In a previous post we discussed the benefits of using VLANs in your homelab. In short, VLANs allow us to logically separate our network based on application which in turn adds an additional layer of security. In that same post, we discussed using a single ethernet cable to trunk multiple VLANs to various virtual machines running on a Proxmox server, but did you know that we can do the same thing on the humble Raspberry Pi? This can be particularly useful in homelabs, as it allows us to wake-on-LAN devices that are on different subnets.
In today's tutorial, I will guide you through enabling VLANs on your RPi so that you can connect to multiple networks at once.
- You must be currently using a managed switch with VLANs enabled
- You've configured the port that you've wired your RPi into as either a hybrid port or a trunk port. On my HP1910-24G, I have this port configured as a hybrid port with an untagged membership of 20 and my other VLANs listed under the tagged membership. This allows me to keep my RPi's "real" network adapter connected to VLAN 20 and the virtual network adapters (created in the instructions below) associated to their individual VLAN's corresponding IP addresses.
1. Install the vlan package:
sudo apt install vlan
2. Create the virtual NICs by creating and editing the following file with:
sudo nano /etc/network/interfaces.d/vlans
Inside your new vlans file, add the following contents:
auto eth0.10 iface eth0.10 inet manual vlan-raw-device eth0
By convention, a VLAN's virtual NIC should follow the naming convention:
Where physicalNIC is, just as the name sounds, the physical NIC found by running ifconfig. If you are unsure how to find the name of your physicalNIC, please see step 2 in my guide on how to set up wake-on-LAN here.
The PVID (port VLAN ID) is basically just your VLAN's ID which you would have configured in your L3 switch/router. If you've been following convention, in a typical /24 subnet, it's the third octet of the IP address that's common to all IPs in a given subnet. This is best illustrated with an example. Let's say your VLAN has an address range of 10.0.10.0 through 10.0.10.255. The third octet here is 10 so, if you've been following convention, the PVID is 10.
If you have multiple VLANs, you can just add them all to that same vlan file, following the same format.
If you're using a DHCP server to dynamically assign IP addresses, you're now done. If you're not, or instead wish to use a static IP address, read on.
3. Configure static IP addresses by editing the dhcpcd.conf file:
sudo nano /etc/dhcpcd.conf
Then add/edit the following contents to configure your IP settings on each network card:
# Example static IP configuration: interface eth0 static ip_address=10.0.20.125/24 static routers=10.0.20.1 static domain_name_servers=22.214.171.124 #static domain_search= interface eth0.10 static ip_address=10.0.10.125/24 static routers=10.0.10.1 static domain_name_servers=126.96.36.199
eth0 is the default physical network adapter you normally use and as a result its traffic is untagged. If you have already set this adapter up, feel free to leave interface eth0 alone.
For your virtual network adapter- eth0.10 - this where you can specify a static IP address (static ip_address). The /24 is necessary as it is used to define your subnet mask (/24 indicates 255.255.255.0). static routers is your gateway. static domain_name_servers is your DNS server- I use 188.8.131.52.
Alternatively, if you have access to the RPi desktop/GUI, you can simply open the network from the top right and edit these settings there.
3. Once you've made the network changes, let's effect them by running the following command to restart the networking service:
sudo systemctl restart networking
Alternatively, you could just reboot the RPi.
4. Verify you are on the VLANs with the following command:
This should return:
And with this confirmation you're now done and have successfully implemented VLANs on your Raspberry Pi.
I'd be interested in hearing how you're using VLANs with your Raspberry Pi and, as always, if you have any questions, feel free to ask in the comments below. And if you have any other questions, ask away in the forums.