uOS 1.35 – VLAN Support over LAG Interfaces

Zyxel_Lynn

With uOS 1.35, Zyxel firewalls now support VLAN interfaces bound to Link Aggregation Groups (LAGs). This enhancement greatly improves flexibility for environments using aggregated uplinks to switches.

Previous Limitation

• Prior to firmware 1.35, VLAN interfaces could only be created on individual physical ports (GE1, GE2, etc.).
• This meant that if a firewall used LAG interfaces for uplink redundancy or higher throughput, VLAN tagging could not be directly applied.
• Customers were forced to assign VLANs only to physical ports, limiting design options for larger deployments.

New Behavior in 1.35

• VLAN interfaces can now be bound directly to a LAG interface (e.g., LAG-0).
• This allows multiple VLANs to traverse a single aggregated link, enabling designs that better match enterprise switch deployments.

Example Scenario

• A firewall uplinks to an aggregation switch using LAG0 (with members GE5 and GE6).
• VLAN 10 = Sales, VLAN 20 = Marketing.
• Both VLANs need to traverse the aggregated link.

Configuration Steps

1. Create the LAG Interface
   • Example: LAG-0 with GE5 + GE6 as members.
   • Assign base IP, e.g., 192.168.110.1.
2. Create VLAN Interfaces
   • VLAN 10 bound to LAG-0, IP = 192.168.10.1.
   • VLAN 20 bound to LAG-0, IP = 192.168.20.1.
3. Switch Configuration
   • On the aggregation switch, configure the LAG uplink as a trunk port allowing VLAN 10 and VLAN 20.

Result

• Sales devices connect via VLAN 10.
• Marketing devices connect via VLAN 20.
• Both VLANs operate seamlessly across the firewall’s LAG interface.

Key Benefits

• Scalability: Supports multiple VLANs across aggregated links.
• Redundancy: VLAN traffic benefits from LAG’s failover and load-balancing.
• Flexibility: Aligns firewall VLAN configuration with enterprise switch designs.

uOS 1.35 allows VLAN interfaces to be bound directly to LAG interfaces, making it possible to trunk multiple VLANs through aggregated uplinks between firewalls and switches.