10.3. Configure 802.1Q VLAN Tagging Using the Command Line Tool, nmcli
To view the available interfaces on the system, issue a command as follows:
~]$Note that the NAME field in the output always denotes the connection ID. It is not the interface name even though it might look the same. The ID can be used in
nmcli con showNAME UUID TYPE DEVICE System enp2s0 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 802-3-ethernet enp2s0 System enp1s0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet enp1s0
nmcli connectioncommands to identify a connection. Use the DEVICE name with other applications such as
To create an 802.1Q VLAN interface on Ethernet interface enp1s0, with VLAN interface VLAN10 and ID
10, issue a command as follows:
~]$Note that as no
nmcli con add type vlan ifname VLAN10 dev enp1s0 id 10Connection 'vlan-VLAN10' (37750b4a-8ef5-40e6-be9b-4fb21a4b6d17) successfully added.
con-namewas given for the VLAN interface, the name was derived from the interface name by prepending the type. Alternatively, specify a name with the
con-nameoption as follows:
nmcli con add type vlan con-name VLAN12 dev enp1s0 id 12Connection 'VLAN12' (b796c16a-9f5f-441c-835c-f594d40e6533) successfully added.
Assigning Addresses to VLAN Interfaces
You can use the same nmcli commands to assign static and dynamic interface addresses as with any other interface.
For example, a command to create a VLAN interface with a static
IPv4address and gateway is as follows:
nmcli con add type vlan con-name VLAN20 dev enp1s0 id 20 ip4 10.10.10.10/24 \
To create a VLAN interface with dynamically assigned addressing, issue a command as follows:
nmcli con add type vlan con-name VLAN30 dev enp1s0 id 30
See Section 3.3.6, “Connecting to a Network Using nmcli” for examples of using nmcli commands to configure interfaces.
To review the VLAN interfaces created, issue a command as follows:
nmcli con showNAME UUID TYPE DEVICE VLAN12 4129a37d-4feb-4be5-ac17-14a193821755 vlan enp1s0.12 System enp2s0 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 802-3-ethernet enp2s0 System enp1s0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet enp1s0 vlan-VLAN10 1be91581-11c2-461a-b40d-893d42fed4f4 vlan VLAN10
To view detailed information about the newly configured connection, issue a command as follows:
nmcli -p con show VLAN12=============================================================================== Connection profile details (VLAN12) =============================================================================== connection.id: VLAN12 connection.uuid: 4129a37d-4feb-4be5-ac17-14a193821755 connection.interface-name: -- connection.type: vlan connection.autoconnect: yes … ------------------------------------------------------------------------------- 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: yes 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.mac-address-blacklist: 802-3-ethernet.mtu: auto … vlan.interface-name: -- vlan.parent: enp1s0 vlan.id: 12 vlan.flags: 0 (NONE) vlan.ingress-priority-map: vlan.egress-priority-map: ------------------------------------------------------------------------------- =============================================================================== Activate connection details (4129a37d-4feb-4be5-ac17-14a193821755) =============================================================================== GENERAL.NAME: VLAN12 GENERAL.UUID: 4129a37d-4feb-4be5-ac17-14a193821755 GENERAL.DEVICES: enp1s0.12 GENERAL.STATE: activating [output truncated]
Further options for the VLAN command are listed in the VLAN section of the
nmcli(1)man page. In the man pages the device on which the VLAN is created is referred to as the parent device. In the example above the device was specified by its interface name,
enp1s0, it can also be specified by the connection UUID or MAC address.
To create an 802.1Q VLAN connection profile with ingress priority mapping on Ethernet interface enp2s0, with name VLAN1 and ID
13, issue a command as follows:
nmcli con add type vlan con-name VLAN1 dev enp2s0 id 13 ingress "2:3,3:5"
To view all the parameters associated with the VLAN created above, issue a command as follows:
nmcli connection show vlan-VLAN10
To change the MTU, issue a command as follows:
~]$The MTU setting determines the maximum size of the network layer packet. The maximum size of the payload the link-layer frame can carry in turn limits the network layer MTU. For standard Ethernet frames this means an MTU of 1500 bytes. It should not be necessary to change the MTU when setting up a VLAN as the link-layer header is increased in size by 4 bytes to accommodate the 802.1Q tag.
nmcli connection modify vlan-VLAN10 802.mtu 1496
At time of writing,
vlan.interface-namehave to be the same (if they are set). They must therefore be changed simultaneously using nmcli's interactive mode. To change a VLAN connections name, issue commands as follows:
nmcli con edit vlan-VLAN10nmcli>
set vlan.interface-name superVLANnmcli>
set connection.interface-name superVLANnmcli>
The nmcli utility can be used to set and clear
ioctlflags which change the way the 802.1Q code functions. The following VLAN flags are supported by NetworkManager:
The state of the VLAN is synchronized to the state of the parent or master interface (the interface or device on which the VLAN is created). If the parent interface is set to the “down” administrative state then all associated VLANs are set down and all routes are flushed from the routing table. Flag
- 0x01 - reordering of output packet headers
- 0x02 - use GVRP protocol
- 0x04 - loose binding of the interface and its master
0x04enables a loose binding mode, in which only the operational state is passed from the parent to the associated VLANs, but the VLAN device state is not changed.
To set a VLAN flag, issue a command as follows:
nmcli connection modify vlan-VLAN10 vlan.flags 1
See Section 3.3, “Configuring IP Networking with nmcli” for an introduction to nmcli.