Skip to content
Rogue Arena Docs

Creating VLANs

VLANs are the foundation of your scenario’s network topology. Each VLAN represents an isolated network segment that contains one or more virtual machines.

Adding a VLAN

Section titled “Adding a VLAN”
  1. Find the Networks section in the left sidebar
  2. Drag a VLAN onto the canvas
  3. A configuration panel opens on the right — give your VLAN a unique nickname
  4. Click Save

The VLAN appears as a container on the canvas. You’ll drop machines into it in the next step.

VLAN Settings

Section titled “VLAN Settings”

Basic Settings

Section titled “Basic Settings”
  • VLAN Nickname — A unique, descriptive name for this network segment (e.g., “Corporate LAN”, “DMZ”, “Attacker Network”)

Advanced Settings

Section titled “Advanced Settings”

Toggle Advanced Settings to configure networking details. If you leave these at their defaults, Rogue Architect will assign sensible values automatically.

Network Configuration

Section titled “Network Configuration”
  • VLAN Address — The network address in CIDR notation (e.g., 192.168.1.0/24). Must be the network address ending in .0, not a host address.
  • VLAN Gateway — The gateway IP for this network segment

DNS Configuration

Section titled “DNS Configuration”
  • DNS Forwarding Targets — Forward DNS requests for specific domains to designated IP addresses. This is useful for forwarding domain FQDNs to Domain Controllers or setting up DNS-based C2 channels.
  • Static Host Mappings — Map specific FQDNs directly to IP addresses. These mappings apply canvas-wide, not just within this VLAN.

DHCP Configuration

Section titled “DHCP Configuration”
  • Provide DHCP — Enable or disable DHCP for this VLAN
  • DHCP Start Range — First IP address in the DHCP pool
  • DHCP End Range — Last IP address in the DHCP pool

Connecting VLANs

Section titled “Connecting VLANs”

To allow traffic to flow between VLANs, you need to connect them:

  1. Hover over a VLAN’s connection handle (the dot on the edge of the container)
  2. Click and drag to another VLAN
  3. Release to create the connection

A connection line appears between the two VLANs. By default, connections allow all traffic. Click the connection line to configure firewall rules that restrict traffic between the networks.

Firewall Rules

Section titled “Firewall Rules”

After connecting two VLANs, you can define firewall rules on the connection:

  • Click the connection line between two VLANs
  • A configuration panel opens where you can add allow/deny rules
  • Rules are bidirectional — they apply to traffic in both directions

The connection line shows a status indicator: full allow (all traffic permitted) or mixed (custom rules applied).

Cloning

Section titled “Cloning”

Right-click a VLAN to clone it along with all of its machines and their plugin configurations. This is useful when you need multiple similar network segments (e.g., multiple team environments).