Configure an Ethernet interface as a VLAN trunk

(Debian)

Specific to
Debian-based distributions

Tested on
Debian (Etch, Lenny, Squeeze)
Ubuntu (Hardy, Intrepid, Jaunty, Karmic, Lucid, Maverick, Natty, Precise, Trusty)

Objective
To configure an Ethernet interface as an IEEE 802.1Q VLAN trunk on a Debian-based distribution.

Background
See Configure an Ethernet interface as a VLAN trunk.

Scenario
Suppose that a host requires access to two VLANs, both carried by a trunk connected to physical
interface eth0. The assigned IP addresses for the host are 192.168.2.1/24 on VLAN 2 and
192.168.3.1/24 on VLAN 3.

Method
First install the vlan package if it is not already present:
apt-get install vlan

This provides the command vconfig, which you will not need to invoke directly, but which is needed by
ifup and ifdown when using VLANs.

Next, add an interface definition for each VLAN to /etc/network/interfaces. The VLAN interface
names must follow one of the naming conventions supported by vconfig. The one used and
recommended here is of the form ethx.y, where ethx is the physical interface name and y is the VLAN
number.

Apart from the special form of the interface name, the definitions are identical to those used for physical
Ethernet interfaces:
auto eth0.2
iface eth0.2 inet static
address 192.168.2.1
netmask 255.255.255.0

auto eth0.3
iface eth0.3 inet static
address 192.168.3.1
netmask 255.255.255.0

Finally, bring the interfaces up in the normal way using ifup:

ifup eth0.2
ifup eth0.3

Testing
After invoking ifup you should be able to inspect the new VLAN interfaces using the ifconfig
command:
ifconfig eth0.2

which should give output of the form:

eth0.2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.2.1 Bcast:12.168.2.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Errors
The vconfig command was not found

An error of the form:

/etc/network/if-pre-up.d/vlan: line 15: vconfig: command not found
SIOCSIFADDR: No such device
vlan1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
vlan1: ERROR while getting interface flags: No such device
Failed to bring up vlan1.

indicates that the vlan package (which provides the vconfig command) has not been installed. Install it
using the command:
apt-get install vlan

Physical device does not exist

An error of the form:

Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Device "eth0" does not exist.
eth0 does not exist, unable to create vlan1
run-parts: /etc/network/if-pre-up.d/vlan exited with return code 1
SIOCSIFADDR: No such device
vlan1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
vlan1: ERROR while getting interface flags: No such device
Failed to bring up vlan1.

indicates that the physical Ethernet interface that would have hosted the VLAN could not be found.
Check that the interface name is correctly specified in /etc/network/interfaces. Use the ifconfig
command to check that the interface exists.

Could not open /proc/net/vlan/config

An error of the form:

WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you
ERROR: trying to set name type for VLAN subsystem, error: Package not installed
WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you
ERROR: trying to add VLAN #1 to IF -:eth0:- error: Package not installed
SIOCSIFADDR: No such device
eth0.1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
eth0.1: ERROR while getting interface flags: No such device
Failed to bring up eth0.1.

could indicate (as the message suggests) either:

1. that the 802.1Q kernel module has not been loaded, or

2. that /proc has not been mounted.

The kernel module should load automatically when you invoke ifup. You can determine whether this
has happened using the lsmod command, which lists the kernel modules that are currently loaded. You
are looking for one called 8021q (with no dot between 802 and 1q):
lsmod | grep 8021q

If the module is not listed then the most likely explanation is that it could not be found. Confirm this by
trying to manually load it using the command modprobe:
modprobe 8021q

This should give an error of the form:

FATAL: Could not open '/lib/modules/2.6.26-2-486/kernel/net/8021q/8021q.ko': No such file or directory

If the operating system you are running was originally installed using debootstrap or a similar
mechanism then it is quite likely that no kernel modules have been installed yet, in which case
/lib/modules will be empty. Provided you are running a normal stock kernel you can correct this by
loading the appropriate modules package, for example:
apt-get install linux-image-2.6.26-2-486

If it is a normal installation then a possible explanation is that you are running a different kernel from
the one that was originally installed but have not provided a matching set of kernel modules. If this is
the case then there will be no directory in /lib/modules with a name that matches the running kernel
version.

Alternatives are that the file in question has been deleted somehow, or you are running a custom kernel
that does not include 802.1Q support.

The simplest way to check whether /proc has been mounted is to list the content of that directory. See
here for further guidance.

Variations
You may encounter interface definitions in which the physical interface name is specified explicitly by
means of a vlan-raw-device command. This is only needed when using a naming convention that does
not incorporate the physical interface name, for example:
auto vlan2
iface vlan2 inet static
address 192.168.2.1
netmask 255.255.255.0
vlan-raw-device eth0

Disadvantages of this approach are that there is more to go wrong, and it does not allow for multiple
interfaces with the same VLAN number.

See also
IEEE 802.1Q VLAN Tutorial
Configure an Ethernet interface as a VLAN trunk (Red Hat)

Tags: 802.1q | ethernet | vlan