HowTo: Configure Linux Virtual Local Area Network (VLAN)

VLAN is an acronym for Virtual Local Area Network. Several VLANs can co-exist on a single physical switch, which are configured via Linux software and not through hardware interface (you still need to configure actual hardware switch too).

Hubs or switch connects all nodes in a LAN and node can communicate without a router. For example, all nodes in LAN A can communicate with each other without the need for a router. If a node from LAN A wants to communicate with LAN B node, you need to use a router. Therefore, each LAN (A, B, C and so on) are separated using a router.

Advertisement

VLAN as a name suggest combine multiple LANs at once. But, what are the advantages of VLAN?

  • Performance.
  • Ease of management.
  • Security.
  • Trunks.
  • VLANs give you the ability to sub-divide a LAN for security purpose.
  • You don’t have to configure any hardware device, when physically moving server computer to another location and more.

Fundamental discussion about VLAN or switches is beyond the scope of this blog post. I suggest the following textbooks:

A note about your LAN hardware

  1. To be able to use VLANs you will need a switch that support the IEEE 802.1q standard on an Ethernet network.
  2. You will also need a NIC (Network Interface Card) that works with Linux and support 802.1q standard .

Linux VLAN configuration issues

I am lucky enough to get a couple of hints from our internal wiki:

  • Not all network drivers support VLAN. You may need to patch your driver.
  • MTU may be another problem. VLAN works by tagging each frame i.e. an Ethernet header extension that enlarges the header from 14 to 18 bytes. The VLAN tag contains the VLAN ID and priority.
  • Do not use VLAN ID 1 as it may be used for admin purpose.

Enough talk, let’s get to the Linux VLAN configurations.

Setting up 802.1q VLAN tagging by loading 8021q Linux kernel driver

First, make sure that the Linux kernel driver (module) called 8021q is loaded:
# lsmod | grep 8021q
If the module is not loaded, load it with the following modprobe command:
# modprobe 8021q

Method #1: CentOS/RHLE/Fedora Linux VLAN HowTo

I am using RHEL/CentOS Linux with VLAN ID # 5. So I need to copy file /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0.5
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.5
Now, I’ve one network card (eth0) and it needs to tagged network traffic for VLAN ID 5.

  • eth0 – Your regular network interface
  • eth0.5 – Your virtual interface that use untagged frames

Do not modify /etc/sysconfig/network-scripts/ifcfg-eth0 file. Now open file /etc/sysconfig/network-scripts/ifcfg-eth0.5 using a text editor such as vi, type:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0.5
Find DEVICE=eth0 line and replace with:
DEVICE=eth0.5
Also, append the following line:
VLAN=yes
Make sure you assign correct IP address using DHCP or static IP. Remove gateway entry from all other network config files. Only add gateway to /etc/sysconfig/network file. This whole configuration may sound complicated. So I am including sample configurations files for you:

/etc/sysconfig/network-scripts/ifcfg-eth0.5 file

# VLAN configuration for my eth0  with ID - 5 #
DEVICE=eth0.5
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.5
NETMASK=255.255.255.0
USERCTL=no
NETWORK=192.168.1.0
VLAN=yes

/etc/sysconfig/network-scripts/ifcfg-eth0 file

# Actual configuration for my eth0 physical interface ##
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes

Finally, restart networking service on a CentOS/RHEL/Fedora Linux, type:
# /etc/init.d/network restart
OR
# service network restart

NOTE: If you need a second VLAN i.e. you need to configure for VLAN ID 2 then copy the /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0.2 and do the above procedure again.

Method #2: Using the vconfig command

Above method is perfect and works with a Red hat Enterprise Linux / CentOS / Fedora Linux without any problem. However, you will notice that there is a command called vconfig. The vconfig program allows you to create and remove vlan-devices on a vlan enabled kernel. Vlan-devices are virtual Ethernet devices which represents the virtual lans on the physical lan. This is yet another method of configuring VLAN. To add VLAN ID 5 with following command for eth0 interface:
# vconfig add eth0 5
The vconfig add command creates a vlan-device on eth0 which result into eth0.5 interface. You can use normal ifconfig command to see device information:
# ifconfig eth0.5
Use ifconfig command to assign IP address to vlan interfere:
# ifconfig eth0.5 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 up
To get detailed information about VLAN interface, type:
# cat /proc/net/vlan/eth0.5
If you wish to delete VLAN interface use delete command as follows:
# ifconfig eth0.5 down
# vconfig rem eth0.5

See for more information on syntax and examples.

Method #3: Create the VLAN device using the ip command

Use the ip command as follows for the interface eth0, and the vlan id is 5:
# ip link add link eth0 name eth0.5 type vlan id 5
# ip link
# ip -d link show eth0.5

You need to activate and add an IP address to vlan link, type:
# ip addr add 192.168.1.200/24 brd 192.168.1.255 dev eth0.5
# ip link set dev eth0.5 up

All traffic will go through the eth0 interface bith with a BLAN tag 5. Only VLAN aware devices can accept the traffic, otherwise the traffic is dropped.

How can I remove VLAN ID 5?

Type the following commands
# ip link set dev eth0.5 down
# ip link delete eth0.5

How do I make above VLAN configuration permanent on a Debian or Ubuntu based system?

Edit the /etc/network/interfaces file, enter:
$ sudo vi /etc/network/interfaces
Update configuration as follows:

## vlan for eth0 with ID - 5 on a Debian/Ubuntu Linux##
auto eth0.5
iface eth0.5 inet static
    address 192.168.1.200
    netmask 255.255.255.0
    vlan-raw-device eth0

Save and close the file.

See also
  • Man pages –

# Additional correction by John T and others; Editing by VG – log #

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

56 comments… add one
  • Garvit Feb 10, 2012 @ 19:24

    Very helpful information.
    Working fine 🙂

  • Bipin Apr 22, 2012 @ 9:45

    You need to add the following line inside the VLAN interface.

    TYPE=Ethernet

    Otherwise the physical switch cannot understand the VLAN through its handshake.

  • yikee Apr 27, 2012 @ 2:51

    Hi, If i would like to create few VLAN in 1 PC with different ID and let others PC connect to it?? It is possible?? How others PC connect to the VLAN that i created??

  • yikee Apr 27, 2012 @ 3:29

    Hi, How i detect whether others Pc already connected to the VLAN that i had created??

  • anil May 30, 2012 @ 11:25

    Hi all
    please send me steps about “Nagios Quick-start” configuration on fedora OS …

    Thanks

  • John Nelson Oct 4, 2012 @ 16:18

    Instructions for setting up, under CentOS, a virtual interface that will tag it’s packets for VLAN(x) work as advertised.. Thanks for sharing.

  • Ben Watson Jun 10, 2013 @ 8:20

    A fantastic tutorial. The vconfig utility works perfectly for me – thank you very much.

  • anonymous IT person Jul 8, 2013 @ 15:10

    This all sounds pretty good so far. I use the dhcpd.conf file on Centos to assign static IP addresses to the different devices.. Will I be able to do the same thing on a VLAN setup? Will I be able to assign the vlan IP addresses to their respective devices?

  • Manoz Karmacharya Feb 17, 2014 @ 16:49

    I used vconfig to add VlAN to CentOS 6.5. But in every reboot, all the vlan configuration gets erased.

  • Joe Dakine Feb 26, 2014 @ 23:54

    You have an error in your ifcfg-eth0.5 config file:
    What you have: DEVICE=ifcfg-eth0.5
    What is should be: DEVICE=eth0.5

    • NIX Craft Feb 27, 2014 @ 8:56

      Thanks for the heads up. The blog post has been updated.

  • Artimis Nov 17, 2014 @ 4:57

    Thanks for your post.
    The method #2 is temporary and it’s like adding route because after restarting the server, it will be deleted and must be added again. right?

  • sachin Nov 24, 2014 @ 1:00

    Can this be used if i want to plumb different segment IP’s as virtual IP addresses under same single NIC. If not, suggest how the communication can be achieved between these?

    For e.g
    eth0 192.X.X.108/27
    eth0:0 192.X.X.110/27
    eth0:1 10.X.X.X/24
    eth0:2 10.X.X.X/24

  • vijay Jan 9, 2017 @ 17:32

    Hi nixCraft, I am facing vlan config problem. Please help me!!!

    Here is my set-up:
    -> Installed OS (rhel7) on my hp server
    -> Hp server contain 4 Physical NIC cards. (eno1, eno2, eno3 & eno4)
    -> I bonded eno2 & eno3 and created bond0
    -> Now I created vlans from bond0 (bond0.100, bond0.200 & bond0.300)
    -> I renamed these vlan’s to bond0.100 -> eth0 / bond0.200 -> eth1 & bond0.300 -> eth2
    -> I assigned 172.17.1.2 series to eth0 vlan / 172.16.1.2 series to eth1 vlan
    -> Now I created bridges (eth0br, eth1br & eth3br)
    -> Now I mapped each one (eth0 -> eth0br / eth1-> eth1br / eth2 -> eth2br)
    -> Now I created VM
    -> I got eth0, eth1 and eth2 on the VM side
    -> I assigned eth0 to 172.17.1.100 and for eth1 to 172.16.1.100
    -> But when I ping from 172.17.1.2, I’m getting Host Unreachable error

    Please let me know what I’m doing wrong here

    Thanks
    -Vijay

  • Dongju Ko Feb 22, 2017 @ 1:22

    Hello. I am a student who studies Ethernet communication.
    I have a question about VLAN support.
    Even if a device does not have Ethernet switch which support 802.1Q, is it possible to implement VLAN by using Linux?

    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.