Jun 24 2017

LiNUX Horizon – VLAN – Virtual Local Area Network #linux, #redhat, #red #hat, #vpn, #tunneling,


VLAN – Virtual Local Area Network

Short for Virtual Local Area Network (Virual LAN, IEEE 802.1q), a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration and you can have multiple networks on the same cable without having them interfere each other. It is similar to having one cable for every network.

According to IEEE standard 802.1Q, virtual LANs offer a method of dividing one physical network into multiple broadcast domains. In enterprise networks, these broadcast domains usually match with IP subnet boundaries, so that each subnet has its own VLAN. In other sources of information VLAN can be found as MAC Bridge.

A VLAN allows multiple virtual LANs to coexist on the same physical LAN (switched). This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet NIC that is part of both VLANs (a one-armed router). The frames are “tagged” with an 802.1q prefix as they enter the network, which the Ethernet switches will use to separate traffic. ( )

To identify traffic belonging to different VLANs, the 802.1Q standard defines a method called VLAN tagging. With tagging, switches insert a 4-byte VLAN tag into the header of each frame. The tag contains a 12-bit .VLAN ID. that identifies the frames VLAN membership.

Ok, let’s get back to our linux box. -)

Many linux distros already include the vlan tools in the distribution.
Example for GNU/Debian (at the root shell prompt): apt-get install vlan

If your linux distribution does not have such program then go to

greear/vlan.html and download the latest source or binary of the vlan. In the source archive you will find a very good documentation about setting a vlan and linking a linux box with a Cisco box.

The following situation may happend:

  • You have all that you need. Kernel compiled with 802.1q support or module and the vlan tools. If so, skip the compiling and patching section and go to “Setting up the VLAN”.
  • You have support for 802.1q support in the kernel but you don’t have the vlan utilities. In this case download only the binary from the


  • You don’t have kernel support nor the vlan utilitys. -( If so, it’s time to download the kernel source from the site and to patch it with the vlan support as follows:
  • Now you can compile your new kernel. For kernel compilation read the INSTALL file within the kernel archive because kernel complation support will not be covered in this page.

    If your kernel was compiled with 802.1q (not module) do not try to modprobe or insmod because you already loaded the 802.1q support in the booting process.

    Setting up the VLAN

    As root: Let’s add three vlan interfaces based on eth0 and having the id 2, 3 and 4: NOTICE. Do not use vlan 1. On many hardware equipments it is used as management vlan (ex. Cisco).

    To see the new interfaces that was created: To delete the vlan interfaces: Many useful information and statistics can be found in the /proc/net/vlan/ folder (example for the eth0.2 interface) From now on, you can configure your vlan interface like any other interface.
    On the

    greear/vlan/cisco_howto.html is a comprehensive documetation about CISCO and Linux VLAN
    I suggest using vlans with bonding to increase the available bandwith. The following example is based on vlan and bonding.
    A brief howto about Linux Bonding can be found on the Bonding (Port Trunking) – High Avalability Network Segment page. If you need additional infos or Q A please go to Contact Page for our e-mail addresses.

    Written by admin

    Leave a Reply

    Your email address will not be published. Required fields are marked *