Configure an Ethernet interface as a VLAN trunk
Content |
Objective
To configure an Ethernet interface as an IEEE 802.1Q VLAN trunk.
Background
There are two ways to connect a machine to a switch that carries 802.1Q VLANs:
- via a untagged port, where VLAN support is handled by the switch (so the attached machine sees ordinary Ethernet frames); or
- via a tagged (trunk) port, where VLAN support is handled by the attached machine (which sees 802.1Q-encapsulated Ethernet frames).
The advantage of a tagged port is that it allows multiple VLANs to be carried by a single physical bearer. The disadvantage is that the machine in question must support 801.q and be configured to use it. Typical practice is to use tagged ports for machines that need to talk to multiple VLANs and untagged ports for everything else.
You need to know whether the port being presented to a machine is tagged or untagged. These instructions apply if and only if it is a tagged port.
VLANs are numbered from 1 to 4094 inclusive (the values 0 and 4095 are reserved). Some manufacturers (including Cisco) additionally recommend that VLAN 1 be reserved for management purposes.
Methods
There are two incompatible methods for configuring network interfaces that are in common use by GNU/Linux distributions: the Debian method (using the file /etc/network/interfaces) and the Red Hat method (using files in /etc/sysconfig/network-scripts/). You must use the appropriate method for your system:
- For Debian-based distributions (including Ubuntu and Mint) see Configure an Ethernet interface as a VLAN trunk (Debian)
- For Red Hat-based distributions (including Fedora and CentOS) see Configure an Ethernet interface as a VLAN trunk (Red Hat)