In this detailed tutorial, we are going to learn what VLAN tagging is, its advantages and use cases, and how to configure VLAN tagging in Linux operating system.
Configuring VLAN tagging in Linux involves creating virtual LANs, assigning VLAN IDs, and configuring IP addresses as needed. We will see how to do that in three different ways in the upcoming sections. But before that, let us understand what is VLAN tagging, its advantages and modes.
Table of Contents
Virtual LAN (VLAN) tagging is a networking technology that allows you to logically divide a physical network into multiple virtual networks, or VLANs.
VLAN tagging adds a special tag to the Ethernet frames at the data link layer (Layer 2) to identify which VLAN a particular frame belongs to. This tagging enables you to segregate network traffic and improve network security, efficiency, and manageability.
To put this in layman terms, Imagine you have a big house with many rooms, and you want to divide the house into different sections for different purposes.
For example, you might have a living room for everyone to hang out in, a kitchen for cooking, a bedroom for sleeping, and a bathroom for taking baths.
In a similar way, VLAN tagging is like dividing a large computer network into smaller, more manageable sections. It's like creating virtual rooms within your house.
Each VLAN is like a separate room, and devices within the same VLAN can communicate with each other easily, but devices in different VLANs cannot communicate directly.
VLAN tagging is a powerful networking technology that can help to improve network security, performance, and flexibility. It is a widely used technology in a variety of networks, from small businesses to large enterprises.
Why would you want to do this? There are several reasons:
Here are some examples of how VLANs are used in real-world networks:
VLAN tagging is not exactly the same as assigning multiple IP addresses to a single network interface.
VLAN tagging is a way of dividing a single network into multiple virtual networks, each with its own broadcast domain. This is done by adding a VLAN tag to each Ethernet frame, which identifies the VLAN to which the frame belongs. VLAN tagging is a Layer 2 technology, which means that it operates at the same level as the Ethernet protocol.
Assigning multiple IP addresses to a single network interface, on the other hand, is a Layer 3 technology. This is done by configuring the network interface with multiple IP addresses, each of which belongs to a different subnet. This allows the interface to communicate with devices on multiple networks.
The two technologies are often used together to create a secure and flexible network environment. For example, a company might use VLANs to divide its network into different departments, and then assign multiple IP addresses to each network interface to allow devices to communicate with multiple departments.
Here is a table that summarizes the key differences between VLAN tagging and assigning multiple IP addresses to a single network interface:
![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243427474549.png)
After completing these steps, the VLAN module should be loaded and available for configuring VLANs on your Linux system. You can proceed with creating VLAN sub-interfaces and configuring VLAN tagging as needed.
Netplan configuration files are typically located in the /etc/netplan/ directory and end with a .yaml extension.
You may already have a configuration file there. If not, you can create one. Use a text editor, such as nano or vim, to edit the configuration file:
$ sudo nano /etc/netplan/01-netcfg.yaml
Replace 01-netcfg.yaml with your own configuration file.
In the Netplan configuration file, define the VLAN interface by specifying its name, parent interface (the physical interface that the VLAN will be associated with), and the VLAN ID.
Here's an example YAML configuration:
network:
version: 2
renderer: networkd
ethernets:
ens18:
dhcp4: no
addresses:
- 192.168.1.40/24
routes:
- to: default
via: 192.168.1.101
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
vlans:
vlan10:
id: 10
link: ens18
addresses: [192.168.10.2/24]In the above configuration file, replace the network settings that matches to your own configuration.
You can also define multiple VLANs as shown in the following configuration. Just make sure you have used an unique name and IP address for each VLAN.
![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243427528193.png)
Important:
Proper line indentation in Netplan YAML configuration files is crucial for readability and correctness. YAML uses spaces to represent data structure, so consistent and clear indentation is essential.
Save the changes to the Netplan configuration file and exit the text editor. Then, apply the configuration using the netplan command:
$ sudo netplan apply
This command will apply the new network configuration, including the VLAN setup.
You can verify that the VLAN interface has been created and is functioning correctly using the ip command:
$ ip addr show vlan10 $ ip link show vlan10
Replace 'vlan10' with your VLAN interface name. These commands should display information about the VLAN interface and its IP configuration.
![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243427792846.png)
That's it! You have configured VLAN tagging using Netplan. Make sure to adapt the configuration to your specific network setup, including the VLAN ID, IP address, and physical interface name as needed.
To delete a VLAN interface, simply remove the corresponding section for the vlan in the Netplan configuration file.
It's a good practice to make a backup of the Netplan configuration file before making changes. This way, if anything goes wrong, you can easily revert to the original configuration.
$ sudo cp /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.backup
Now, open the Netplan configuration file with a text editor:
$ sudo nano /etc/netplan/01-netcfg.yaml
Locate the section for the VLAN you want to delete. It will be a subsection under vlans: and will look something like this:
vlans:
vlan10:
id: 10
link: eth0
addresses: [192.168.10.2/24]Remove the entire section for the VLAN. Save and close the file.
Apply the changes by running:
$ sudo netplan apply
Ensure that the VLAN has been successfully removed by checking your network interfaces:
$ ip a
The VLAN interface (e.g., vlan10) should no longer be listed.
To configure VLAN tagging with nmcli (NetworkManager Command-Line Interface) on a Linux system, follow these steps:
To verify if the VLAN module (8021q) is loaded in Linux, you can use the lsmod command, which lists loaded kernel modules. Here's how to check if the VLAN module is loaded:
Open a terminal and run the following command:
$ lsmod | grep 8021q
If the VLAN module is loaded, you will see output that includes "8021q." If you don't see any output, it means the module is not loaded.
If you find that the VLAN module is not loaded, you can load it manually using the modprobe command:
$ sudo modprobe 8021q
After running this command, you can check its status again using lsmod | grep 8021q. If it's loaded, you'll see the module listed in the output.
To make the VLAN module (8021q) load persistently during system boot on a Linux system, you can follow these steps:
Determine which configuration file is used to specify modules for automatic loading during system boot. The location of this file can vary based on your Linux distribution.
For Red Hat/CentOS:
The file is typically /etc/modules-load.d/modules.conf.
For Ubuntu/Debian:
Create a custom .conf file in the /etc/modules-load.d/ directory.
Open the configuration file using a text editor with administrative privileges (e.g., sudo nano or sudo vi).
In the configuration file, add a line to specify the VLAN module (8021q) that you want to load at boot. For example:
8021q
Save the file after adding this entry.
Apply the Configuration:
After editing the configuration file, you may need to apply the changes. On some systems, this is done automatically during boot. However, you can manually apply the changes using the systemctl command:
For Red Hat/CentOS:
$ sudo systemctl restart systemd-modules-load
For Ubuntu/Debian:
$ sudo systemctl restart systemd-modules-load.service
Verify the Module Loading:
To ensure that the VLAN module is loaded at boot, you can check its status using the lsmod command or verify the system logs for any related messages.
$ lsmod | grep 8021q
If the module is listed in the output, it means it was loaded successfully during the boot process.
By following these steps and configuring the VLAN module to load persistently, you ensure that the module is automatically loaded each time the system boots up, and you won't need to load it manually.
Ensure that NetworkManager is installed and running on your system. You can check the status of NetworkManager using the following command:
$ systemctl status NetworkManager
If it's not installed or running, you can install and start it using your distribution's package manager (e.g., apt on Debian/Ubuntu or yum on CentOS/RHEL).
Identify the physical network interface that you will use as the base for your VLAN. You can list all available network interfaces using the following command:
$ nmcli device status
Sample Output:
DEVICE TYPE STATE CONNECTION ens18 ethernet connected Wired connection 1 lo loopback unmanaged --
Look for the interface that you want to use, such as ens18.
Next, you create a VLAN interface. For this example, let's assume you want to create a VLAN with ID 10 on eth0.
$ sudo nmcli con add type vlan con-name vlan10 ifname vlan10 dev ens18 id 10
Now, assign an IP address, gateway, and DNS to the VLAN interface.
For example:
$ sudo nmcli connection modify vlan10 ipv4.addresses 192.168.10.2/24 $ sudo nmcli connection modify vlan10 ipv4.gateway 192.168.10.1 $ sudo nmcli connection modify vlan10 ipv4.dns 8.8.8.8 $ sudo nmcli connection modify vlan10 ipv4.method manual
In the above commands, replace the network settings with your own.
Activate the VLAN connection using the following command:
$ sudo nmcli connection up vlan10
Replace VLAN10 with the name of your VLAN connection.
You can use nmcli to verify the configuration:
$ nmcli connection show vlan10
This command will display details about the VLAN connection, including its status and configured properties.
![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243427853977.png)
You can modify settings using nmcli con modify command. To delete the VLAN. for example vlan10, the command would be:
$ sudo nmcli con delete vlan10
That's it! You have configured VLAN tagging using nmcli on your Linux system. Be sure to adapt the configuration to your specific network setup and requirements, including IP addresses, gateway, and DNS settings.
To ensure that the VLAN module (802.1Q) is loaded on your Linux system, you can follow these steps:
To check whether the VLAN module is already loaded, you can use the lsmod command, which lists loaded kernel modules. Open a terminal and run:
$ lsmod | grep 8021q
Sample Output:
8021q 45056 0 garp 20480 1 8021q mrp 20480 1 8021q
If you see output that includes "8021q," it means the VLAN module is already loaded.
If the lsmod command doesn't show the 802.1Q module, you can load it manually using the modprobe command. Open a terminal and run:
$ sudo modprobe 8021q
This command will load the VLAN module into the kernel. If you don't see any error messages, the module should be successfully loaded.
To ensure that the VLAN module is loaded automatically at boot time, you can add it to the /etc/modules file or create a configuration file in the /etc/modules-load.d/ directory. For example, to add it to /etc/modules, run:
$ echo '8021q' | sudo tee -a /etc/modules
This will add "8021q" to the list of modules that are automatically loaded during system startup.
Before configuring VLAN tagging, you should find the names of the network interfaces.
You can use the ip link show or ifconfig commands to list the available network interfaces. Typically, these interfaces have names like enp0sX or, ensX or, ethX.
$ ip link show
Sample Output:
1: lo: <loopback> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: <strong><mark>ens18</mark></strong>: <broadcast> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 6e:26:0b:8e:33:8c brd ff:ff:ff:ff:ff:ff
altname enp0s18</broadcast></loopback>As you see in the output above, there is one network interfaces named ens18.
Use the ip command to create VLAN sub-interfaces for your physical network interface. Replace with the name of your physical interface (e.g., ens18) and with the desired VLAN ID.
$ sudo ip link add link ens18 name vlan10 type vlan id 10
$ sudo ip link add link ens18 name vlan20 type vlan id 20
Assign IP addresses to the VLAN sub-interfaces.
$ sudo ip addr add 192.168.10.2/24 dev vlan10
$ sudo ip addr add 192.168.20.2/24 dev vlan20
$ sudo ip link set dev vlan10 up
$ sudo ip link set dev vlan20 up
![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243428010611.png)
Similarly, you can configure as many as VLANs you require for your setup.
Use the ip command to verify if the IP addresses for the VLANs are configured correctly.
$ ip a
1: lo: <loopback> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <broadcast> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 6e:26:0b:8e:33:8c brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 192.168.1.40/24 brd 192.168.1.255 scope global noprefixroute ens18
valid_lft forever preferred_lft forever
inet6 fe80::bfcf:b9d3:60de:af1b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: <strong><mark>vlan10@ens18</mark></strong>: <broadcast> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 6e:26:0b:8e:33:8c brd ff:ff:ff:ff:ff:ff
inet <strong><mark>192.168.10.2/24</mark></strong> scope global ens18.10
valid_lft forever preferred_lft forever
inet6 fe80::6c26:bff:fe8e:338c/64 scope link
valid_lft forever preferred_lft forever
4: <strong><mark>vlan20@ens18</mark></strong>: <broadcast> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 6e:26:0b:8e:33:8c brd ff:ff:ff:ff:ff:ff
inet <strong><mark>192.168.20.2/24</mark></strong> scope global ens18.20
valid_lft forever preferred_lft forever
inet6 fe80::6c26:bff:fe8e:338c/64 scope link
valid_lft forever preferred_lft forever</broadcast></broadcast></broadcast></loopback>As you see in the above output, I have created two VLANs namely vlan10 and vlan20 with IP addresses 192.168.10.2/24 and 192.168.20.2/24 respectively.
You can also use ip addr show command to only view a specific VLAN's IP address. For instance, to show the IP address of vlan10, run:
$ ip addr show vlan10
3: vlan10@ens18: <broadcast> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 6e:26:0b:8e:33:8c brd ff:ff:ff:ff:ff:ff
inet <strong><mark>192.168.10.2/24</mark></strong> brd 192.168.10.255 scope global noprefixroute ens18.10
valid_lft forever preferred_lft forever
inet6 fe80::6c26:bff:fe8e:338c/64 scope link
valid_lft forever preferred_lft forever</broadcast>![How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]](https://img.php.cn/upload/article/000/000/000/174243428184207.png)
Here's a FAQ (Frequently Asked Questions) about VLAN tagging:
Q: What is VLAN tagging?A: VLAN tagging is a networking technology that allows you to logically divide a physical network into multiple virtual networks, or VLANs. It adds special tags to Ethernet frames to identify which VLAN a particular frame belongs to.
Q: What is the purpose of VLAN tagging?A: VLAN tagging serves several purposes, including network segmentation, traffic isolation, broadcast control, quality of service (QoS) prioritization, and improved network security.
Q: How does VLAN tagging work?A: VLAN tagging adds a 4-byte tag to Ethernet frames at the data link layer (Layer 2) to indicate the VLAN ID. Network devices use this tag to determine which VLAN the frame belongs to.
Q: Can I mix IP address classes (e.g., Class A and Class C) in a VLAN?A: Yes, you can assign IP addresses from different classes within the same VLAN. VLANs are not dependent on IP address classes, and you can use any IP address range with an appropriate subnet mask.
Q: Do devices in different VLANs communicate with each other by default?A: No, devices in different VLANs do not communicate with each other by default. VLANs are isolated from each other, and communication requires a router or Layer 3 device to route traffic between them.
Q: How do I configure VLAN tagging in Linux?A: To configure VLAN tagging in Linux, you can use tools like ip command or configuration files like Netplan. You'll create VLAN sub-interfaces on a physical interface, assign VLAN IDs, and configure IP addresses as needed.
Q: Can I configure VLAN tagging on a managed switch?A: Yes, most managed switches support VLAN tagging. You can configure VLANs, assign ports to VLANs, and set up VLAN trunking on managed switches to facilitate VLAN communication.
Q: What is the difference between VLAN tagging and multiple IP addresses on a single interface?A: VLAN tagging creates separate virtual networks with distinct VLAN IDs, while multiple IP addresses on a single interface involve assigning multiple IP addresses within the same network or subnet. VLAN tagging offers better traffic isolation and security.
Q: How can I check if the VLAN module is loaded on my Linux system?A: You can check if the VLAN module is loaded using the lsmod | grep 8021q command. If you see "8021q" in the output, the module is loaded; otherwise, you may need to load it manually.
Q: How do I ensure that the VLAN module is loaded automatically at boot time?A: To ensure automatic loading of the VLAN module at boot, add it to the appropriate configuration file for your Linux distribution. For example, in Ubuntu, you can add it to /etc/modules-load.d/.
In this comprehensive guide, we discussed three ways to configure VLAN tagging in Linux operating systems.
In Linux networking, VLAN tagging is an useful technique that allows you to create isolated virtual networks within a single physical network. This segregation improves security, simplifies network management, and enhances overall network efficiency.
Whether you're managing a home network or a complex enterprise environment, understanding and implementing VLAN tagging in Linux lets you to customize your network to fit your specific needs, enhancing both functionality and security.
The above is the detailed content of How To Configure VLAN Tagging In Linux [A Step-by-Step Guide]. For more information, please follow other related articles on the PHP Chinese website!
contextmenu
How to insert video in html
The difference between Java and Java
win10 system disk occupied 100%
What language can vscode be written in?
phpstudy database cannot start solution
Linux modify file name command
There is an extra blank page in Word and I cannot delete it.
What are the levels of mobile user star ratings?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
