11.6 Configuring VLANs with Untagged Data Frames

11.6.1 Using vconfig to Create VLAN Devices

A virtual local area network (VLAN) consists of a group of machines that can communicate as if they were attached to the same physical network. A VLAN allows you to group systems regardless of their actual physical location on a LAN. In a VLAN that uses untagged data frames, you create the broadcast domain by assigning the ports of network switches to the same permanent VLAN ID or PVID (other than 1, which is the default VLAN). All ports that you assign with this PVID are in a single broadcast domain. Broadcasts between devices in the same VLAN are not visible to other ports with a different VLAN, even if they exist on the same switch.

To create a VLAN device for a network interface or bonded interface:

  1. Create a file named ifcfg-interface.pvid in the /etc/sysconfig/network-scripts directory, by copying the ifcfg-interface configuration file for the interface that is connected to a port that implements the PVID that is identified by pvid.

    For example, if the PVID of the switch port is 5 and the interface connected to it is eth0, copy the ifcfg-eth0 file to ifcfg-eth0.5:

    # cd /etc/sysconfig/network-scripts
    # cp ifcfg-eth0 ifcfg-eth0.5

    For the bonded interface bond0, where the PVID of the connected switch ports is 10, copy the ifcfg-bond0 file to ifcfg-bond0.10:

    # cd /etc/sysconfig/network-scripts
    # cp ifcfg-bond0 ifcfg-bond0.10
    Note

    You do not need to create virtual interfaces for the component interfaces of the bonded interface. However, you must set the PVID on each switch port to which they connect.

  2. Edit the ifcfg-interface.pvid file, change the DEVICE (and NAME, if specified) entries, and add a VLAN=yes entry. For example, ifcfg-eth0.5 would appear similar to the following:

    DEVICE="eth0.5"
    NAME="System eth0.5"
    VLAN=yes
    IPADDR=192.168.1.101
    NETMASK=255.255.255.0
    BROADCAST=192.0.2.255
    NM_CONTROLLED="yes"
    ONBOOT=yes
    USERCTL=no
    TYPE=Ethernet
    BOOTPROTO=none
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=yes
    IPV6INIT=no
    PEERDNS=yes
    PEERROUTES=yes

    and ifcfg-bond0.10 as:

    DEVICE="bond0.10"
    VLAN=yes
    IPADDR=192.168.1.121
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    BROADCAST=192.168.1.255
    ONBOOT=yes
    BOOTPROTO=none
    USERCTL=no
    TYPE=Ethernet

    Save your changes to the file. Do not edit the original ifcfg-ethN file.

  3. Restart the network:

    # service network restart

    In addition to the regular interface, eth0 or bond0, which uses the physical LAN, you now have a VLAN device, such as eth0.5 or bond0.10, which can use untagged frames to access the virtual LAN.

    To obtain detailed information about VLAN interfaces, view the /proc/net/vlan directory.

11.6.1 Using vconfig to Create VLAN Devices

The vconfig command provides an alternate method of creating VLAN devices.

To create a VLAN device by using the vconfig command:

  1. Add a VLAN interface definition, eth0.5, for eth0 on PVID 5:

    # vconfig add eth0 5
  2. Configure the network settings for the VLAN interface:

    # ip addr add 192.168.1.121/24 dev eth0.5
  3. Bring up the VLAN interface:

    # ip link set eth0.5 up

    If you subsequently need to delete the interface, use the following commands to bring it down and remove its definition:

    # ip link set eth0.5 down
    # vconfig rem eth0.5

For more information, see the vconfig(8) manual page.