10.4. Configure 802.1Q VLAN Tagging Using the Command Line
In Red Hat Enterprise Linux 7, the
8021q
module is loaded by default. If necessary, you can make sure that the module is loaded by issuing the following command as root
:
~]# modprobe --first-time 8021q
modprobe: ERROR: could not insert '8021q': Module already in kernel
To display information about the module, issue the following command:
~]$ modinfo 8021q
See the modprobe(8)
man page for more command options.
10.4.1. Setting Up 802.1Q VLAN Tagging Using ifcfg Files
- Configure the parent interface in
/etc/sysconfig/network-scripts/ifcfg-device_name
, where device_name is the name of the interface:DEVICE=interface_name TYPE=Ethernet BOOTPROTO=none ONBOOT=yes
- Configure the VLAN interface configuration in the
/etc/sysconfig/network-scripts/
directory. The configuration file name should be the parent interface plus a.
character plus the VLAN ID number. For example, if the VLAN ID is 192, and the parent interface is enp1s0, then the configuration file name should beifcfg-enp1s0.192
:DEVICE=enp1s0.192 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.1 PREFIX=24 NETWORK=192.168.1.0 VLAN=yes
If there is a need to configure a second VLAN, with for example, VLAN ID 193, on the same interface, enp1s0, add a new file with the nameenp1s0.193
with the VLAN configuration details. - Restart the networking service in order for the changes to take effect. As
root
issue the following command:~]#
systemctl restart network
10.4.2. Configure 802.1Q VLAN Tagging Using ip Commands
To create an 802.1Q VLAN interface on Ethernet interface enp1s0, with name VLAN8 and ID
8
, issue a command as root
as follows:
~]# ip link add link enp1s0 name enp1s0.8 type vlan id 8
To view the VLAN, issue the following command:
~]$ ip -d link show enp1s0.8
4: enp1s0.8@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 52:54:00:ce:5f:6c brd ff:ff:ff:ff:ff:ff promiscuity 0
vlan protocol 802.1Q id 8 <REORDER_HDR>
Note that the ip utility interprets the VLAN ID as a hexadecimal value if it is preceded by
0x
and as an octal value if it has a leading 0
. This means that in order to assign a VLAN ID with a decimal value of 22
, you must not add any leading zeros.
To remove the VLAN, issue a command as
root
as follows:
~]# ip link delete enp1s0.8
To use multiple interfaces belonging to multiple VLANs, create locally enp1s0.1 and enp1s0.2 with the appropriate VLAN ID on top of a physical interface enp1s0:
~]#ip link add link enp1s0 name enp1s0.1 type vlan id 1
ip link set dev enp1s0.1 up
~]#ip link add link enp1s0 name enp1s0.2 type vlan id 2
ip link set dev enp1s0.2 up
Note that running a network sniffer on a physical device, you can capture the tagged frames reaching the physical device, even if no VLAN device is configured on top of enp1s0. For example:
tcpdump -nnei enp1s0 -vvv
Note
VLAN interfaces created using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure VLAN interfaces to be persistent after a system restart, use
ifcfg
files. See Section 10.4.1, “Setting Up 802.1Q VLAN Tagging Using ifcfg Files”