In order to make use of VLAN tagged interfaces in FreeBSD, kernel support
must be added, thus requiring a rebuild of the kernel. Also, you must
have an interface capable of handling VLAN tagging (can be determined
by the man page of the interface driver, ex: man bge). Kernel support
is enabled via the following line in the kernel configuration file
/usr/src/sys/i386/conf/MYKERNEL (where MYKERNEL is whatever name you've
chosen to use for the new kernel):
device vlan # 802.1Q
Once added, one simply needs to rebuild the kernel, which may be
accomplished by following the steps list within the FreeBSD Handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
After the kernel has been rebuilt and booted from, one may configure the
interfaces in question. (Note, it is assumed that the network port on
the switch, etc, has already been configured to support multiple VLANs.
If not, please discuss with Network Engineering.) A VLAN tagged interface
is configured and managed primarily the same way that a standard interface
is, though with minor differences. To configure the interface, there
are several bits of information one must be aware of:
- configured VLAN
- the host's physical network interface to which the VLAN tagged
connection is connected to
- the network configured relative to said VLAN
As an example, the connection going to bge1 is a VLAN tagged connection.
The vlan configured is 487, supporting network 192.19.20.0/24. The following
command will initialize the new interface to support this:
/sbin/ifconfig vlan487 plumb
/sbin/ifconfig vlan487 192.19.20.52 netmask 255.255.255.0 vlan 487 vlandev bge1
/sbin/ifconfig vlan487 up
The first line simply creates a new interface named vlan487. The second
line configures vlan487 to IP address 192.19.20.52 with a class c netmask,
associating it to vlan 487 on interface bge1. Line 3 simply brings the
interface up. The naming of the new interface is vlan###, wherein vlan
identifies the new interface as being a vlan tagged interface and ###
delineates the numbered vlan relative to the interface being created.
(Of note, one could create an interface with some other numeric value such
as vlan1 which is configured to vlan 487, though this negates quick visual
identification of the interface.) Once configured, a vlan tagged interface,
such as vlan487 above, handles in much the same way as normal interfaces.
To bring a vlan tagged interface online at boot time, the interface must
be added to /etc/rc.conf. The following illustrates the appropriate
entries, still using the above example:
ifconfig_bge1="up"
cloned_interfaces="vlan487"
ifconfig_vlan487="inet 192.19.20.52 netmask 255.255.255.0 vlan 487 vlandev bge1"
The first line just brings bge1 online, though unconfigured. In order
to use a vlan tagged interface, the underlying interface must be online!
The next line states to create the virtual, vlan tagged interface vlan487.
Line 3 configures interface vlan487.
