Distroname and release: Debian Squeeze

Bridged VLAN interface, for use with eg. KVM


Here I will created an VLAN interface to be used for bridging.
There are different approaches to this. In this example, the bridged interface will contain the VLAN. Another option, is to add the VLAN on the interfaces itself.
I like this approach better, since I do not have to think of it on the interfaces it self, but only which bridge the VM belongs to. See below links for further details.:

brctl cannot do vlan management, for which I tend to use ip/iproute2 instead.

VLANs must be set on the physical interface NOT an the bridged interface. We then create the bridged on an VLAN enabled interface.

Tagged VLANS are used when a single link is used to carry traffic for more than one VLAN. Untagged VLANS are/could be used for IPCams or other IoT devices.

Getting it done

The setup will look something like this!

Install packages

apt-get install bridge-utils

On the KVM host (or where you want to have the bridged interface) start by loading the "vlan" kernel module.

modprobe 8021q
echo "8021q" >> /etc/modules
Make sure that the device which we will be using for the bridged VLAN is not in use, and configure it properly (, like not configured)

Create an interface, like so. Notice I have no gateway configured, since I do not want this VLAN'ed interface to be my default GW.
Note, that the VLAN network needs to create as sub network interface (e.g. eth0.100 on eth0), else VLAN tags are stripped!

#eth0 interface
auto eth0
iface eth0 inet manual

#create vlan interface
auto eth0.100
iface eth0.100 inet manual

#bridged VLAN interface
auto e0vbr100
iface e0vbr100 inet static
    bridge_ports eth0.100                                                                                                                                                                        
    bridge_stp off 
    bridge_fd 0

Then bring up the bridged VLAN interface.

ifup e0vbr100

Configure the KVM Guest

Reconfigure xml network on guest, so that the bridge is now on the "VTAGGED" interface like so. Before change
    <interface type='bridge'>                                                                                                                                                                                                
      <mac address='52:54:00:b3:65:a1'/>
      <source bridge='br1'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
After the change.
Notice the interface is changed "source bridge" to the previously defined VLAN.
    <interface type='bridge'>
      <mac address='52:54:00:b3:65:a1'/>
      <source bridge='e0vbr100'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
On the KVM guest, configure interface as normal. Note, there is NO VLAN specifications here, since the VLAN tagging, will be added on the bridged interface.
Sample config on the KVM guest.
auto eth0
iface eth0 inet static
If you are deploying a new KVM Guest, then remember to specify the correct interface.

Check routes on the KVM host, not guest.. In the below example, all .10 traffic will use the non VLAN bridged interface, for which the KVM host would be unable to access VLAN devices (which is OK for me. I only wants my guests to talk to the devices on the VLAN).

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 br0   U     0      0        0 br0   U     0      0        0 e0vbr100

Useful ip/VLAN commands

down VLAN interface It might take some time (up to a minute) before this change applies to below guests
ip link set e0vbr100 down
ip -d link show e0vbr100
Delete VLAN
ip link delete e0vbr100
Check status of VLAN interfaces. (Yes I use brctl here).
brctl show e0vbr100
Set VLAN on interface using CLI.
ip link add name e0vbr100 link eth0.100 type vlan id 100
Remove interface from bridge
ip link set dev eth0 nomaster
Destroy bridge
ip link del br0
See VLAN details (not at good as 'brctl show' though)
cat /proc/net/vlan/config 
VLAN Dev name	 | VLAN ID
eth0.100       | 100  | eth0

Do not trust the authors words! POC, tests and experience is key

Copyright LinuxLasse.net 2009 - 2024 All Rights Reserved.

Valid HTML 4.01 Strict Valid CSS!