Create VLANs on Oracle Linux

Introduction

VLANs or Virtual Local Area Networks allow the network to be divided into smaller logical sections, or broadcast domains, to better manage the amount of traffic being generated by the attached systems.

A VLAN separates multiple network devices into logical groups that can communicate as though they are attached to the same network, regardless of their actual physical location on the broadcast LAN.

VLAN tags are used to identify the separate VLAN networks, with network switches deciding how to route traffic within and between systems based on the VLAN tags.

Objectives

This lab, demonstrates how to:

• Create a VLAN interface using the nmcli command
• Delete a VLAN interface using the nmcli command
• Create a VLAN interface using the ip command
• Delete a VLAN interface using the ip command

Prerequisites

• A cloud instance system with current release Oracle Linux installed

View Available Network Interfaces

1. Follow the instructions in Oracle Linux Lab Basics to see how to establish an SSH connection and log in to the ol-node01 instances.

   The two relevant sections are:

   • Copy Public IP Address
   • Connect to Oracle Linux Instance

   ssh oracle@[IP_ADDRESS_OF_OL-NODE01]

2. Use the nmcli device command to view available network interfaces.

   sudo nmcli device

   Command output:

   DEVICE  TYPE      STATE         CONNECTION
   ens3    ethernet  connected     ens3       
   ens5    ethernet  disconnected  --         
   ens6    ethernet  disconnected  --         
   ens7    ethernet  disconnected  --         
   lo      loopback  unmanaged     --

   The output show four devices ens3, ens5 ens6, and ens7. These network devices are currently disconnected (unused) and available. The next step is to create parent devices for the VLAN interfaces on some of these devices.

Create VLAN Interface Using nmcli

This task uses the nmcli command to create and manage VLANs.

Note: VLAN interfaces created with the NMCLI utility will still be present after a system reboot,

1. Use the sudo nmcli connection add type vlan command to create a VLAN connection.

   Supply the following options:

   • con-name: vlan10-con
   • ifname: vlan10-if
   • dev: ens5
   • VLAN tag id: 10

   sudo nmcli connection add type vlan con-name vlan10-con ifname vlan10-if dev ens5 id 10

   Command output:

   Connection 'vlan10-con' (25152b16-aee2-4d99-90ad-e44b9c02eb40) successfully added.

2. Use the sudo nmcli device command to view the new VLAN connection.

   sudo nmcli device

   Command output:

   DEVICE     TYPE      STATE                                  CONNECTION
   ens3       ethernet  connected                              ens3       
   vlan10-if  vlan      connecting (getting IP configuration)  vlan10-con
   ens5       ethernet  disconnected                           --         
   ens6       ethernet  disconnected                           --         
   ens7       ethernet  disconnected                           --         
   lo         loopback  unmanaged                              --

   The output shows a new vlan10-if interface and a new vlan10-con connection using device ens5 with a vlan ID 10. Output also shows its state as 'connecting'. This is the default for the new VLAN interface because Dynamic Host Configuration Protocol, or DHCP, is used to acquire its IP settings.

3. Use the sudo nmcli connection command to view the UUID of the new vlan10-con connection.

   sudo nmcli connection

   Example output:

   NAME        UUID                                  TYPE      DEVICE    
   vlan10-con  25152b16-aee2-4d99-90ad-e44b9c02eb40  vlan      vlan10-if
   ens3        17b6d01f-368c-4628-8ed1-134c0f0f410d  ethernet  ens3

Assign an IP Address Using nmcli

This task configures a static IPv4 address to the vlan10 connection. When configuring manual IPv4 or IPv6 address settings, you can set static IP addresses, network masks, default gateways, and DNS servers.

1. Use the sudo nmcli connection modify command and supply the following values:

   • The connection to modify: vlan10-con
   • The ipv4.addresses command option
   • The IP address and netmask: '192.168. 10.10./24'

   sudo nmcli connection modify vlan10-con ipv4.addresses '192.168.10.10/24'

2. Use the command sudo nmcli connection modify vlan10-con ipv4.method manual to change the default DHCP setting.

   sudo nmcli connection modify vlan10-con ipv4.method manual

3. Use the ip addr command to view the addresses assigned to the network interfaces.

   ip addr

   Example partial output:

   ...
   ...
   3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
       link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff
   4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
       link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
   5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
       link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff
   5048: vlan10-if@ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default > >  qlen 1000
     link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff
     inet 192.168.10.10/24 brd 192.168.10.255 scope global noprefixroute vlan10-if
        valid_lft forever preferred_lft forever
     inet6 fe80::d4f3:8725:9352:d6ac/64 scope link noprefixroute
        valid_lft forever preferred_lft forever

   Note: If the address does not appear for 'vlan10-if@ens5', run the 'ip addr' command again.

Change the State of VLAN Connections

Next, change the state of VLAN connections and their parent links. This task demonstrates the dependency between VLAN connections and parent links by changing the state of both.

Note: The output from the ip addr command in the previous task showed both the VLAN connection and its interface link as UP.

1. Run the command sudo nmcli connection down vlan10-con to deactivate the VLAN connection.

   sudo nmcli connection down vlan10-con

   Command output:

   Connection 'vlan10-con' successfully deactivated (D-Bus active path: /org/freedesktop/> NetworkManager/ActiveConnection/12236)

2. Run the sudo nmcli connection command to view connections.

   sudo nmcli connection

   Command output:

   NAME         UUID                                  TYPE      DEVICE
   System ens3  17b6d01f-368c-4628-8ed1-134c0f0f410d  ethernet  ens3   
   vlan10-con   25152b16-aee2-4d99-90ad-e44b9c02eb40  vlan      --

   The output shows the vlan10-con connection without an interface device listed.

3. Run the ip addr command again to view the state of the interfaces.

   ip addr

   Command output:

   ...
   ...
   3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
       link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff
   4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
       link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
   5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

   The output still shows the ens5 parent link UP, but vlan10-if@ens5 is gone.

4. Run the sudo ip link set ens5 down command to change the state of ens5.

   sudo ip link set ens5 down

   The command does not return any output.

5. Run the command sudo nmcli connection up vlan10-con to activate the VLAN Connections.

   sudo nmcli connection up vlan10-con

   Command output:

   Error: Connection activation failed: The device could not be readied for configuration
   Hint: use 'journalctl -xe NM_CONNECTION=25152b16-aee2-4d99-90ad-e44b9c02eb40 + NM_DEVICE=vlan10-if' to get more details.

   Note: When the parent device is DOWN, it prevents the VLAN device from coming up.

6. Run the command sudo ip link set ens5 up to bring the VLAN parent device up.

   sudo ip link set ens5 up

7. Rerun the command sudo nmcli connection up vlan10-con to bring the VLAN device up.

   sudo nmcli connection up vlan10-con

   Command output:

   Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12249)

View VLAN Configuration Files

The /proc/net/vlan directory stores files containing configuration information about the configured VLAN interfaces.

1. Run the command ls -l /proc/net/vlan to list the configuration files in the directory.

   ls -l /proc/net/vlan/

   Command output:

   total 0
   -rw------- 1 root root 0 May 10 13:33 config
   -rw------- 1 root root 0 May 10 13:33 vlan10-if

2. Run the command sudo cat /proc/net/vlan/config to view the contents of the 'config' file.

   sudo cat /proc/net/vlan/config

   Command output:

   VLAN Dev name	 | VLAN ID
   Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
   vlan10-if      | 10  | ens5

   The contents of config contains the VLAN name, its VLAN ID and associated device.

3. Run the command sudo cat /proc/net/vlan/vlan10-if to view its contents.

   sudo cat /proc/net/vlan/vlan10-if

   Configuration text:

   vlan10-if  VID: 10	 REORDER_HDR: 1  dev->priv_flags: 1021
            total frames received       0
             total bytes received       0
         Broadcast/Multicast Rcvd       0
   
        total frames transmitted       18
         total bytes transmitted     1248
   Device: ens5
   INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
    EGRESS priority mappings:

   The contents of vlan10-if shows counts for transmitted and received frames and bytes, and any traffic priority settings for traffic in and out of this device.

Delete VLAN Interface Using nmcli

Next deactivate the connection.

1. Run the command sudo nmcli connection down vlan10-con to deactivate the connection.

   sudo nmcli connection down vlan10-con

   Command output:

   Connection 'vlan10-con' successfully deactivated (D-Bus active path: /org/freedesktop/> NetworkManager/ActiveConnection/12236)

2. Run the command ip addr to verify the device is no longer listed.

   ip addr

   The VLAN connection is no longer listed.

3. Run the command sudo nmcli connection to list available connections.

   sudo  nmcli connection

   The VLAN connection information is still present.

4. Run the command sudo nmcli connection delete vlan1-con to delete the connection.

   sudo nmcli connection delete vlan10-con

   Command output:

   Connection 'vlan10-con' (25152b16-aee2-4d99-90ad-e44b9c02eb40) successfully deleted.

   The output shows the connection was successfully deleted. This can be verified by running sudo nmcli connection.

Create VLAN Interface Using ip

This task, uses the ip command to create and manage a VLAN.

Note: VLAN interfaces created using the ip command do not persist after a reboot of the system.

1. Run the ip link command to identify the existing network devices.

   sudo ip link

   Command output:

   1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:17:08:b9:1a brd ff:ff:ff:ff:ff:ff
   3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff
   4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
   5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff

   Use ens6 to create a VLAN interface.

2. Run the command sudo ip link add and set ens6 as the physical device to use, vlan11-if as the interface name, vlan as the connection type, and set the VLAN I to 11.

   sudo ip link add link ens6 name vlan11-if type vlan id 11

3. Rerun the ip link command to view the new VLAN.

   sudo ip link

   Command output:

   1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000
       link/ether 02:00:17:08:b9:1a brd ff:ff:ff:ff:ff:ff
   3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
       link/ether 02:00:17:0a:15:4c brd ff:ff:ff:ff:ff:ff
   4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
       link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
   5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
   .   link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff
   5114: vlan11-if@ens6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
      link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff

Assign an IP Address Using ip

Now assign a static IP address to the VLAN.

1. Run the command sudo ip addr add to assign the ip address and netmask to the interface.

   sudo ip addr add 192.168.11.11/24 dev vlan11-if

2. Run the command sudo ip link set vlan11-if up to change the state to UP

   sudo ip link set vlan11-if up

   The command changes the state of the VLAN interface (vlan11-if) to UP.

3. Use the following commands to verify the VLAN connection state, and its assigned IP address.

   1. Run the sudo nmcli connection:

      sudo nmcli connection

      Command output:

      NAME         UUID                                  TYPE      DEVICE    
      System ens3  17b6d01f-368c-4628-8ed1-134c0f0f410d  ethernet  ens3      
      vlan11-if    8da0b0b8-c72b-437b-b2ec-62670187d39e  vlan      vlan11-if

   2. Run the ip addr command:

      ip addr

      Partial command output:

      ...
      ...
      4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
      5: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether 02:00:17:0a:d4:70 brd ff:ff:ff:ff:ff:ff
      5114: vlan11-if@ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
          link/ether 02:00:17:0e:25:14 brd ff:ff:ff:ff:ff:ff
          inet 192.168.11.11/24 scope global vlan11-if
             valid_lft forever preferred_lft forever
          inet6 fe80::17ff:fe0e:2514/64 scope link 
             valid_lft forever preferred_lft forever

Delete a VLAN Using ip

Complete the steps to delete the VLAN device.

1. Run the command sudo ip link set vlan11-if down to bring the device connection down.

   sudo ip link set vlan11-if down

2. Run the command sudo nmcli device to view the state of the device.

   sudo nmcli device

   Command output:

   DEVICE     TYPE      STATE         CONNECTION 
   ens3       ethernet  connected     ens3       
   ens5       ethernet  disconnected  --         
   ens6       ethernet  disconnected  --         
   ens7       ethernet  disconnected  --         
   lo         loopback  unmanaged     --         
   vlan11-if  vlan      unmanaged     --

   The output shows the VLAN is present and unmanaged.

3. Run the sudo ip link delete command to delete the VLAN device.

   sudo ip link delete vlan11-if

4. Verify the connection is gone with the sudo nmcli device command.

   sudo nmcli device

   Command output:

   DEVICE  TYPE      STATE         CONNECTION 
   ens3    ethernet  connected     ens3       
   ens5    ethernet  disconnected  --         
   ens6    ethernet  disconnected  --         
   ens7    ethernet  disconnected  --         
   lo      loopback  unmanaged     --

   The VLAN device is gone.

5. Run the sudo cat /proc/net/vlan/config file to view its contents.

   sudo cat /proc/net/vlan/config

   Command output:

   VLAN Dev name	 | VLAN ID
   Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

   The file shows all VLANs are gone.

For Additional Information

See other related resources:

• Oracle Learning Library
• Oracle Documentation
• Video: Create VLANs in Oracle Linux with the NMCLI and IP Utilities