FreeBSD VLAN mini HowTo

Author: Tilman Keskinöz
Last modified: 2007-05-17
German Translation

FreeBSD supports IEEE 802.1Q-VLANs. Example Configuration.

FreeBSD-Host  ---Ethernet---  Cisco Switch

First you need to add the following Kernel Option to your kernel. (see Handbook for details about compiling and installing a customized kernel)

pseudo-device vlan 2 # IEEE 802.1Q VLAN Support

The number at the end defines how many VLAN-devices your machine gets. (Don't panic, if you don't find the vlan0 Entry in your /dev. Pseudo-devices have none.)

Update Since December 2001 you don't need to specify a number. Instead you create the vlandevice dynamic:

ifconfig vlan_device create

The vlan0 device is configured this way:

ifconfig vlan_device vlan vlan_id vlandev parent_device

Update: Since FreeBSD 5.3 a vlan device can be created and configured with one command:

ifconfig vlan_device.vlan_id create

parent_device is the NIC which is connected to the 802.1q-Trunk.

Example:

ifconfig vlan0 vlan 34 vlandev xl0

After that, you need an IP-adress for every vlan:

ifconfig vlan0 inet 128.130.34.35 netmask 255.255.255.128

The output of ifconfig now looks like this:

xl0: flags=8843 mtu 1500
        inet 128.130.34.35 netmask 0xffffff80 broadcast 128.130.34.127
        inet6 fe80::204:76ff:fe12:acba%xl0 prefixlen 64 scopeid 0x1
        ether 00:04:76:12:ac:ba
        media: autoselect (100baseTX ) status: active
        supported media: autoselect 100baseTX  100baseTX 10baseT/UTP  10baseT/UTP 100baseTX 

vlan0: flags=8843 mtu 1496
        inet 128.130.34.35 netmask 0xffffff00 broadcast 128.130.34.255
        inet6 fe80::204:76ff:fe12:acba%vlan0 prefixlen 64 scopeid 0x3
        ether 00:04:76:12:ac:ba
        vlan: 34 parent interface: xl0

If you want to set up dot1q-Trunking on System startup, you may edit your /etc/rc.conf.

cloned_interfaces="vlan0" #You need a recent STABLE for this else use:
#network_interfaces="lo0 vlan0"
ifconfig_vlan0="inet 128.130.34.35 netmask 255.255.255.128 vlan 34 vlandev xl0" 
#Note: If you do not assign an IP Adress to your parent device, you need to 
#start it explicitly:
ifconfig_xl0="up"

As an alternative you can create a script with the name /etc/start_if.xl0 (After the dot is the name of the Parent device) and add the necessary commands there. But this is less elegant. Now an example how to configure the other end, a Cisco switch with "Catalyst" OS.

switch#(enable) clear trunk 3/28  1-33,37-333,335,337-1005
switch#(enable) set trunk 3/28 on dot1q 34-36,334,336

The first command disallows some VLANs, the second one allows specific VLANs.

If you do now connect your NIC to the switch, you should see something like this on the Switch Console:

2001 Jul 30 17:42:05 MDT +02:00 %DTP-5-TRUNKPORTON:Port 3/28 has become dot1q trunk
2001 Jul 30 17:42:18 MDT +02:00 %PAGP-5-PORTTOSTP:Port 3/28 joined bridge port 3/28s

The command

show trunk

can be used to control the trunk state.

An example for an Cisco Switch with "IOS". (The following commands should be entred in the "configure"-mode).

interface FastEthernet0/11 
	switchport trunk encapsulation dot1q
	switchport trunk allowed vlan 34
 	switchport mode trunk

With the VLAN-pseudodevices it is now possible to replace an expensive route-switch module with an old PC.

I would be glad about Comments, Corrections and Improvements. Please send an email to: arved@FreeBSD.org

Thanks to:

Richard Grace who wrote an article on freebsdzine.
Dave Seddon from FreeBSD User Group of Victoria for pointing to the /etc/rc.conf stuff.
Emre Bastuz found a bug in the IOS section.
Necati Ersen Şişeci told me about the new ifconfig create syntax and wrote a document in turkish about Using VLANs on FreeBSD.