Debian - How to create VLAN interface

VLAN (virtual local area network) is very useful concept as you can easily separate device management from users by using appropriate network devices and configuration. I will describe here in a form of a short note how to create VLAN interface using Debian system.


Install user mode programs to enable VLANs on your ethernet devices:

$ sudo apt-get install vlan

Load 8021q module (IEEE 802.1Q):

$ sudo modprobe 8021q

To load 8021q module at the boot time add it to the /etc/modules file:

$ sudo echo 8021q >> /etc/modules
$ cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
# Parameters can be specified after the module name.


Temporary solution

Create VLAN 700 on the eth0 device:

$ sudo vconfig add eth0 700
Added VLAN with VID == 700 to IF -:eth0:-

Set IP address ( netmask in this example):

$ sudo ifconfig eth0.700

Created interface is named as eth0.700:

$ sudo ifconfig -a
eth0      Link encap:Ethernet  HWaddr 84:8f:69:b0:fa:0a  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.700  Link encap:Ethernet  HWaddr 84:8f:69:b0:fa:0a  
          inet addr:  Bcast:  Mask:
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:11 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:884 (884.0 B)  TX bytes:3158 (3.0 KiB)

Now you can access other hosts available in VLAN 700:

$ ping -c 1
PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=64 time=1.28 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.282/1.282/1.282/0.000 ms

To remove VLAN 700 from the eth0 interface execute command:

$ sudo vconfig rem eth0.700
Removed VLAN -:eth0.700:-

Permanent solution

To create VLAN at the boot time you need to get familiar with /etc/network/interfaces configuration file (man interfaces, man vlan-interfaces).

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

To create VLAN 700 on the eth0 interface at the boot time just add similar configuration:

# add vlan 700 on eth0 - static IP address
auto eth0.700
iface eth0.700 inet static
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a system administrator working for a successful Polish company and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland