FreeBSD VLAN Configuration

How do I configure VLAN under FreeBSD operating system?

A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices.

ADVERTISEMENTS

FreeBSD VLANs Configuration using ifconfig Command

To create a new VLAN interface, enter:
# ifconfig {vlan-name} create
To associate the VLAN interface with a physical interface and assign a VLAN ID, IP address, and netmask:
# ifconfig {vlan-name} {ip-address} netmask {subnet-mask} vlan {vlan-id} vlandev {physical-interface}
The following examples, all packets will be marked on egress with 802.1Q VLAN tags, specifying a VLAN ID of 5:
# ifconfig vlan5 10.0.0.1 netmask 255.255.255.0 vlan 5 vlandev em0
To remove a VLAN interface, enter:
# ifconfig {vlan-name} destroy

Persistence VLAN Configuration

To make configuration persistence, open /etc/rc.conf:
# vi /etc/rc.conf
Append / modify as follows:

cloned_interfaces="vlan0"
ifconfig_vlan0="inet x.x.x.x netmask y.y.y.y vlan 2 vlandev em0"

Fuhrer readings:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • Macs R We Feb 15, 2009 @ 1:59

    Having tried these commands, it appears that what they achieve is to configure a VLAN server connection (if that is an accurate term). I came here hoping to find a shell command set that would let me connect to an existing external VLAN a a client — in other words, the command-line equivalent of defining a “VPN (PPTP)” connection in Internet Connect and connecting to it. Background: I monitor a WISP LAN from off the physical LAN, using a VPN connection to gain access to the LAN IP addresses. I need to have the VPN automatically connected at startup, plus devise a watchdog that will re-establish it when it drops. For that, I need the shell-command equivalent of the “Connect” button in Internet Connect.

    • Robin Garen Aaberg Jan 27, 2012 @ 11:26

      Hei Macs R we.
      VPN and Vlans are different concepts. VLAN is virtual LAN, or virtual broadcast domains. If you have a switch with some ports on vlan 1 and others on vlan 2 that setup is equivalent to having two physical switches.

      VPN is Virtual Private Network, and is a tunneling concept that lets you be in a network through another network. All encrypted so it wont be eavesdropped. To look for vpn configuration on free BSD, search for VPN or virtual Private Network. Not Vlan.

      Best regards
      Robin
      Communica (http://komsys.org)

  • Ted Apr 18, 2009 @ 18:02

    Just a heads up – there’s a minor typo – on the second line, you’re missing a space between vlan and 5
    ifconfig vlan5 10.0.0.1 netmask 255.255.255.0 vlan5 vlandev em0
    should be
    ifconfig vlan5 10.0.0.1 netmask 255.255.255.0 vlan 5 vlandev em0

  • 🐧 nixCraft Jun 21, 2009 @ 15:53

    @Ted ,

    Thanks for the heads-up.

  • Corebug Mar 14, 2011 @ 11:31

    It’s also possible to do so in rc.conf:

    cloned_interfaces=” vlan666 ”
    ifconfig_vlan2551=”inet 172.16.0.1/30 vlan 666 vlandev em0 name SOME-VLAN-NAME”

    And it really helps to understand which vlan is connected to what.

  • Andrew Mar 27, 2016 @ 21:29

    Is there a way to set a ‘default VLAN’ i.e what VLAN should be assumed for frames arriving on an interface that dont have a VLAN tag set?

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.