[Enterprise SONiC] VLAN & Inter-VLAN Routing Follow
Basic VLAN configuration and internal VLAN routing.
Tested model & firmware version:
- Switch model name:
DCS203 (AS7326-56X)
EPS202 (AS4630-54PE)
- Edgecore SONiC version:
202006.4
202012.0 ~ 202012.4
202111.0 ~ 202111.8
Restriction
- Support 4K VLANs.
- Known issue:
- On Barefoot series, the VLAN 1 default disable MAC learning. It means all of traffic will be flooding.
VLAN tag and untag settings
Topology :
Steps 1. Create VLAN1 and VLAN2 on the switch
admin@sonic:~$ sudo config vlan add 1 admin@sonic:~$ sudo config vlan add 2
Steps 2. Make sure that the port configuration of the VLAN member is not a router port. If the port is configured as a VLAN member of a router port, you will get the following error:
admin@sonic:~$ sudo config vlan member add 1 Ethernet48 Usage: config vlan member add [OPTIONS] Try "config vlan member add -h" for help. Error: Ethernet48 is a L3 interface!Note. If you face the same error message, you should use the command "sudo config interface ip remove Ethernet48 [IP Address]" to remove IP on the interface. (Detail command information, you can refer to the CLI guide)
Steps 3. Let the Ethernet48 as VLAN1 untag member.
admin@sonic:~$ sudo config vlan member add -u 1 Ethernet48
Steps 4. Let the Ethernet52 as VLAN2 tag member.
admin@sonic:~$ sudo config vlan member add 2 Ethernet52
Result
- Check the VLAN setting by command “show vlan brief” or “show vlan config”
admin@sonic:~$ show vlan brief +-----------+--------------+------------+-----------+----------+---------------+----------------------------+ | VLAN ID | IP Address | Ports | Port | Proxy | DHCP Helper | DHCP Relay Configuration | | | | | Tagging | ARP | Address | | +===========+==============+============+===========+==========+===============+============================+ | 1 | | Ethernet48 | untagged | disabled | | Source Interface: | | | | | | | | Link Selection: | | | | | | | | Server Vrf: | | | | | | | | Server ID Override: | +-----------+--------------+------------+-----------+----------+---------------+----------------------------+ | 2 | | Ethernet52 | tagged | disabled | | Source Interface: | | | | | | | | Link Selection: | | | | | | | | Server Vrf: | | | | | | | | Server ID Override: | +-----------+--------------+------------+-----------+----------+---------------+----------------------------+ admin@sonic:~$ show vlan config Name VID Member Mode ------ ----- ---------- -------- Vlan1 1 Ethernet48 untagged Vlan2 2 Ethernet52 taggedCaution:
admin@sonic:~$ show vlan brief
+-----------+--------------+------------+----------------+---------------+---------------+-------------+-------------+
| VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper | DHCP Source | DHCP Link | Proxy ARP |
| | | | | Address | Interface | Selection | |
+===========+==============+============+================+===============+===============+=============+=============+
| 1 | | Ethernet48 | untagged | | | | disabled |
+-----------+--------------+------------+----------------+---------------+---------------+-------------+-------------+
| 2 | | Ethernet52 | tagged | | | | disabled |
+-----------+--------------+------------+----------------+---------------+---------------+-------------+-------------+
admin@sonic:~$ show vlan brief +-----------+--------------+------------+----------------+-----------------------+ | VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | +===========+==============+============+================+=======================+ | 1 | | Ethernet48 | untagged | | +-----------+--------------+------------+----------------+-----------------------+ | 2 | | | | | +-----------+--------------+------------+----------------+-----------------------+ admin@sonic:~$ show vlan config Name VID Member Mode ------ ----- ---------- -------- Vlan1 1 Ethernet48 untagged
- Check the native VLAN (PVID)
admin@sonic:~$ sudo bridge vlan port vlan ids docker0 1 PVID Egress Untagged Ethernet48 1 PVID Egress Untagged Ethernet52 2 Bridge 1 2 dummy 1 PVID Egress Untagged
Inter-VLAN routing
Steps 1. Configure IP addresses on VLAN1 and VLAN2
admin@sonic:~$ sudo config interface ip add Vlan1 192.168.1.2/24 admin@sonic:~$ sudo config interface ip add Vlan2 192.168.2.1/24
Caution: Vlan1 and Vlan2 are the Names of the VLAN interface. So, “V” must be capital.
Result
- Check the VLAN setting and IP addresses
admin@sonic:~$ show vlan brief +-----------+----------------+------------+-----------+----------+---------------+----------------------------+ | VLAN ID | IP Address | Ports | Port | Proxy | DHCP Helper | DHCP Relay Configuration | | | | | Tagging | ARP | Address | | +===========+================+============+===========+==========+===============+============================+ | 1 | 192.168.1.2/24 | Ethernet48 | untagged | disabled | | Source Interface: | | | | | | | | Link Selection: | | | | | | | | Server Vrf: | | | | | | | | Server ID Override: | +-----------+----------------+------------+-----------+----------+---------------+----------------------------+ | 2 | 192.168.2.1/24 | Ethernet52 | tagged | disabled | | Source Interface: | | | | | | | | Link Selection: | | | | | | | | Server Vrf: | | | | | | | | Server ID Override: | +-----------+----------------+------------+-----------+----------+---------------+----------------------------+ admin@sonic:~$ show ip interfaces Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP ----------- -------- ------------------- ------------ -------------- ------------- Vlan1 192.168.1.2/24 up/up N/A N/A Vlan2 192.168.2.1/24 up/up N/A N/A docker0 240.127.1.1/24 up/down N/A N/A eth0 188.188.9.10/16 up/up N/A N/A lo 127.0.0.1/16 up/up N/A N/A
- Check the routing table.
admin@sonic:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route C>* 192.168.1.0/24 is directly connected, Vlan1, 00:01:57 C>* 192.168.2.0/24 is directly connected, Vlan2, 00:02:02
Appendix
- Content about VLAN in /etc/sonic/config_db.json
admin@sonic:~$ sonic-cfggen -j /etc/sonic/config_db.json --var-json "VLAN"
{
"Vlan1": {
"vlanid": "1"
},
"Vlan2": {
"vlanid": "2"
}
}
admin@sonic:~$ sonic-cfggen -j /etc/sonic/config_db.json --var-json "VLAN_MEMBER"
{
"Vlan1|Ethernet48": {
"tagging_mode": "untagged"
},
"Vlan2|Ethernet52": {
"tagging_mode": "tagged"
}
}
admin@sonic:~$ sonic-cfggen -j /etc/sonic/config_db.json --var-json "VLAN_INTERFACE"
{
"Vlan1": {},
"Vlan2": {},
"Vlan1|192.168.1.2/24": {},
"Vlan2|192.168.2.1/24": {}
}
Frequently Asked Question
How to add range of VLAN members?
Tested model & firmware version:
- Switch model name:
DCS203 (AS7326-56X) - Edgecore SONiC version:
202012.4
Problem description:
SONiC could only add VLAN members one by one to the Interface. How to add range of VLAN members?
admin@sonic:~$ sudo config vlan add 10,20
Usage: config vlan add [OPTIONS] <vid>
Try "config vlan add -h" for help.
Error: Invalid value for "<vid>": 10,20 is not a valid integer
admin@sonic:~$ sudo config vlan add 10-20
Usage: config vlan add [OPTIONS] <vid>
Try "config vlan add -h" for help.
Error: Invalid value for "<vid>": 10-20 is not a valid integer
Solution:
Users can use the For Loop to create a range of VLANs.
For example:
admin@sonic:~$ for i in {2000..2010..1};do sudo config vlan add $i;done
admin@sonic:~$ for i in {2000..2010..1};do sudo config vlan member add $i Ethernet0; done
Note:
Where 2000 is the starting vlan and 2010 is the last vlan and the vlan number increases by 1 with each loop.
Check the status.
admin@sonic:~$ show vlan brief
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper | DHCP Source | DHCP Link | Proxy ARP |
| | | | | Address | Interface | Selection | |
+===========+==============+===========+================+===============+===============+=============+=============+
| 2000 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2001 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2002 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2003 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2004 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2005 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2006 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2007 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2008 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2009 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
| 2010 | | Ethernet0 | tagged | | | | disabled |
+-----------+--------------+-----------+----------------+---------------+---------------+-------------+-------------+
Comments
2 comments
Hi 張恪睿,
Thanks for your sharing, I did the same procedure in my set up, unfortunately, the operational status is still down. not up/up but up/down. I can't ping from the server to the switch. Do you know what may cause this problem? Thanks!
Tong
Is it valid to create a vlan with ip and gateway?
sudo config interface ip add Vlan100 10.0.100.6/24 10.100.120.1
sudo config interface ip add Vlan1000 10.100.120.254/17 10.100.120.1
10.100.120.1 is router
Is that valid?
Please sign in to leave a comment.