyphen in between. For example, e0c-24 and e1c-80 are valid VLAN names.

The following example shows how to create a VLAN e1c-80 attached to network port e1c on the node cluster-1-01:

network port vlan create -node cluster-1-01 -vlan-name e1c-80

Beginning with ONTAP 9.8, VLANs are automatically placed into appropriate broadcast domains about one minute after their creation. If you do not want ONTAP to do this, and prefer to manually place the VLAN into a broadcast domain, then specify the -skip-broadcast-domain-placement parameter as part of the vlan create command.

For more information about this command, see the ONTAP command reference.

Edit a VLAN

You can change the broadcast domain or disable a VLAN.

Use System Manager to edit a VLAN

Beginning with ONTAP 9.12.0, you can automatically select the broadcast domain or manually select on from the list. Previously broadcast domains were always automatically selected based on layer 2 connectivity. If you manually select a broadcast domain, a warning appears indicating that manually selecting a broadcast domain could result in loss of connectivity.

Steps

  1. Select Network > Ethernet port > VLAN.

  2. Select the edit icon.

  3. Do one of the following:

    • Change the broadcast domain by selecting a different one from the list.

    • Clear the Enabled check box.

  4. Save your changes.

Delete a VLAN

You might have to delete a VLAN before removing a NIC from its slot. When you delete a VLAN, it is automatically removed from all of the failover rules and groups that use it.

Before you begin

Make sure there are no LIFs associated with the VLAN.

About this task

Deletion of the last VLAN from a port might cause a temporary disconnection of the network from the port.

The procedure you follow depends on the interface that you use—​System Manager or the CLI:

System Manager

Use System Manager to delete a VLAN

Steps

  1. Select Network > Ethernet port > VLAN.

  2. Select the VLAN you want to remove.

  3. Click Delete.

CLI

Use the CLI to delete a VLAN

Step

Use the network port vlan delete command to delete a VLAN.

The following example shows how to delete VLAN e1c-80 from network port e1c on the node cluster-1-01:

network port vlan delete -node cluster-1-01 -vlan-name e1c-80