Configuring VLANs in systemd-networkd (last edited 2022-05-20)¶

The Linux network stack provides full support for 802.1Q VLANs, including the ability to virtualize broadcast domains based on tagged network traffic. Sending and receiving tagged traffic is supported through the use of virtual network devices that can be configured and utilized by software in many of the same ways as physical network devices like eth0.

Creating VLAN Interfaces¶

systemd-networkd provides support for creating and configuring virtual network devices, including VLAN interfaces. These devices are configured in .netdev files added to the standard networkd configuration locations.

The .netdev definition for a VLAN interface defines the following properties:

Name - User-defined name for the network interface
Kind - vlan
Id - Integer VLAN ID between 0 and 4094

Creating a VLAN interface

/etc/systemd/network/15-vlan25.netdev

[NetDev]
Name=vlan25
Kind=vlan

[VLAN]
# Specify the tag
Id=25

Add VLANs to a Physical Interface¶

In order to send and receive tagged traffic over a physical network link, virtual network devices are associated with the physical LAN interface. In systemd-networkd, this association can be made by specifying one or more VLAN properties to the physical interface's .network configuration.

Associating a VLAN to a physical interface

/etc/systemd/network/20-eth0.network

[Match]
Name=eth0

[Network]
Address=192.168.0.1/24 # (1)

VLAN=vlan25 # (2)
VLAN=vlan50

Addresses and other configuration are associated with native (untagged) traffic on the device.
Each VLAN is associated based on the name of the virtual network device.

After associating a VLAN device to a phyical interface, tagged frames will be presented to the operating system as originating from the VLAN interface. Likewise, traffic that is sent through a VLAN interface will be tagged with the specified ID before being sent on the network.

Layer-3 Configuration for VLAN Interfaces¶

Attaching the VLANs to a physical interface enables traffic to be sent and received from the virtual interface via tagged frames on the physical link. At the moment, however, our VLAN interfaces do not have any network-level settings attached to them.

Depending on the task at hand and the configuration of the Linux host, you may configure the new interfaces by any method(s) available, including networkd:

Sample Network Configurations

IPv4 DHCPIPv4 StaticLink-local IPv6 only

/etc/systemd/network/25-vlan25.network

[Match]
Name=vlan25

[Network]
DHCP=ipv4

/etc/systemd/network/25-vlan25.network

[Match]
Name=vlan25

[Network]
Address=172.16.0.1/24
DNS=1.1.1.1

/etc/systemd/network/25-vlan25.network

[Match]
Name=vlan25

[Network]
LinkLocalAddressing=ipv6
IPv6AcceptRA=yes
IPv6PrivacyExtensions=no