Rate this page

Configure an Ethernet interface as a VLAN trunk (Debian)

Specific to

Debian-based distributions

Tested on

Debian (Etch, Lenny, Squeeze)
Ubuntu (Hardy, Intrepid, Jaunty, Karmic, Lucid, Maverick, Natty, Precise, Trusty)

Objective

To configure an Ethernet interface as an IEEE 802.1Q VLAN trunk on a Debian-based distribution.

Background

See Configure an Ethernet interface as a VLAN trunk.

Scenario

Suppose that a host requires access to two VLANs, both carried by a trunk connected to physical interface eth0. The assigned IP addresses for the host are 192.168.2.1/24 on VLAN 2 and 192.168.3.1/24 on VLAN 3.

Method

First install the vlan package if it is not already present:

apt-get install vlan

This provides the command vconfig, which you will not need to invoke directly, but which is needed by ifup and ifdown when using VLANs.

Next, add an interface definition for each VLAN to /etc/network/interfaces. The VLAN interface names must follow one of the naming conventions supported by vconfig. The one used and recommended here is of the form ethx.y, where ethx is the physical interface name and y is the VLAN number.

Apart from the special form of the interface name, the definitions are identical to those used for physical Ethernet interfaces:

auto eth0.2
iface eth0.2 inet static
  address 192.168.2.1
  netmask 255.255.255.0

auto eth0.3
iface eth0.3 inet static
  address 192.168.3.1
  netmask 255.255.255.0

Finally, bring the interfaces up in the normal way using ifup:

ifup eth0.2
ifup eth0.3

Testing

After invoking ifup you should be able to inspect the new VLAN interfaces using the ifconfig command:

ifconfig eth0.2

which should give output of the form:

eth0.2    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.2.1  Bcast:12.168.2.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Errors

The vconfig command was not found

An error of the form:

/etc/network/if-pre-up.d/vlan: line 15: vconfig: command not found
SIOCSIFADDR: No such device
vlan1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
vlan1: ERROR while getting interface flags: No such device
Failed to bring up vlan1.

indicates that the vlan package (which provides the vconfig command) has not been installed. Install it using the command:

apt-get install vlan

Physical device does not exist

An error of the form:

Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Device "eth0" does not exist.
eth0 does not exist, unable to create vlan1
run-parts: /etc/network/if-pre-up.d/vlan exited with return code 1
SIOCSIFADDR: No such device
vlan1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
vlan1: ERROR while getting interface flags: No such device
Failed to bring up vlan1.

indicates that the physical Ethernet interface that would have hosted the VLAN could not be found. Check that the interface name is correctly specified in /etc/network/interfaces. Use the ifconfig command to check that the interface exists.

Could not open /proc/net/vlan/config

An error of the form:

WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
ERROR: trying to set name type for VLAN subsystem, error: Package not installed
WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
ERROR: trying to add VLAN #1 to IF -:eth0:-  error: Package not installed
SIOCSIFADDR: No such device
eth0.1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
eth0.1: ERROR while getting interface flags: No such device
Failed to bring up eth0.1.

could indicate (as the message suggests) either:

  1. that the 802.1Q kernel module has not been loaded, or
  2. that /proc has not been mounted.

The kernel module should load automatically when you invoke ifup. You can determine whether this has happened using the lsmod command, which lists the kernel modules that are currently loaded. You are looking for one called 8021q (with no dot between 802 and 1q):

lsmod | grep 8021q

If the module is not listed then the most likely explanation is that it could not be found. Confirm this by trying to manually load it using the command modprobe:

modprobe 8021q

This should give an error of the form:

FATAL: Could not open '/lib/modules/2.6.26-2-486/kernel/net/8021q/8021q.ko': No such file or directory

If the operating system you are running was originally installed using debootstrap or a similar mechanism then it is quite likely that no kernel modules have been installed yet, in which case /lib/modules will be empty. Provided you are running a normal stock kernel you can correct this by loading the appropriate modules package, for example:

apt-get install linux-image-2.6.26-2-486

If it is a normal installation then a possible explanation is that you are running a different kernel from the one that was originally installed but have not provided a matching set of kernel modules. If this is the case then there will be no directory in /lib/modules with a name that matches the running kernel version.

Alternatives are that the file in question has been deleted somehow, or you are running a custom kernel that does not include 802.1Q support.

The simplest way to check whether /proc has been mounted is to list the content of that directory. See here for further guidance.

Variations

You may encounter interface definitions in which the physical interface name is specified explicitly by means of a vlan-raw-device command. This is only needed when using a naming convention that does not incorporate the physical interface name, for example:

auto vlan2
iface vlan2 inet static
  address 192.168.2.1
  netmask 255.255.255.0
  vlan-raw-device eth0

Disadvantages of this approach are that there is more to go wrong, and it does not allow for multiple interfaces with the same VLAN number.

See also

Tags: 802.1q | ethernet | vlan