Virtual Local Area Networks (VLANs) offer a powerful way to segment networks and enhance security. This guide demonstrates how to configure VLANs on FreeBSD 14.1. We will cover the creation of VLAN interfaces, IP addressing, and routing, enabling you to isolate different network segments.
Our FreeBSD host interface re0 is connected to a trunk port on the switch with three tagged VLANs: VLAN 1, VLAN 2 and VLAN 3.
Persistent configuration is written all in /etc/rc.conf file. First we need to ensure our base interface re0 is up and running:
ifconfig_re0="up"Then we define VLAN numbers and assign them to re0 interface:
vlans_re0="1 2 3"Next, we add particular VLAN configurations including IP addresses and netmasks accordingly for VLANs 1, 2 and 3:
ifconfig_re0_1="inet 192.168.2.8 netmask 255.255.255.0"
ifconfig_re0_2="inet 192.168.3.1 netmask 255.255.255.0"
ifconfig_re0_3="inet 192.168.4.1 netmask 255.255.255.0"Finally, we set the gateway for the routed interface which is re0_1 based on VLAN 1:
defaultrouter="192.168.2.1"The example complete /etc/rc.conf file including our network setup looks as follows:
root@tuxfixer:~ # cat /etc/rc.conf
hostname="tuxfixer"
ifconfig_re0="up"
defaultrouter="192.168.2.1"
sshd_enable="YES"
ntpdate_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
dbus_enable="YES"
lightdm_enable="YES"
# vlan config
vlans_re0="1 2 3"
ifconfig_re0_1="inet 192.168.2.8 netmask 255.255.255.0"
ifconfig_re0_2="inet 192.168.3.1 netmask 255.255.255.0"
ifconfig_re0_3="inet 192.168.4.1 netmask 255.255.255.0"After making changes to the config file reboot the host or restart network and routing service:
root@tuxfixer:~ # service netif restart && service routing restartVerify network interfaces setup:
root@tuxfixer:~ # ifconfig
re0: flags=1008843 metric 0 mtu 1500
options=8209b
ether fc:aa:14:2b:5a:ba
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29
re1: flags=8802 metric 0 mtu 1500
options=8209b
ether fc:aa:14:2b:5a:b8
media: Ethernet autoselect (none)
status: no carrier
nd6 options=29
lo0: flags=1008049 metric 0 mtu 16384
options=680003
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
groups: lo
nd6 options=21
re0.1: flags=1008843 metric 0 mtu 1500
options=80003
ether fc:aa:14:2b:5a:ba
inet 192.168.2.8 netmask 0xffffff00 broadcast 192.168.2.255
groups: vlan
vlan: 1 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29
re0.2: flags=1008843 metric 0 mtu 1500
options=80003
ether fc:aa:14:2b:5a:ba
inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
groups: vlan
vlan: 2 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29
re0.3: flags=1008843 metric 0 mtu 1500
options=80003
ether fc:aa:14:2b:5a:ba
inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255
groups: vlan
vlan: 3 vlanproto: 802.1q vlanpcp: 0 parent interface: re0
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29Verify default routing:
root@tuxfixer:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.2.1 UGS re0.1
127.0.0.1 link#3 UH lo0
192.168.2.0/24 link#4 U re0.1
192.168.2.8 link#3 UHS lo0
192.168.3.0/24 link#5 U re0.2
192.168.3.1 link#3 UHS lo0
192.168.4.0/24 link#6 U re0.3
192.168.4.1 link#3 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
::/96 link#3 URS lo0
::1 link#3 UHS lo0
::ffff:0.0.0.0/96 link#3 URS lo0
fe80::%lo0/10 link#3 URS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff02::/16 link#3 URS lo0