Intel® Ethernet Adapters and Devices User Guide

ID Date Version Classification
705831 11/27/2024 Public
Document Table of Contents

Virtual LANs (VLANs)

Overview

The term VLAN (Virtual Local Area Network) refers to a collection of devices that communicate as if they were on the same physical LAN. Any set of ports (including all ports on the switch) can be considered a VLAN. LAN segments are not restricted by the hardware that physically connects them.

VLANs offer the ability to group computers together into logical workgroups. This can simplify network administration when connecting clients to servers that are geographically dispersed across the building, campus, or enterprise network. For example:

../../_images/vlan.gif

Typically, VLANs consist of co-workers within the same department but in different locations, groups of users running the same network protocol, or a cross-functional team working on a joint project.

By using VLANs on your network, you can:

  • Improve network performance

  • Limit broadcast storms

  • Improve LAN configuration updates (adds, moves, and changes)

  • Minimize security problems

  • Ease your management task

VLANs and Intel® Advanced Network Services (Intel® ANS)

For more information on Intel ANS, refer to Adapter Teaming.

  • Intel ANS is not supported on Microsoft Windows Server* 2016 and later.

  • Microsoft Windows* 10 is the last Windows operating system version that supports Intel ANS. Intel ANS is not supported on Microsoft Windows 11 and later.

  • You must install the latest Microsoft Windows 10 updates before you can create Intel ANS Teams or VLANs on Windows 10 systems. Any Intel ANS Teams or VLANs created with a previous software/driver release on a Windows 10 system will be corrupted and cannot be upgraded. The installer will remove these existing teams and VLANs.

  • Intel ANS VLANs are not compatible with Microsoft’s Load Balancing and Failover (LBFO) teams. Intel® PROSet will block a member of an LBFO team from being added to an Intel ANS VLAN. You should not add a port that is already part of an Intel ANS VLAN to an LBFO team, as this may cause system instability.

Other Considerations

  • Configuring SR-IOV for improved network security: In a virtualized environment, on Intel® Server Adapters that support SR-IOV, the virtual function (VF) may be subject to malicious behavior. Software-generated layer two frames, like IEEE 802.3x (link flow control), IEEE 802.1Qbb (priority based flow-control), and others of this type, are not expected and can throttle traffic between the host and the virtual switch, reducing performance. To resolve this issue, and to ensure isolation from unintended traffic streams, configure all SR-IOV enabled ports for VLAN tagging from the administrative interface on the PF. This configuration allows unexpected, and potentially malicious, frames to be dropped.

  • The VF is not aware of the VLAN configuration if you use LBFO to configure VLANs in a Windows guest. VLANs configured using LBFO on a VF driver may result in failure to pass traffic. You must use Windows Hyper-V on the host to configure VLANs on a Windows guest.

  • Intel ANS VLANs are not compatible with the Microsoft Hyper-V virtual machine switch. If you want to bind the virtual machine switch to a VLAN, you must create the VLAN from within the Virtual Switch Manager.

  • To set up IEEE VLAN membership (multiple VLANs), the adapter must be attached to a switch with IEEE 802.1Q VLAN capability.

  • A maximum of 64 VLANs per network port or team are supported by Intel software.

  • Intel ANS VLANs can co-exist with Intel ANS teams (if the adapter supports both). If you do this, the team must be defined first, then you can set up your VLAN.

  • You can set up only one untagged VLAN per adapter or team. You must have at least one tagged VLAN before you can set up an untagged VLAN.

  • Jumbo Frames are not supported over Intel ANS VLANs under Microsoft Windows 10.

Note:

When using IEEE 802 VLANs, settings must match between the switch and those adapters using the VLANs.

Configuring VLANs in Microsoft Windows

Using Windows PowerShell*

To add a VLAN, use the Add-IntelNetVLAN cmdlet. For example:

Add-IntelNetVLAN -ParentName "Name" -VLANID "1"

To remove a VLAN, use the Remove-IntelNetVLAN cmdlet. For example:

Remove-IntelNetVLAN -ParentName "Name" -VLANID "1"

Using Intel® PROSet Adapter Configuration Utility (Intel® PROSet ACU)

On the Teaming/VLANs tab, use the VLANs panel.

Using Intel® PROSet for Windows* Device Manager

This setting is found on the VLANs tab of the device’s Device Manager property sheet.

Note:

Do not use the Network Connections dialog box to enable or disable VLANs. Otherwise, the VLAN driver may not be correctly enabled or disabled.

Note:
  • The VLAN ID keyword is supported. The VLAN ID must match the VLAN ID configured on the switch. Adapters with VLANs must be connected to network devices that support IEEE 802.1Q.

  • In most environments, a maximum of 64 VLANs per network port or team are supported by Intel ANS.

  • Intel ANS VLANs are not supported on adapters and teams that have VMQ enabled. However, VLAN filtering with VMQ is supported via the Microsoft Hyper-V VLAN interface. For more information, see Using Intel Network Adapters in a Microsoft* Hyper-V* Environment.

  • You can have different VLAN tags on a child partition and its parent. Those settings are separate from one another, and can be different or the same. The only instance where the VLAN tag on the parent and child MUST be the same is if you want the parent and child partitions to be able to communicate with each other through that VLAN. For more information, see Using Intel Network Adapters in a Microsoft* Hyper-V* Environment.