config vlan add [OPTIONS] <vid>
admin@sonic:~$ sudo config vlan add 10 admin@sonic:~$ sudo config vlan add 11
Add member interfaces to VLANs
config vlan member add [OPTIONS] <vid> port
admin@sonic:~$ sudo config vlan member add -u 10 Ethernet100 admin@sonic:~$ sudo config vlan member add -u 11 Ethernet104
The -u option means “untagged” vlan member.
If an interface is a router port (has an IP address assigned), it will result in an error:
admin@sonic:~$ sudo config vlan member add 10 Ethernet40 Usage: config vlan member add [OPTIONS] <vid> port Try "config vlan member add -h" for help.
Error: Ethernet40 is a router interface!
In that case the IP address should be removed before joining.
Verify that VLANs are created:
admin@sonic:~$ show vlan brief +-----------+--------------+-------------+----------------+-----------------------+-------------+ | VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | Proxy ARP | +===========+==============+=============+================+=======================+=============+ | 10 | | Ethernet100 | untagged | | disabled | +-----------+--------------+-------------+----------------+-----------------------+-------------+ | 11 | | Ethernet104 | untagged | | disabled | +-----------+--------------+-------------+----------------+-----------------------+-------------+ admin@sonic:~$ show vlan config Name VID Member Mode ------ ----- ----------- -------- Vlan1 1 Ethernet100 tagged Vlan2 2 Ethernet104 untagged
Note that the capital V – it’s the interface name and must start with a capital letter.
Enable or disable proxy ARP for a VLAN interface (optional):
admin@sonic:~$ sudo config vlan proxy_arp 1 enabled This command will enable proxy ARP for the interface 'Vlan1'
Save the config
admin@sonic:~$ sudo config save -y
Check VLAN configuration from Linux perspective:
admin@sonic:~$ sudo bridge vlan port vlan ids docker0 1 PVID Egress Untagged Ethernet104 11 PVID Egress Untagged Ethernet100 10 PVID Egress Untagged Bridge 10 11 dummy 1 PVID Egress Untagged
Modify the VLAN hierarchy statements in the /etc/sonic/config_db.json file.
"VLAN": { "Vlan1": { "vlanid": "10" }, "Vlan2": { "vlanid": "11" } }, "VLAN_MEMBER": { "Vlan10|Ethernet100": { "tagging_mode": "untagged" }, "Vlan11|Ethernet104": { "tagging_mode": "untagged" } },
A layer 3 interface that serves to route traffic from a switch on one VLAN to another switch on another VLAN is called a switch virtual interface.
Bridges can be part of a routing topology after being assigned an IP address. The IP address of the bridge is typically from the same subnet as the member hosts of the bridge. This enables hosts within the bridge to communicate with other hosts outside of the bridge through a switch virtual interface (SVI), which provides layer 3 routing.
Assign IP addresses to the VLANs on the switch – it’s necessary to route between the VLANs.
admin@sonic:~$ sudo config interface ip add Vlan10 192.168.10.1/24 admin@sonic:~$ sudo config interface ip add Vlan11 192.168.11.1/24
Check the result:
admin@sonic:~$ show vlan brief +-----------+-----------------+-------------+----------------+-----------------------+-------------+ | VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | Proxy ARP | +===========+=================+=============+================+=======================+=============+ | 10 | 192.168.10.1/24 | Ethernet100 | untagged | | disabled | +-----------+-----------------+-------------+----------------+-----------------------+-------------+ | 11 | 192.168.11.1/24 | Ethernet104 | untagged | | disabled | +-----------+-----------------+-------------+----------------+-----------------------+-------------+
admin@sonic:~$ show ip interfaces Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP ----------- -------- ------------------- ------------ -------------- ------------- Loopback0 10.1.0.1/32 up/up N/A N/A Vlan10 192.168.10.1/24 up/up N/A N/A Vlan11 192.168.11.1/24 up/up N/A N/A docker0 240.127.1.1/24 up/down N/A N/A eth0 192.168.0.126/24 up/up N/A N/A lo 127.0.0.1/16 up/up N/A N/A
Check the routing table:
admin@sonic:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup K>* 0.0.0.0/0 [0/0] via 192.168.0.1, eth0, 00:46:57 C>* 10.1.0.1/32 is directly connected, Loopback0, 00:06:09 C>* 192.168.0.0/24 is directly connected, eth0, 00:46:57 C>* 192.168.10.0/24 is directly connected, Vlan10, 00:00:17 C>* 192.168.11.0/24 is directly connected, Vlan11, 00:00:17
As you can see, handling VLANs in SONiC is simple and effective.
Modify the VLAN hierarchy statements in the /etc/sonic/config_db.json file to achieve the same result.
"VLAN": { "Vlan10": { "vlanid": "10" }, "Vlan11": { "vlanid": "11" } }, "VLAN_INTERFACE": { "Vlan10": {}, "Vlan10|192.168.10.1/24": {}, "Vlan11": {}, "Vlan11|192.168.11.1/24": {} }, "VLAN_MEMBER": { "Vlan10|Ethernet100": { "tagging_mode": "untagged" }, "Vlan11|Ethernet104": { "tagging_mode": "untagged" } },