Chapter 17. Configuring VLAN tagging

This section describes how to configure Virtual Local Area Network (VLAN). A VLAN is a logical network within a physical network. The VLAN interface tags packets with the VLAN ID as they pass through the interface, and removes tags of returning packets.

You create a VLAN interface on top of another interface, such as an Ethernet, bond, team, or bridge device. This interface is called the parent interface.

17.1. Configuring VLAN tagging using nmcli commands

This section describes how to configure Virtual Local Area Network (VLAN) tagging using the nmcli utility.

Prerequisites

The interface you plan to use as a parent to the virtual VLAN interface supports VLAN tags.
If you configure the VLAN on top of a bond interface:
- The slaves of the bond are up.
- The bond is not configured with the fail_over_mac=follow option. A VLAN virtual device cannot change its MAC address to match the parent’s new MAC address. In such a case, the traffic would still be sent with the then incorrect source MAC address.
The switch the host is connected to is configured to support VLAN tags. For details, see the documentation of your switch.

Procedure

Display the network interfaces:

# nmcli device status
DEVICE   TYPE      STATE         CONNECTION
enp1s0   ethernet  disconnected  enp1s0
bridge0  bridge    connected     bridge0
bond0    bond      connected     bond0
...

Create the VLAN interface. For example, to create a VLAN interface named vlan10 that uses enp1s0 as its parent interface and that tags packets with VLAN ID 10, enter:
```
# nmcli connection add type vlan con-name vlan10 ifname vlan10 vlan.parent enp1s0 vlan.id 10
```
Note that the VLAN must be within the range from 0 to 4094.
By default, the VLAN connection inherits the maximum transmission unit (MTU) from the parent interface. Optionally, set a different MTU value:
```
# nmcli connection modify vlan10 802-3-ethernet.mtu 2000
```

Configure the IP settings of the VLAN device. Skip this step if you want to use this VLAN device as a slave of other devices.

Configure the IPv4 settings. For example, to set a static IPv4 address, network mask, default gateway, and DNS server to the vlan10 connection, enter:

# nmcli connection modify vlan10 ipv4.addresses '192.0.2.1/24'
# nmcli connection modify vlan10 ipv4.gateway '192.0.2.254'
# nmcli connection modify vlan10 ipv4.dns '192.0.2.253'
# nmcli connection modify vlan10 ipv4.method manual

Configure the IPv6 settings. For example, to set a static IPv6 address, network mask, default gateway, and DNS server to the vlan10 connection, enter:

# nmcli connection modify vlan10 ipv6.addresses '2001:db8:1::1/32'
# nmcli connection modify vlan10 ipv6.gateway '2001:db8:1::fffe'
# nmcli connection modify vlan10 ipv6.dns '2001:db8:1::fffd'
# nmcli connection modify vlan10 ipv6.method manual

Activate the connection:
```
# nmcli connection up vlan10
```

Verification steps

Verify the settings:

# ip -d addr show vlan10
4: vlan10@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:d5:e0:fb brd ff:ff:ff:ff:ff:ff promiscuity 0
    vlan protocol 802.1Q id 10 <REORDER_HDR> numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.0.2.1/24 brd 192.0.2.255 scope global noprefixroute vlan10
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1::1/32 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::8dd7:9030:6f8e:89e6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Additional resources

For more information on testing connections, see Chapter 36, Testing basic network settings.
For nmcli examples, see the nmcli-examples(7) man page.
For all vlan properties you can set, see the vlan setting section in the nm-settings(5) man page.

17.2. Configuring VLAN tagging using nm-connection-editor

This section describes how to configure Virtual Local Area Network (VLAN) tagging using the nm-connection-editor application.

Prerequisites

The interface you plan to use as a parent to the virtual VLAN interface supports VLAN tags.
If you configure the VLAN on top of a bond interface:
- The slaves of the bond are up.
- The bond is not configured with the fail_over_mac=follow option. A VLAN virtual device cannot change its MAC address to match the parent’s new MAC address. In such a case, the traffic would still be sent with the then incorrect source MAC address.
The switch the host is connected to is configured to support VLAN tags. For details, see the documentation of your switch.

Procedure

Open a terminal, and enter nm-connection-editor:
```
$ nm-connection-editor
```
Click the + button to add a new connection.
Select the VLAN connection type, and click Create.
On the VLAN tab:
1. Select the parent interface.
2. Select the VLAN id. Note that the VLAN must be within the range from 0 to 4094.
3. By default, the VLAN connection inherits the maximum transmission unit (MTU) from the parent interface. Optionally, set a different MTU value.
4. Optionally, set the name of the VLAN interface and further VLAN-specific options.
Configure the IP settings of the VLAN device. Skip this step if you want to use this VLAN device as a slave of other devices.
1. On the IPv4 Settings tab, configure the IPv4 settings. For example, set a static IPv4 address, network mask, default gateway, and DNS server:
2. On the IPv6 Settings tab, configure the IPv6 settings. For example, set a static IPv6 address, network mask, default gateway, and DNS server:
Click Save to save the VLAN connection.
Close nm-connection-editor.

Verification steps

Verify the settings:

# ip -d addr show vlan10
4: vlan10@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:d5:e0:fb brd ff:ff:ff:ff:ff:ff promiscuity 0
    vlan protocol 802.1Q id 10 <REORDER_HDR> numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.0.2.1/24 brd 192.0.2.255 scope global noprefixroute vlan10
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1::1/32 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::8dd7:9030:6f8e:89e6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Additional resources

For more information on testing connections, see Chapter 36, Testing basic network settings.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Chapter 17. Configuring VLAN tagging

17.1. Configuring VLAN tagging using nmcli commands

17.2. Configuring VLAN tagging using nm-connection-editor