Home > FreeBSD > FreeBSD vlan Tagging

FreeBSD vlan Tagging

FreeBSD vlan Tagging

Virtual LANs were introduced by IEEE 802.1Q, a standards definition for tagging of ethernet frames across vlan-aware appliances. It is also known as vlan tagging. Virtual LANs add the ability to separate data on a single transport media into logical networks.

This post explains vlan tagging configurations in FreeBSD. Network appliances making up your network also need to be configured with vlan tagging support, but is beyond the scope of this post.

If vlan tagging support is compiled into the kernel, it is not required to include the following in the loader.conf:

if_vlan_load=”YES”

Configuring vlan tagging on a running system is done by executing the following:

# ifconfig $int up
# ifconfig vlan0 create
# ifconfig vlan0 10.1.1.5 netmask 255.255.255.0 vlan $id vlandev $int
# ifconfig vlan0_alias0 10.1.2.5 netmask 255.255.255.0 vlan $id vlandev $int

Configuring so vlan tags persists across reboots is done by inserting the following in rc.conf:

ifconfig_$int=”up”
cloned_interfaces=”vlan0″
ifconfig_vlan0=”10.1.1.5 netmask 255.255.255.0 vlan $id vlandev $int”
ifconfig_vlan0_alias0=”10.1.2.5 netmask 255.255.255.0 vlan $id vlandev $int”
ifconfig_vlan0_alias1=”10.1.3.5 netmask 255.255.255.0 vlan $id vlandev $int”

In the above examples, $id is the vlan id and $int is the physical network interface.

Also note, additional alias’ added must be added by appending alias[0-9] to the cloned interface in numerical order. Each alias is brought up until it encounters the an alias which is not in sequential order. It then finishes the OS boot without those alias’ added.

For further reading, check out the vlan(4) manpage and the ifconfig(8) manpage.

Advertisements
Categories: FreeBSD
  1. Chris_B.
    November 20, 2014 at 4:08 PM

    I’ve been researching building out a managed I could create a tagged vlan port as described above. I wish to treat this port as the port that would of course connect to a cisco router with dot1q subif’s and have it send untagged packets out to simple switches which are connected to cards which are members of the same Bridge. I’m not sure of my config. I was hoping you could take a look.
    I have researched/found that there are select card chipsets that natively handle full vlan processing in hardware so I will use an intel card (em0) for my dot1q tagged port.
    My thoughts were to use 3 basic NIC’s hypothetically lets say: rl0, xl0, and dc0 as members of bridges. I don’t know if this code should work. Could you comment on it pls?
    Please see config below.
    Bridging at startup:
    #——— start rc.conf ——————-

    defaultrouter=”192.168.0.1″
    hostname=”core1.switchcore.com”

    cloned_interfaces=”bridge10 bridge20 bridge30 vlan10 vlan20 vlan30″

    ifconfig_vlan10=”vlan 10 vlandev em0″
    ifconfig_vlan20=”vlan 20 vlandev em0″
    ifconfig_vlan30=”vlan 30 vlandev em0″

    ifconfig_bridge10=”addm em0.10 stp addm rl0 stp addm vlan10 hellotime 2 maxage 5 fwddelay 6 priority 10 up”
    ifconfig_bridge20=”addm em0.20 stp addm xl0 stp addm vlan20 hellotime 2 maxage 5 fwddelay 6 priority 10 up”
    ifconfig_bridge30=”addm em0.30 stp addm dc0 stp addm vlan30 hellotime 2 maxage 5 fwddelay 6 priority 10 up”

    ifconfig_em0=”up”
    ifconfig_rl0=”up”
    ifconfig_xl0=”up”
    ifconfig_dc0=”up”

    ifconfig_vlan10=”inet 192.168.0.245 netmask 255.255.255.0″
    ifconfig_vlan20=”inet 192.168.1.245 netmask 255.255.255.0″
    ifconfig_vlan30=”inet 192.168.2.245 netmask 255.255.255.0″

  2. Chris_B.
    November 20, 2014 at 5:36 PM

    Hi, I took a stab at an rc.conf file that incorporates one tagged port, 3 vlan interfaces, and 3 untagged interfaces. I’d like to know if I got this anywhere close to correct. I’m hoping you could comment. Apologies if this post comes up redundant. I didn’t see my previous post make it to the comments section. I may have reposted in error. Please advise. Thanks in advance!
    Bridging at startup:
    #——— start rc.conf ——————-

    defaultrouter=”192.168.0.1″
    hostname=”core1.switchcore.com”

    cloned_interfaces=”bridge10 bridge20 bridge30 vlan10 vlan20 vlan30″

    ifconfig_vlan10=”vlan 10 vlandev em0″
    ifconfig_vlan20=”vlan 20 vlandev em0″
    ifconfig_vlan30=”vlan 30 vlandev em0″

    ifconfig_bridge10=”addm em0.10 stp addm rl0 stp addm vlan10 hellotime 2 maxage 5 fwddelay 6 priority 10 up”
    ifconfig_bridge20=”addm em0.20 stp addm xl0 stp addm vlan20 hellotime 2 maxage 5 fwddelay 6 priority 10 up”
    ifconfig_bridge30=”addm em0.30 stp addm dc0 stp addm vlan30 hellotime 2 maxage 5 fwddelay 6 priority 10 up”

    ifconfig_em0=”up”
    ifconfig_rl0=”up”
    ifconfig_xl0=”up”
    ifconfig_dc0=”up”

    ifconfig_vlan10=”inet 192.168.0.245 netmask 255.255.255.0″
    ifconfig_vlan20=”inet 192.168.1.245 netmask 255.255.255.0″
    ifconfig_vlan30=”inet 192.168.2.245 netmask 255.255.255.0″

  3. November 24, 2014 at 1:03 PM

    Hi Chris, please note this blog post is specific to FreeBSD 8.x and may/may not translate directly to FreeBSD 9.x or 10.x.

    The rc.conf is, for all intents and purposes, a shell script sourced by various components at system startup. Keys in the rc.conf are, presumably, bound by the rules of variable setting in a manner consistent with many Bourne-variants shells. The example provided illustrates several keys being defined multiple times (ifconfig_vlan10, ifconfig_vlan20, ifconfig_vlan30).

    Additionally, ordering in rc.conf _can_ make a difference. Consider reordering the lines consistent with the illustration in the post.

    HTH

    • Chris_B.
      November 24, 2014 at 1:29 PM

      Hi Rick, after a lot of googling I found that I was approaching this wrong. In order to allow subif’s on one interface to bridge to another physical interface it must be done like the following example.
      If ed0 was to be the tagged port and I wished to bridge it over to another physical interface:

      sysctl net.link.ether.bridge_cfg=vlan8:34,xl0:34,vlan9:35,xl1:35
      ifconfig vlan8 create
      ifconfig vlan9 create
      ifconfig vlan8 vlan 8 vlandev ed0
      ifconfig vlan9 vlan 9 vlandev ed0

      I would like to figure out how to make this kind of config persistent across reboots now but of course this is beyond the scope of the topic above.
      Thanks for the feedback!

  4. November 24, 2014 at 2:25 PM

    Hi Chris, I’m glad you were able to identify an approach that worked for you.

    On persistence, rc.conf would be implemented similarly as described though the sysctl would likely belong in sysctl.conf.

    HTH

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: