Set Up VLANs Using NMCLI on RHEL 9

Set Up VLANs Using NMCLI on RHEL 9

Learn how to set up VLANs using nmcli on RHEL 9 with this step-by-step guide. Includes CLI examples, troubleshooting tips, and best practices for configuring VLAN interfaces in a Linux environment.

Table of Contents

🔈Introduction

In modern enterprise networks, Virtual LANs (VLANs) are essential for segmenting traffic, improving security, and optimizing performance. On Red Hat Enterprise Linux 9 (RHEL 9), the nmcli (NetworkManager Command Line Interface) tool makes configuring VLANs fast, efficient, and scriptable—ideal for sysadmins and DevOps teams managing scalable infrastructure.

This tutorial walks you through the steps to set up VLANs using nmcli on RHEL 9, with real-world examples and best practices.

✅ What is a VLAN?

A Virtual LAN (VLAN) is a logical subdivision of a Layer 2 network that allows devices to communicate as if they were on the same physical LAN—even when separated. VLANs help:

  • Isolate sensitive systems
  • Reduce broadcast domains
  • Improve network performance and manageability
  • Simplify compliance and network segmentation

VLANs are identified by VLAN IDs, which range from 1 to 4094.

✅ Why Use NMCLI on RHEL 9?

Red Hat Enterprise Linux 9 uses NetworkManager to manage network interfaces. While tools like nmtui (TUI) and nm-connection-editor (GUI) are available, nmcli is preferred for:

  • Automation and scripting
  • Remote SSH-based configuration
  • Headless server support
  • Fast, efficient operations with minimal overhead

📋 Prerequisites

Before proceeding, ensure the following requirements are met:

RequirementDescription
Operating SystemRHEL 9 or compatible (e.g., CentOS Stream 9, AlmaLinux)
Root PrivilegesRequired to configure network settings
NetworkManagerMust be installed and running

To check if NetworkManager is active:

				
					sudo systemctl status NetworkManager

If not running, start and enable it:

				
					sudo systemctl enable --now NetworkManager

▶️ Step-by-Step Guide to Set Up VLANs

Let’s configure a VLAN on a server with one physical interface (e.g., ens33) using VLAN ID 100 and IP address 192.168.100.10/24.

🔄 Step 1: Identify Your Parent Interface

List available network interfaces:

				
					nmcli device status

Example output:

				
					DEVICE   TYPE      STATE      CONNECTION
ens33    ethernet  connected  ens33
lo       loopback  unmanaged  --

In this case, ens33 is the parent interface.

🔄 Step 2: Create the VLAN Interface

Create a VLAN interface named vlan100 on ens33 with VLAN ID 100:

				
					sudo nmcli connection add type vlan con-name vlan100 dev ens33 id 100

This command:

  • Adds a new VLAN connection named vlan100
  • Associates it with physical device ens33
  • Assigns VLAN ID 100

🔄 Step 3: Assign an IP Address

To use a static IP:
				
					sudo nmcli connection modify vlan100 ipv4.addresses 192.168.100.10/24
				
			
				
					sudo nmcli connection modify vlan100 ipv4.gateway 192.168.100.1
				
			
				
					sudo nmcli connection modify vlan100 ipv4.dns "8.8.8.8 1.1.1.1"
				
			
				
					sudo nmcli connection modify vlan100 ipv4.method manual
To use DHCP instead:
				
					sudo nmcli connection modify vlan100 ipv4.method auto

🔄 Step 4: Activate the VLAN Interface

Bring up the new VLAN interface:

				
					sudo nmcli connection up vlan100

Expected output:

				
					Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)

Verify the interface:

				
					ip a show vlan100

🛠️ Verifying VLAN Configuration

Check the connection status and settings:

				
					nmcli device show vlan100
				
			
				
					nmcli connection show vlan100

Sample output:

				
					connection.id:                          vlan100
connection.interface-name:              vlan100
connection.type:                        vlan
vlan.parent:                            ens33
vlan.id:                                100
ipv4.addresses:                         192.168.100.10/24

Test connectivity:

				
					ping -c 4 192.168.100.1

🛠️ Persistent Configuration

Changes made using nmcli connection are persistent by default. To list all persistent connections:

				
					nmcli connection show

To disable or remove the VLAN:

				
					sudo nmcli connection down vlan100
				
			
				
					sudo nmcli connection delete vlan100

🧰 Troubleshooting Tips

IssueSolution
VLAN interface not appearingEnsure the parent interface (ens33) is up and managed
Cannot ping gatewayCheck VLAN tagging and switch port configuration
IP not assignedVerify static or DHCP settings
Interface not managedRun: nmcli device set <interface> managed yes
Duplicate VLAN IDEnsure VLAN IDs are unique per parent interface

For deeper debugging:

				
					journalctl -xeu NetworkManager
				
			
				
					nmcli general logging level DEBUG domains ALL

🛡️ Security Best Practices

To secure your VLAN deployment:

  • Use VLAN ACLs and port security on switches
  • Disable unused VLANs and interfaces
  • Enforce 802.1Q tagging and secure trunk ports
  • Monitor traffic using tools like tcpdump, auditd, or suricata
  • Keep NetworkManager and system packages up to date

🏁 Conclusion

Setting up VLANs with nmcli on RHEL 9 is a powerful way to manage network segmentation—without relying on GUIs or third-party tools. Whether you’re automating environments, enhancing security, or managing large infrastructures, VLANs are a foundational tool in modern Linux networking.

By following the steps in this guide, you can confidently deploy secure and scalable VLAN configurations using only the command line.

Did you find this article helpful? Your feedback is invaluable to us! Feel free to share this post with those who may benefit, and let us know your thoughts in the comments section below.

📕 Related Posts
Tags

Leave a Reply

Your email address will not be published. Required fields are marked *