HxHippy

VLAN Configuration on FreeBSD

Configuring VLANs for network segmentation on FreeBSD.

Last updated: 2025-01-15

VLAN Basics

VLANs (802.1Q) allow network segmentation on a single physical interface.

Simple VLAN Configuration

# /etc/rc.conf

# Create VLANs on em0
vlans_em0="10 20 30"

# Configure VLAN interfaces
ifconfig_em0_10="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_em0_20="inet 192.168.20.1 netmask 255.255.255.0"
ifconfig_em0_30="inet 192.168.30.1 netmask 255.255.255.0"

# Ensure parent interface is up
ifconfig_em0="up"

Apply Configuration

# Restart networking
service netif restart

# Verify VLANs
ifconfig em0.10
ifconfig em0.20
ifconfig em0.30

Manual VLAN Creation

# Create VLAN interface
ifconfig em0.10 create
ifconfig em0.10 vlan 10 vlandev em0
ifconfig em0.10 inet 192.168.10.1 netmask 255.255.255.0

# Remove VLAN
ifconfig em0.10 destroy

Inter-VLAN Routing

# Enable IP forwarding
sysrc gateway_enable="YES"
sysctl net.inet.ip.forwarding=1

# VLANs can now route through this system

VLAN with DHCP

# /etc/rc.conf
vlans_em0="100"
ifconfig_em0_100="DHCP"

VLAN Trunking

# Multiple VLANs on trunk port
vlans_em0="10 20 30 40 50"

# All VLANs share same physical interface
# Ensure switch port is configured as trunk

Security Considerations

# Filter between VLANs with PF
# /etc/pf.conf
vlan10 = "em0.10"
vlan20 = "em0.20"

# Block VLAN 10 from accessing VLAN 20
block in on $vlan10 from ($vlan10:network) to ($vlan20:network)
intermediate Networking Updated 2025-01-15
  • freebsd
  • vlan
  • networking
  • 802.1q
  • tagging