Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

10.4. Configure 802.1Q VLAN Tagging Using the Command Line

In Red Hat Enterprise Linux 7, the 8021q module is loaded by default. If necessary, you can make sure that the module is loaded by issuing the following command as root:
~]# modprobe --first-time 8021q
modprobe: ERROR: could not insert '8021q': Module already in kernel
To display information about the module, issue the following command:
~]$ modinfo 8021q
See the modprobe(8) man page for more command options.

10.4.1. Setting Up 802.1Q VLAN Tagging Using ifcfg Files

  1. Configure the parent interface in /etc/sysconfig/network-scripts/ifcfg-device_name, where device_name is the name of the interface:
    DEVICE=interface_name
    TYPE=Ethernet
    BOOTPROTO=none
    ONBOOT=yes
  2. Configure the VLAN interface configuration in the /etc/sysconfig/network-scripts/ directory. The configuration file name should be the parent interface plus a . character plus the VLAN ID number. For example, if the VLAN ID is 192, and the parent interface is enp1s0, then the configuration file name should be ifcfg-enp1s0.192:
    DEVICE=enp1s0.192
    BOOTPROTO=none
    ONBOOT=yes
    IPADDR=192.168.1.1
    PREFIX=24
    NETWORK=192.168.1.0
    VLAN=yes
    If there is a need to configure a second VLAN, with for example, VLAN ID 193, on the same interface, enp1s0, add a new file with the name enp1s0.193 with the VLAN configuration details.
  3. Restart the networking service in order for the changes to take effect. As root issue the following command:
    ~]# systemctl restart network

10.4.2. Configure 802.1Q VLAN Tagging Using ip Commands

To create an 802.1Q VLAN interface on Ethernet interface enp1s0, with name VLAN8 and ID 8, issue a command as root as follows:
~]# ip link add link enp1s0 name enp1s0.8 type vlan id 8
To view the VLAN, issue the following command:
~]$ ip -d link show enp1s0.8
4: enp1s0.8@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
     link/ether 52:54:00:ce:5f:6c brd ff:ff:ff:ff:ff:ff promiscuity 0
     vlan protocol 802.1Q id 8 <REORDER_HDR>
Note that the ip utility interprets the VLAN ID as a hexadecimal value if it is preceded by 0x and as an octal value if it has a leading 0. This means that in order to assign a VLAN ID with a decimal value of 22, you must not add any leading zeros.
To remove the VLAN, issue a command as root as follows:
~]# ip link delete enp1s0.8
To use multiple interfaces belonging to multiple VLANs, create locally enp1s0.1 and enp1s0.2 with the appropriate VLAN ID on top of a physical interface enp1s0:
~]# ip link add link enp1s0 name enp1s0.1 type vlan id 1
    ip link set dev enp1s0.1 up
~]# ip link add link enp1s0 name enp1s0.2 type vlan id 2
    ip link set dev enp1s0.2 up
Note that running a network sniffer on a physical device, you can capture the tagged frames reaching the physical device, even if no VLAN device is configured on top of enp1s0. For example:
tcpdump -nnei enp1s0 -vvv

Note

VLAN interfaces created using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure VLAN interfaces to be persistent after a system restart, use ifcfg files. See Section 10.4.1, “Setting Up 802.1Q VLAN Tagging Using ifcfg Files”