Note:
- This tutorial is available in an Oracle-provided free lab environment.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Create VLANs on Oracle Linux
Introduction
VLANs or Virtual Local Area Networks allow the network to be divided into smaller logical sections, or broadcast domains, to better manage the amount of traffic being generated by the attached systems.
A VLAN separates multiple network devices into logical groups that can communicate as though they are attached to the same network, regardless of their actual physical location on the broadcast LAN.
VLAN tags are used to identify the separate VLAN networks, with network switches deciding how to route traffic within and between systems based on the VLAN tags.
Objectives
This lab, demonstrates how to:
- Create a VLAN interface using the
nmcli
command - Delete a VLAN interface using the
nmcli
command - Create a VLAN interface using the
ip
command - Delete a VLAN interface using the
ip
command
Prerequisites
- A cloud instance system with current release Oracle Linux installed
View Available Network Interfaces
-
Follow the instructions in Oracle Linux Lab Basics to see how to establish an SSH connection and log in to the ol-node01 instances.
The two relevant sections are:
- Copy Public IP Address
- Connect to Oracle Linux Instance
ssh oracle@[IP_ADDRESS_OF_OL-NODE01]
-
Use the
nmcli device
command to view available network interfaces.sudo nmcli device
Command output:
DEVICE TYPE STATE CONNECTION ens3 ethernet connected ens3 ens5 ethernet disconnected -- ens6 ethernet disconnected -- ens7 ethernet disconnected -- lo loopback unmanaged --
The output show four devices
ens3
,ens5
ens6
, andens7
. These network devices are currently disconnected (unused) and available. The next step is to create parent devices for the VLAN interfaces on some of these devices.
Create VLAN Interface Using nmcli
This task uses the nmcli
command to create and manage VLANs.
Note: VLAN interfaces created with the NMCLI utility will still be present after a system reboot,
-
Use the
sudo nmcli connection add type vlan
command to create a VLAN connection.Supply the following options:
con-name
:vlan10-con
ifname
:vlan10-if
dev
:ens5
- VLAN tag
id
:10
sudo nmcli connection add type vlan con-name vlan10-con ifname vlan10-if dev ens5 id 10
Command output:
Connection 'vlan10-con' (25152b16-aee2-4d99-90ad-e44b9c02eb40) successfully added.
-
Use the
sudo nmcli device
command to view the new VLAN connection.sudo nmcli device
Command output:
DEVICE TYPE STATE CONNECTION ens3 ethernet connected ens3 vlan10-if vlan connecting (getting IP configuration) vlan10-con ens5 ethernet disconnected -- ens6 ethernet disconnected -- ens7 ethernet disconnected -- lo loopback unmanaged --
The output shows a new
vlan10-if
interface and a newvlan10-con
connection using deviceens5
with a vlan ID10
. Output also shows its state as ‘connecting’. This is the default for the new VLAN interface because Dynamic Host Configuration Protocol, or DHCP, is used to acquire its IP settings. -
Use the
sudo nmcli connection
command to view the UUID of the newvlan10-con
connection.sudo nmcli connection
Example output:
NAME UUID TYPE DEVICE vlan10-con 25152b16-aee2-4d99-90ad-e44b9c02eb40 vlan vlan10-if ens3 17b6d01f-368c-4628-8ed1-134c0f0f410d ethernet ens3
Assign an IP Address Using nmcli
This task configures a static IPv4 address to the vlan10
connection.
When configuring manual IPv4 or IPv6 address settings, you can set static IP addresses, network masks, default gateways, and DNS servers.
-
Use the
sudo nmcli connection modify
command and supply the following values:- The connection to modify:
vlan10-con
- The
ipv4.addresses
command option - The IP address and netmask:
'192.168. 10.10./24'
sudo nmcli connection modify vlan10-con ipv4.addresses '192.168.10.10/24'
- The connection to modify:
-
Use the command ` sudo nmcli connection modify vlan10-con ipv4.method manual` to change the default DHCP setting.
sudo nmcli connection modify vlan10-con ipv4.method manual
-
Use the
ip addr
command to view the addresses assigned to the network interfaces.ip addr
Example partial output:
... ... 3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff 4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff 5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff 5048: vlan10-if@ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default > > qlen 1000 link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff inet 192.168.10.10/24 brd 192.168.10.255 scope global noprefixroute vlan10-if valid_lft forever preferred_lft forever inet6 fe80::d4f3:8725:9352:d6ac/64 scope link noprefixroute valid_lft forever preferred_lft forever
Note: If the address does not appear for ‘vlan10-if@ens5’, run the ‘ip addr’ command again.
Change the State of VLAN Connections
Next, change the state of VLAN connections and their parent links. This task demonstrates the dependency between VLAN connections and parent links by changing the state of both.
Note: The output from the
ip addr
command in the previous task showed both the VLAN connection and its interface link asUP
.
-
Run the command
sudo nmcli connection down vlan10-con
to deactivate the VLAN connection.sudo nmcli connection down vlan10-con
Command output:
Connection 'vlan10-con' successfully deactivated (D-Bus active path: /org/freedesktop/> NetworkManager/ActiveConnection/12236)
-
Run the
sudo nmcli connection
command to view connections.sudo nmcli connection
Command output:
NAME UUID TYPE DEVICE System ens3 17b6d01f-368c-4628-8ed1-134c0f0f410d ethernet ens3 vlan10-con 25152b16-aee2-4d99-90ad-e44b9c02eb40 vlan --
The output shows the
vlan10-con
connection without an interface device listed. -
Run the
ip addr
command again to view the state of the interfaces.ip addr
Command output:
... ... 3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff 4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff 5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
The output still shows the
ens5
parent linkUP
, butvlan10-if@ens5
is gone. -
Run the
sudo ip link set ens5 down
command to change the state ofens5
.sudo ip link set ens5 down
The command does not return any output.
-
Run the command
sudo nmcli connection up vlan10-con
to activate the VLAN Connections.sudo nmcli connection up vlan10-con
Command output:
Error: Connection activation failed: The device could not be readied for configuration Hint: use 'journalctl -xe NM_CONNECTION=25152b16-aee2-4d99-90ad-e44b9c02eb40 + NM_DEVICE=vlan10-if' to get more details.
Note: When the parent device is DOWN, it prevents the VLAN device from coming up.
-
Run the command
sudo ip link set ens5 up
to bring the VLAN parent device up.sudo ip link set ens5 up
-
Rerun the command
sudo nmcli connection up vlan10-con
to bring the VLAN device up.sudo nmcli connection up vlan10-con
Command output:
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12249)
View VLAN Configuration Files
The /proc/net/vlan
directory stores files containing configuration information about the configured VLAN interfaces.
-
Run the command
ls -l /proc/net/vlan
to list the configuration files in the directory.ls -l /proc/net/vlan/
Command output:
total 0 -rw------- 1 root root 0 May 10 13:33 config -rw------- 1 root root 0 May 10 13:33 vlan10-if
-
Run the command
sudo cat /proc/net/vlan/config
to view the contents of the ‘config’ file.sudo cat /proc/net/vlan/config
Command output:
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD vlan10-if | 10 | ens5
The contents of
config
contains the VLAN name, its VLAN ID and associated device. -
Run the command
sudo cat /proc/net/vlan/vlan10-if
to view its contents.sudo cat /proc/net/vlan/vlan10-if
Configuration text:
vlan10-if VID: 10 REORDER_HDR: 1 dev->priv_flags: 1021 total frames received 0 total bytes received 0 Broadcast/Multicast Rcvd 0 total frames transmitted 18 total bytes transmitted 1248 Device: ens5 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0 EGRESS priority mappings:
The contents of
vlan10-if
shows counts for transmitted and received frames and bytes, and any traffic priority settings for traffic in and out of this device.
Delete VLAN Interface Using nmcli
Next deactivate the connection.
-
Run the command
sudo nmcli connection down vlan10-con
to deactivate the connection.sudo nmcli connection down vlan10-con
Command output:
Connection 'vlan10-con' successfully deactivated (D-Bus active path: /org/freedesktop/> NetworkManager/ActiveConnection/12236)
-
Run the command
ip addr
to verify the device is no longer listed.ip addr
The VLAN connection is no longer listed.
-
Run the command
sudo nmcli connection
to list available connections.sudo nmcli connection
The VLAN connection information is still present.
-
Run the command
sudo nmcli connection delete vlan1-con
to delete the connection.sudo nmcli connection delete vlan10-con
Command output:
Connection 'vlan10-con' (25152b16-aee2-4d99-90ad-e44b9c02eb40) successfully deleted.
The output shows the connection was successfully deleted. This can be verified by running
sudo nmcli connection
.
Create VLAN Interface Using ip
This task, uses the ip
command to create and manage a VLAN.
Note: VLAN interfaces created using the
ip
command do not persist after a reboot of the system.
-
Run the
ip link
command to identify the existing network devices.sudo ip link
Command output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:08:b9:1a brd ff:ff:ff:ff:ff:ff 3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff 4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff 5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff
Use
ens6
to create a VLAN interface. -
Run the command
sudo ip link add
and setens6
as the physical device to use,vlan11-if
as the interface name,vlan
as the connection type, and set the VLAN I to11
.sudo ip link add link ens6 name vlan11-if type vlan id 11
-
Rerun the
ip link
command to view the new VLAN.sudo ip link
Command output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:08:b9:1a brd ff:ff:ff:ff:ff:ff 3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff 4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff 5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 . link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff 5114: vlan11-if@ens6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
Assign an IP Address Using ip
Now assign a static IP address to the VLAN.
-
Run the command
sudo ip addr add
to assign the ip address and netmask to the interface.sudo ip addr add 192.168.11.11/24 dev vlan11-if
-
Run the command
sudo ip link set vlan11-if up
to change the state toUP
sudo ip link set vlan11-if up
The command changes the state of the VLAN interface (
vlan11-if
) toUP
. -
Use the following commands to verify the VLAN connection state, and its assigned IP address.
-
Run the
sudo nmcli connection
:sudo nmcli connection
Command output:
NAME UUID TYPE DEVICE System ens3 17b6d01f-368c-4628-8ed1-134c0f0f410d ethernet ens3 vlan11-if 8da0b0b8-c72b-437b-b2ec-62670187d39e vlan vlan11-if
-
Run the
ip addr
command:ip addr
Partial command output:
... ... 4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff 5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff 5114: vlan11-if@ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff inet 192.168.11.11/24 scope global vlan11-if valid_lft forever preferred_lft forever inet6 fe80::17ff:fe0e:2514/64 scope link valid_lft forever preferred_lft forever
-
Delete a VLAN Using ip
Complete the steps to delete the VLAN device.
-
Run the command
sudo ip link set vlan11-if down
to bring the device connection down.sudo ip link set vlan11-if down
-
Run the command
sudo nmcli device
to view the state of the device.sudo nmcli device
Command output:
DEVICE TYPE STATE CONNECTION ens3 ethernet connected ens3 ens5 ethernet disconnected -- ens6 ethernet disconnected -- ens7 ethernet disconnected -- lo loopback unmanaged -- vlan11-if vlan unmanaged --
The output shows the VLAN is present and
unmanaged
. -
Run the
sudo ip link delete
command to delete the VLAN device.sudo ip link delete vlan11-if
-
Verify the connection is gone with the
sudo nmcli device
command.sudo nmcli device
Command output:
DEVICE TYPE STATE CONNECTION ens3 ethernet connected ens3 ens5 ethernet disconnected -- ens6 ethernet disconnected -- ens7 ethernet disconnected -- lo loopback unmanaged --
The VLAN device is gone.
-
Run the
sudo cat /proc/net/vlan/config
file to view its contents.sudo cat /proc/net/vlan/config
Command output:
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
The file shows all VLANs are gone.
For Additional Information
See other related resources:
- Oracle Learning Library
- Oracle Documentation
- Video: Create VLANs in Oracle Linux with the NMCLI and IP Utilities
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.