10.8 Configuring VLANs with Untagged Data Frames

A virtual local area network (VLAN) consists of a group of machines that can communicate as if they were attached to the same physical network. A VLAN allows you to group systems regardless of their actual physical location on a LAN. In a VLAN that uses untagged data frames, you create the broadcast domain by assigning the ports of network switches to the same permanent VLAN ID or PVID (other than 1, which is the default VLAN). All ports that you assign with this PVID are in a single broadcast domain. Broadcasts between devices in the same VLAN are not visible to other ports with a different VLAN, even if they exist on the same switch.

You can use the Network Settings editor or the nmcli command to create a VLAN device for an Ethernet interface.

To create a VLAN device from the command line, enter:

# nmcli con add type vlan con-name bond0-pvid10 ifname bond0-pvid10 dev bond0 id 10

This example sets up the VLAN device bond0-pvid10 with a PVID of 10 for the bonded interface bond0. In addition to the regular interface, bond0, which uses the physical LAN, you now have a VLAN device, bond0-pvid10, which can use untagged frames to access the virtual LAN.

Note

You do not need to create virtual interfaces for the component interfaces of a bonded interface. However, you must set the PVID on each switch port to which they connect.

You can also use the command to set up a VLAN device for a non-bonded interface, for example:

# nmcli con add type vlan con-name em1-pvid5 ifname em1-pvid5 dev em1 id 5

To obtain information about the configured VLAN interfaces, view the files in the /proc/net/vlan directory.