VLAN

Add the VLAN with the following command:

# ip link add link eth0 name eth0.100 type vlan id 100

Run to confirm that it has been created.

This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, eth0) but with a VLAN tag. Only VLAN-aware devices can accept them if configured correctly, else the traffic is dropped.

Using a name like eth0.100 is just convention and not enforced; you can alternatively use or something descriptive like . To see the VLAN ID on an interface, in case you used an unconventional name:

# ip -d link show eth0.100

The flag shows full details of an interface:

# ip -d addr show
4: eth0.100@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
   link/ether 96:4a:9c:84:36:51 brd ff:ff:ff:ff:ff:ff promiscuity 0 
   vlan protocol 802.1Q id 100 <REORDER_HDR> 
   inet6 fe80::944a:9cff:fe84:3651/64 scope link 
      valid_lft forever preferred_lft forever

Now add an IPv4 address to the just created VLAN link, and activate the link:

# ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
# ip link set dev eth0.100 up

To cleanly shut down the setting before you remove the link, you can do:

Removing a VLAN interface is significantly less convoluted

# ip link delete eth0.100

Use the following configuration files (Remember they are case sensitive!):

You will have to have associated .network files for each .netdev to handle addressing and routing. For example, to set the eth0.100 interface with a static IP and the eth0.200 interface with DHCP (but ignoring the supplied default route), use:

Then enable . See systemd-networkd for details.

Each vlan gets its own routing table and a RoutingPolicyRule that specifies which source ip addresses this routing applies to.

/etc/systemd/network/''eth0.network''

[Match]
Name=eth0

[Network]
VLAN=eth0.10
VLAN=eth0.11
DNS=192.168.100.101
DNS=192.168.100.102

Use ip route list table. E.g.:

Similar to above, you are just going to stack more of the concepts in place. You will want to ensure that you have got a bond set up in your switch and also make sure its a trunk with tagged vlans corresponding to what you create below. Convention would be to create a bond interface with the name , however there is a known issue where the module, when loaded, creates a bond device of the name which systemd then refuses to configure (as systemd tries to respectfully leave alone any device it did not create).

For the purposes of this write up, we are going to use and you can make the choice yourself.

First, we create the bond device:

Now create a .network directive that references the vlans and interface carriers. In this case we will use the convention for a dual port fiber module:

We are using the vlan<number> naming convention here, you can use something else but realize that this is a named reference so you will have to have a corresponding set of files with the same name.

We will now set up the physical network interfaces:

At this time you could reboot, and likely should, because the bonded interface is created at boot time. Restarting systemd-networkd will consume changes from these files typically, but device creation seems to occur at startup.

We will now set up the VLANs. You should be aware that having multiple VLANs can result in a situation where your machine has multiple default routes, so you will need to specify a Destination directive in the network directives to ensure that only one VLAN is being used for a default route. In this case we will use the VLAN with an ID of 10 as our default route.

Now create the associated network directive to set an address:

/etc/systemd/network/''vlan10''.network

[Match]
Name=vlan10

[Network]
VLAN=vlan10

[Address]
Address=10.10.10.2/24

[Route]
Destination=0.0.0.0/0
Gateway=10.10.10.1

We will create a similar pair of files for the VLAN with an ID of 20:

/etc/systemd/network/''vlan20''.netdev

[NetDev]
Name=vlan20
Kind=vlan

[VLAN]
Id=20

And again for the VLAN with an ID of 30:

Note that the Destination on is set to , which will match all outbound, becoming the default route.

You can use netctl for this purpose, see the self-explanatory example profiles in {{ic|/etc/netctl/examples/vlan-{dhcp,static} }}.

Sometimes you might want to configure the bridge ip on which docker operates, for example when the default ip clashes with other ip addresses in the network. Docker has a straight forward way of setting the (bridge IP) via the . When this file does not exist yet you can create it.

An annoyance is that udev may try to rename virtual devices as they are added, thus ignoring the name configured for them (in this case eth0.100).

For instance, if the following commands are issued: This could generate the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: rename1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

udev has ignored the configured virtual interface name eth0.100 and autonamed it rename1.

The solution is to edit and append DRIVERS=="?*" to the end of the physical interface's configuration line.

For example, for the interface aa:bb:cc:dd:ee:ff (eth0):

/etc/udev/rules.d/network_persistent.rules

SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0", DRIVERS=="?*"

A reboot should mean that VLANs configure correctly with the names assigned to them.