Configure a persistent VLAN interface

Hello,

LibreElec 7.0.2
RaspberryPi B+

In my wired network I use VLAN to isolate desktop, multimedia, DMZ traffic, … The module 802.1q is loaded by default but it’s not possible to create an interface VLAN in easy way. First I tried to use system-networkd (VLAN - ArchWiki) but we can’t use this network manager as Connman is used by default in LibreElec installation. Connman seems to not support directly VLAN configuration.

To have a network VLAN interface that works properly, active after the boot and without to modify in deep LibreElec default installation see below.

• Activate DHCP on main interface eth0 (to do initial configuration by SSH)
• Activate SSH on LibreElec
• Check if 802.1q module was loaded

# lsmod
Module Size Used by
8021q 16343 0
  

• Create VLAN interface : vconfig add eth0 150
• Check it with ifconfig
• Go back to LibreElec GUI in network parameter and configure my VLAN interface in static addressing mode (I think with DHCP it’s work too)
• Reconfigure main eth0 interface with “no address” (off). Don’t disable it
• Flush your arp table (router, PC, …) to access to your LibreElec by SSH on the VLAN interface by SSH. If all work fine, do next steps

Persistent configuration to have your VLAN interface become active automatically on the system reboot : configure new systemd unit

• You must add basic systemd script in /storage/.config/system.d/<NAME_YOU_WANT>.service

# cat vlan.multimedia.service
      [Unit]
      Description=Set VLAN interface in multimedia VLAN
      Before=kodi.service

      [Service]
      ExecStart=/sbin/vconfig add eth0 150

      [Install]
      WantedBy=multi-user.target

• After the file created, reload systemd :

# systemctl daemon-reload

• Check that your file is loaded

# systemctl list-unit-files

      UNIT FILE STATE
      (…)
      vlan.multimedia.service [[0;1;32mdisabled [[0m
      (…)

• You must enable your unit file:

# systemctl enable <NAME_YOU_SET>.service

• Check that your file is loaded and enabled

# systemctl list-unit-files

      UNIT FILE STATE

      (…)
      vlan.multimedia.service [[0;1;32menabled [[0m
      (…)

Check if all is done and try to reboot.

Enjoy

Hello,

Thanks for your reply
I have tried this but like the network interface isn't considered online by connman when she don't have an IP address, so the condition isn't satisfied and VLAN interface isn't created.

Quote from cosmos

Nice thread. Apologies for re-opening it after almost half a year, but as a VLAN newcomer, I'd appreciate if you could explain how the rest of the network is used.

Let me explain. I have an unmanaged switch connected to a avm fritz 7270 (IIRC) ADSL router. As far as I have read on VLANs you have to have some sort of managed switch to have trunking etc.

Or do you just have a router that understands VLANs and keeps them separate? I'd appreciate any sketch you might have on your network, I'm in need of a similar separation on my own home network and I don't know how to go about it.

Hello comos,

Sorry for the answer delay. Regarding your question you have two possibilities :

1) You only have a VLAN transparency switch (don't remove VLAN header in the ethernet frame)

- In this case your libreelec can exchange with a host in the same VLAN on the same switch or on another switch which support VLAN transparency too

2) Case 1) + router or linux box which support VLAN and trunking

- In this case, case 1) + your libreelec can exchange with a host on an other VLAN or non tagged LAN if you configure your router to route packet between VLAN.

For your information in my case, I have :

• Libreelec --> unmanageable switch (VLAN transparency support) --> manageable switch trunked (with lot of VLAN) --> linux box (trunked with the manageable switch)

I hope theses informations can help you,

Max