≡ Menu

FreeBSD VLAN Configuration

How do I configure VLAN under FreeBSD operating system?

A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices.

FreeBSD VLANs Configuration using ifconfig Command

To create a new VLAN interface, enter:
# ifconfig {vlan-name} create
To associate the VLAN interface with a physical interface and assign a VLAN ID, IP address, and netmask:
# ifconfig {vlan-name} {ip-address} netmask {subnet-mask} vlan {vlan-id} vlandev {physical-interface}
The following examples, all packets will be marked on egress with 802.1Q VLAN tags, specifying a VLAN ID of 5:
# ifconfig vlan5 netmask vlan 5 vlandev em0
To remove a VLAN interface, enter:
# ifconfig {vlan-name} destroy

Persistence VLAN Configuration

To make configuration persistence, open /etc/rc.conf:
# vi /etc/rc.conf
Append / modify as follows:

ifconfig_vlan0="inet x.x.x.x netmask y.y.y.y vlan 2 vlandev em0"

Fuhrer readings:

Share this tutorial on:

Like this? Follow us on Twitter OR support us by using Patreon

{ 6 comments… add one }
  • Macs R We February 15, 2009, 1:59 am

    Having tried these commands, it appears that what they achieve is to configure a VLAN server connection (if that is an accurate term). I came here hoping to find a shell command set that would let me connect to an existing external VLAN a a client — in other words, the command-line equivalent of defining a “VPN (PPTP)” connection in Internet Connect and connecting to it. Background: I monitor a WISP LAN from off the physical LAN, using a VPN connection to gain access to the LAN IP addresses. I need to have the VPN automatically connected at startup, plus devise a watchdog that will re-establish it when it drops. For that, I need the shell-command equivalent of the “Connect” button in Internet Connect.

    • Robin Garen Aaberg January 27, 2012, 11:26 am

      Hei Macs R we.
      VPN and Vlans are different concepts. VLAN is virtual LAN, or virtual broadcast domains. If you have a switch with some ports on vlan 1 and others on vlan 2 that setup is equivalent to having two physical switches.

      VPN is Virtual Private Network, and is a tunneling concept that lets you be in a network through another network. All encrypted so it wont be eavesdropped. To look for vpn configuration on free BSD, search for VPN or virtual Private Network. Not Vlan.

      Best regards
      Communica (http://komsys.org)

  • Ted April 18, 2009, 6:02 pm

    Just a heads up – there’s a minor typo – on the second line, you’re missing a space between vlan and 5
    ifconfig vlan5 netmask vlan5 vlandev em0
    should be
    ifconfig vlan5 netmask vlan 5 vlandev em0

  • nixCraft June 21, 2009, 3:53 pm

    @Ted ,

    Thanks for the heads-up.

  • Corebug March 14, 2011, 11:31 am

    It’s also possible to do so in rc.conf:

    cloned_interfaces=” vlan666 ”
    ifconfig_vlan2551=”inet vlan 666 vlandev em0 name SOME-VLAN-NAME”

    And it really helps to understand which vlan is connected to what.

  • Andrew March 27, 2016, 9:29 pm

    Is there a way to set a ‘default VLAN’ i.e what VLAN should be assumed for frames arriving on an interface that dont have a VLAN tag set?

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,