Categories
Uncategorized

How to create VLAN interface using the ip utility

I have already described how to create VLAN interface, but things have changed over time, so I decided to update the know-how.

Ad hoc solution

Add VLAN 700 to the eth1 device.

$ sudo ip link add link eth1 name eth1.700 type vlan id 700

Display network devices.

$ ip -details link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 minmtu 0 maxmtu 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 46 maxmtu 16110 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:fa:4b:19 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 46 maxmtu 16110 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
4: eth1.700@eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 08:00:27:fa:4b:19 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 700 <REORDER_HDR> addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

It is not necessary, but you can disable IPv6 on this particular VLAN interface.

$ sudo sysctl -w net.ipv6.conf.eth1/700.disable_ipv6=1
net.ipv6.conf.eth1/700.disable_ipv6 = 1

Add an IPv4 address.

$ sudo ip addr add 10.100.10.77/24 dev eth1.700

Bring VLAN interface up.

$ sudo ip link set dev eth1.700 up

Confirm that created network interface is UP, uses correct VLAN number and desired IPv4 address.

$ ip -detail addr show eth1.700
4: eth1.700@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:fa:4b:19 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 700 <REORDER_HDR> numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 10.100.10.77/24 scope global eth1.700
       valid_lft forever preferred_lft forever

Now you can access other hosts available in VLAN 700.

$ ping -c 1 10.100.10.1
PING 10.100.10.1 (10.100.10.1) 56(84) bytes of data.
64 bytes from 10.100.10.1: icmp_seq=1 ttl=64 time=0.323 ms
--- 10.100.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.323/0.323/0.323/0.000 ms

To remove VLAN 700 from the eth1 interface execute the following command.

$ sudo ip link delete eth1.700

Permanent solution

To create VLAN at the boot time you need to get familiar with /etc/network/interfaces configuration file (man interfaces).

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet static
      address 192.168.50.201
      netmask 255.255.255.0

To create VLAN 700 on the eth1 interface at the boot time just add the following configuration.

# add vlan 700 on eth1 - static IP address
auto eth1.700
iface eth1.700 inet static
      address 10.100.10.77
      netmask 255.255.255.0
      pre-up sysctl -w net.ipv6.conf.eth1/700.disable_ipv6=1

These interfaces will be brought up in the order in which they were listed.

Additional notes

Bye-bye binary vconfig(1)

fake-vconfig by Andrej Shadura

Debian Bug report logs – #501402 – vlan: vconfig deprecated