Set up a Private VLAN

After creating and assigning your server to a Private VLAN, you need to set it up so it can actually send traffic through it. This is an additional step you need to make based on the Operating System you are using.

Windows Server

This will show you how to set up multiple VLANs on a single network interface when using Windows Server 2012 or later.

Required Setup

If you want to configure a single VLAN in the interface, go to Network Connections > Properties > Advanced tab > Select the VLAN ID field and add the desired value.

If you want multiple VLANs in the same interface, make sure that the property VLAN ID is set to 0 - otherwise it will not work.
Access your server's IPMI via the Remote Access feature.
On your IPMI interface go to Server Manager > Local server and click on NIC Teaming.
Create a new Team with a single interface by going to Teams > Tasks > New Team. Select the desired interface (e.g. 40GbE) and give it a name. Once you create the Team, your IP configuration will be cleaned and your server's internet connection will be lost until the end of the process.
Select your Public interface for the private VLAN.
Go to Adapter and Interfaces and click on TASKS > Add Interface.
The first interface needs to have the VLAN ID 0 (zero) or Default.
Configure the specific VLAN and click OK.
The VLAN ID that you need to configure is the same displayed on your dashboard.
To add another VLAN interface on the same port, repeat step #4.
To assign an IP address to the new interface, click on Network Connections, and find the VLAN interface you have just added. Then, configure the IP similarly to any other interface.
You need to configure the VLAN 0 with your public IP.

You can configure any IP address in your private VLAN Ex. 10.10.10.1/24 and you don't need to configure a Gateway in the private interfaces. Gateway information is only mandatory for ' Public' Interfaces.

Let's say you created three VLAN interfaces (VLANs 1,2,3) on the teaming interface and add three IP addresses, here is what you should see on the Server Manager window:

Troubleshooting

If you try to configure multiple VLANs, make sure that the value of the VLAN ID field in the properties Advanced tab is equal to 0.
Do not configure the primary virtual interface with the VLAN ID, as it needs to be on its default configuration (VLAN ID 0). When the port configuration is set up to native VLAN, do not change this VLAN configuration.

Ubuntu

This is mandatory for all Ubuntu versions.

Load the 8021q module into the kernel.
```
sudo modprobe 8021q
```
Install the VLAN package.
```
sudo apt install vlan
```

Ubuntu 16

Create a new interface that is a member of a specific VLAN (VLAN ID 10 and physical interface eth1 are used for example purposes).

Keep in mind that you can only use physical interfaces as a base. Creating VLANs on virtual interfaces (i.e. eth0:1) will not work.

This command will add an additional interface next to the ones that have already been configured, so your existing configuration of eth1 will not be affected.
Replace the information 'eth1' for your public interface.
```
sudo vconfig add eth1 10
```

Assign an address to the new interface.

sudo ip addr add 10.0.0.1/24 dev eth1.10

Start the new interface.
```
sudo ip link set up eth1.10
```

Additional set up

To make this setup permanent and avoid losing your configurations when your server reboots, do this:

Add the module to the kernel on boot:

sudo su -c 'echo "8021q" >> /etc/modules'

Create the interface and make it available when the system boots. Add the following lines to /etc/network/interfaces.d/50-cloud-init.cfg (change the values according to your scenario):

auto eth1.10
iface eth1.10 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    vlan-raw-device eth1

Ubuntu 18/20

Change the Netplan configuration file in /etc/netplan/50-cloud-init.yaml and add the configuration below at the end of the file (The VLAN 510 is an example, change the values accordingly)
```
vlans:
            vlan.510:
                    id: 510
                    link: eno1
                    addresses: [10.10.10.20/24]
```
The VLAN section is at the same level of indent as the ethernet key. Both are contained within the network
Save the file and apply the configurations with the command below.
```
sudo netplan apply
```

This configuration is permanent, you don't need to do anything else.

CentOS 7/8 and Red Hat Enterprise Linux

In Red Hat Enterprise Linux and Centos 7, the 8021q module is loaded by default. If necessary, you can make sure that the module is loaded by issuing the following command as root:
```
modprobe --first-time 8021q
modprobe: ERROR: could not insert '8021q': Module already in kernel
```
To display information about the module, issue the following command:
```
modinfo 8021q
```
See the modprobe(8) main page for more command options.

SETTING UP 802.1Q VLAN TAGGING USING IFCFG FILES

Configure the parent interface in /etc/sysconfig/network-scripts/ifcfg-eth*X*, where X is a unique number corresponding to a specific interface, as follows:
Replace 'eth' for your public interface

DEVICE=ethX
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes

Set the VLAN interface configuration in the /etc/sysconfig/network-scripts/ directory. The configuration file name should be the parent interface plus a . character followed by the VLAN ID number. For example, if the VLAN ID is 192, and the parent interface is eth0, then the configuration file name should be ifcfg-eth0.192:
```
DEVICE=ethX.192
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.1
PREFIX=24
NETWORK=192.168.1.0
VLAN=yes
```
If there is a need to configure a second VLAN, with, for example, VLAN ID 193, on the same interface, eth0, add a new file with the name eth0.193 with the VLAN configuration details. Restart the networking service in order for the changes to take effect. As root issue the following command:
```
systemctl restart network
```

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Home

API Reference