Welcome to our short guide on how to configure a VLAN interface on a Debian 10 (Buster) Linux system. Virtual Local Area Networks (VLANs) is a network configuration concept that allows you to efficiently use network hardware resources at your disposal. VLANs allows Network Engineers to create virtual broadcast domains and only hosts on the same VLAN are able to communicate with each other directly at layer two.

As the packets pass through a VLAN interface they are tagged with the VLAN ID, and returning packets will be untagged. As you’ll see in this guide, a VLAN interface is configured similarly to any other interface. We’ll be using an Ethernet parent interface, but an 802.1Q VLAN tagging interface can also be created on top of bond, bridge and team interfaces.

Configure VLAN Interface on Debian 10 (Buster)

Login to your Debian 10 server and view all available physical interfaces:

$ ip link  show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether e0:db:55:fe:5b:03 brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether e0:db:55:fe:5b:04 brd ff:ff:ff:ff:ff:ff
4: enp3s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b4:96:91:79:88:5c brd ff:ff:ff:ff:ff:ff
5: enp3s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b4:96:91:79:88:5e brd ff:ff:ff:ff:ff:ff

Install vlan package which provides the command vconfig needed by ifup and ifdown when using VLANs.

sudo apt update
sudo apt install vlan

Add the following lines to allow multiple VLANs to create routing tables:

echo "500    firsttable" | sudo tee -a /etc/iproute2/rt_tables
echo "501    echo "500    firsttable" | sudo tee -a /etc/iproute2/rt_tables" | sudo tee -a /etc/iproute2/rt_tables

Load the 8021q kernel module:

sudo modprobe 8021q

Confirm the module is loaded:

$ lsmod | grep 8021q
8021q                  40960  0
garp                   16384  1 8021q
mrp                    20480  1 8021q

In my setup the interface to be configured is eno1. The configuration details are as below:

Interface: eno1
VLAN ID: 503
IP Address: 172.20.20.10
GATEWAY: 172.20.20.1
DNS: 172.20.20.1

Open the default interfaces configuration file on your Debian server:

$ sudo vim /etc/network/interfaces

Paste and modify below configuration contents:

# Source custom network configuration files
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The first VLAN interface
auto eno1.503
iface eno1.503 inet static
    address 172.20.20.10
    netmask 255.255.255.240
    gateway 172.20.20.1
    dns-nameservers 8.8.8.8 8.8.4.4

The VLAN interface naming has to follow one of the naming conventions supported by vconfig. This is the form interfacex.y, where interfacex is the physical interface name and y is the VLAN number.

Finally, bring the up the interfaces using ifup:

sudo ifup eno1.503

You may need to reboot to confirm the settings are loaded on system boot:

sudo reboot

Once it is up you can inspect the VLAN interface using the command:

$ ifconfig eno1.503

Sample output:

eno1.503  Link encap:Ethernet  HWaddr e0:db:55:fe:5b:04
          inet addr:72.20.20.10  Bcast:72.20.20.15  Mask:255.255.255.240
          UP BROADCAST MULTICAST  MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Suppose you want to add another VLAN interface the configuration remains the same:

# The second VLAN interface
auto eno1.504
iface eno1.504 inet static
    address 172.21.10.0
    netmask 255.255.255.0

If the host is a hypervisor consider adding below sysctl configurations:

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.arp_filter=0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter=2" | sudo tee -a /etc/sysctl.conf

Load configurations:

$ sudo sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 2

That’s all on how you can configure VLAN interface on Debian 10 server.

Reference:

More guides on Debian: