How to configure vlan
VLAN (Virtual Local Area Network)
Objective
A VLAN (Virtual Local Area Network) allows network administrators to logically segment Layer 2 broadcast domains within a switch or across multiple switches. This segmentation is independent of the physical topology, meaning devices can belong to the same VLAN even if they are connected to different physical switches. By isolating traffic between different VLANs, organizations can improve security (by restricting broadcast domains), network performance (by reducing broadcast traffic), and manageability (by grouping users or services logically rather than physically).
Prerequisites
Hardware:
Switches or routers that support VLANs
(e.g., edgecore, ufispace)
Software:
Network operating systems that support VLAN configuration
(e.g., SONiC.master )
Access:
Administrative or privileged CLI access
Network:
Knowledge of VLAN ID range (1–4094)
Identified interfaces to assign to each VLAN
VLAN design document outlining VLAN IDs, names, and purposes
TOPOLOGY:
Configuration commands (sonic configurations):
Note 1: Commands are to be executed in sudo mode
Note 2: SW1 is only for sending traffic
Step 1: Create vlan and vlan member for interface
SW2 :
config vlan add 30
config vlan member add -u 30 Ethernet2
config vlan member add -u 30 Ethernet20
SW3:
config vlan add 30
config vlan member add -u 30 Ethernet2
config vlan member add -u 30 Ethernet20
For tagged port
config vlan member add 30 Ethernet3
VALIDATION (SONIC SHOW OUTPUTS)
root@sonic:/home/admin# show vlan brief
+-----------+--------------+------------+----------------+-----------------------+-------------+
| VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | Proxy ARP |
+===========+==============+============+================+=======================+=============+
| 30 | | Ethernet2 | untagged | | disabled |
| | | Ethernet3 | tagged | | |
| | | Ethernet20 | untagged | | |
+-----------+--------------+------------+----------------+-----------------------+-------------+
root@sonic:/home/admin# show vlan config
Name VID Member Mode
------ ----- ---------- --------
Vlan30 30 Ethernet2 untagged
Vlan30 30 Ethernet3 tagged
Vlan30 30 Ethernet20 untagged
root@sonic:/home/admin# sudo bridge vlan
port vlan ids
docker0 1 PVID Egress Untagged
Bridge 30
dummy 1 PVID Egress Untagged
Ethernet2 30 PVID Egress Untagged
Ethernet3 30
Ethernet20 30 PVID Egress Untagged
root@sonic:/home/admin# tcpdump -nei Ethernet8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on Ethernet8, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:22:24.682967 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:22:25.483609 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
21:22:54.691258 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:22:55.490589 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
21:23:24.694718 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:23:25.497841 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
21:23:54.702364 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:23:55.501700 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
21:24:24.704748 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:24:25.505631 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
21:24:54.708163 a8:2b:b5:17:d2:58 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 285: LLDP, length 271: sonic.PALCNETWORKS.COM
21:24:55.509209 68:21:5f:9c:fc:7b > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 271: vlan 30, p 0, ethertype LLDP (0x88cc), LLDP, length 253: sonic
root@sonic:/home/admin# tcpdump -nei Ethernet8 -xxx
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on Ethernet8, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:29:15.103412 00:03:05:03:04:05 > 00:01:02:03:04:05, ethertype 802.1Q (0x8100), length 64: vlan 30, p 0, 802.3 [|llc]
0x0000: 0001 0203 0405 0003 0503 0405 8100 001e
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000
21:29:15.131325 00:03:05:03:04:05 > 00:01:02:03:04:05, ethertype 802.1Q (0x8100), length 64: vlan 30, p 0, 802.3 [|llc]
0x0000: 0001 0203 0405 0003 0503 0405 8100 001e
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000
Related Articles
How to configure subinterface
Sub-Interface: Sub interfaces divide the parent interface into two or more virtual interfaces on which you can assign unique Layer 3 parameters such as IP addresses and dynamic routing protocols. The IP address for each sub interface should be in a ...How to configure BGP
BGP (Border Gateway Protocol) Objective BGP (Border Gateway Protocol) is the protocol that enables the global routing system of the internet. It manages how packets get routed from network to network by exchanging routing and reachability information ...How to Configure Basic VRF Management
VRF Management Objective This document explains how to configure Basic VRF (Virtual Routing and Forwarding) Management on SONiC-OS-4.4.2-Enterprise_Base. Management VRF provides a separate routing table specifically for out-of-band management ...How to Configure BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol) Objective This document explains how to configure Border Gateway Protocol (BGP) on [device or platform name]. BGP is the protocol that enables the global routing system by exchanging routing information between ...How to Configure ACL (Access Control List)
ACL (Access Control List) Objective This document explains how to configure Access Control Lists (ACLs) on broadcom sonic. ACLs consist of one or more access control entries (ACEs) that define rules to permit or deny network traffic based on ...