Configuring bridges and vlans using nmcli
--
VLAN Tagging
VLAN Tagging is a method through which more than one VLAN is handled on a single port. The traffic is encapsulated so that number of logically separate VLANs can be carried by the same physical VLAN. VLAN tagging helps tell which packet belongs to which VLAN. To make this identification easier, a packet is tagged with a VLAN tag in the Ethernet frame. Thus with VLANs, one can create multiple distinct broadcast domains that are mutually isolated. Also remember with VLANs, switches and not routers create the broadcast domain. Every VLAN can be identified by a VLAN ID and can be in the range 1 to 4094.
Ensure 8021q vlan kernel module is installed.
On RHEL 7 , the 8021q module is loaded by default. If necessary, you can make sure that the module is loaded by issuing the following command as root:
# modprobe --first-time 8021q
modprobe: ERROR: could not insert '8021q': Module already in kernelTo display the information about the module, issue the following command:
$ modinfo 8021qWorking with nmcli
Gone are the days where in we needed to shutdown the Network Manager to configure Bridges or VLAN devices and configure the device files manually. We can now configure Bridges and VLAN devices using nmcli successfully which requires the Network Manager service running.
Creating bridges with nmcli
- One can use the nmcli con command to first create the Bridge interface.
# nmcli con add type bridge ifname nightly_el7 con-name nightly_el7 connection.autoconnect yes
Connection 'nightly_el7' (785f66ae-28b6-44b8-906a-a364fd8e44b6) successfully added.The example above talks about the following attributes of the Bridge.
- type bridge: Specifies the bridge connection.
- con-name nightly_el7: Specifies the name of the new Bridge.
- ifname nightly_el7: Specifies the interface to bind the connection to.
2. The nmcli connection command shows the new VLAN connection.
# nmcli connection
NAME UUID TYPE DEVICE
nightly_el7 785f66ae-28b6-44b8-906a-a364fd8e44b6 bridge nightly_el73. This command creates the ifcfg-nightly_el7 file. Following are the contents of this file:
# cat ifcfg-nightly_el7
STP=yes
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=nightly_el7
UUID=785f66ae-28b6-44b8-906a-a364fd8e44b6
DEVICE=nightly_el7
ONBOOT=yes
ZONE=FedoraServer4. The nmcli device command shows the nightly_el7 device.
# nmcli device
DEVICE TYPE STATE CONNECTION
nightly_el7 bridge connected nightly_el7Creating vlans with nmcli
- One can use the nmcli con command to create a VLAN connection and use the “type vlan” as shown below.
# nmcli con add type vlan con-name ens2f0.252 dev ens2f0 id 252 master nightly_el7 connection.autoconnect yes
Connection 'ens2f0.252' (11c9b325-5587-4c61-a91f-849af39ec78c) successfully added.The example above talks about the following attributes of the VLAN connection:
- con-name ens2f0.252: Specifies the new VLAN connection name being created.
- dev ens2f0: Specifies the physical (parent) device this VLAN is on.
- id 252: Specifies the VLAN ID
- master nightly_el7: Specifies that ens2f0.252 interface is enslaved under the master nightly_el7 which is a bridge interface.
2. The nmcli con command shows the new VLAN connection.
# nmcli connection
NAME UUID TYPE DEVICE
nightly_el7 785f66ae-28b6-44b8-906a-a364fd8e44b6 bridge nightly_el7
ens2f0.252 11c9b325-5587-4c61-a91f-849af39ec78c vlan ens2f0.2523. The above command creates the ifcfg-ens2f0.252 file. Following are the contents of the file.
# cat ifcfg-ens2f0.252
VLAN=yes
TYPE=Vlan
PHYSDEV=ens2f0
VLAN_ID=252
REORDER_HDR=yes
GVRP=no
MVRP=no
NAME=ens2f0.252
UUID=11c9b325-5587-4c61-a91f-849af39ec78c
ONBOOT=yes
BRIDGE=nightly_el7
ZONE=FedoraServer4. The nmcli device command shows the ens2f0.252 device.
# nmcli device
DEVICE TYPE STATE CONNECTION
nightly_el7 bridge connected nightly_el7
ens2f0.252 vlan connected ens2f0.252About the VLAN traffic
The above example shows the configuration for a single VLAN/Bridge interface. Need may arise to configure multiple VLAN/Bridge on a Machine and assign each Virtual Machine to it’s own corresponding Bridge/VLAN .
All this configuration was needed so that the network traffic from various VLANs/subnets of the Virtual Machines could flow in or out of the underlying Bare-Metal box using just one interface, here ens2f0 eth device on the Bare-Metal box.
