VLAN “Trunking” with OpenBSD

Intro

In this post we will explore how to create a VLAN “trunk” with OpenBSD for the purpose of transporting multiple VLANs between an OpenBSD server and a VLAN-capable switch. The term “trunk” being in quotes because, while there are many definitions of the term “trunk” in the networking world, for the purpose of this discussion it will refer to the Cisco definition of a “trunk link”:

“Trunk links provide VLAN identification for frames traveling between switches.”

OpenBSD Network Interfaces

While there are multiple ways to achieve a similar result, this discussion assumes that the server has a currently unused physical interface that can be allocated for the VLAN trunk.

Poor quality of Realtek adapters aside, let’s use the rl2 interface for our trunk:

# echo 'up descr VLAN_TRUNK group VLAN_TRUNK' > /etc/hostname.rl2

Bring the interface “up”:

# sh /etc/netstart rl2

Examine the interface:

# ifconfig rl2
rl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:40:48:b1:2d:db
        description: VLAN_TRUNK
        priority: 0
        groups: VLAN_TRUNK
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::240:48ff:feb1:2ddb%rl2 prefixlen 64 scopeid 0x3

OK, so now we have what is referred to in the Cisco world as an “IP unnumbered interface”. Let’s create some VLANs and assign them all to the rl2 physical interface using the vlandev option.

A VLAN for a printer network:

# echo 'inet 10.1.72.1 255.255.252.0 NONE descr PRINTERS group PRINTERS vlan 5 vlandev rl2' > /etc/hostname.vlan5
# sh /etc/netstart vlan5
# ifconfig vlan5
vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:40:48:b1:2d:db
        description: PRINTERS
        priority: 0
        vlan: 5 parent interface: rl2
        groups: vlan PRINTERS
        status: active
        inet6 fe80::240:48ff:feb1:2ddb%vlan5 prefixlen 64 scopeid 0x11
        inet 10.1.72.1 netmask 0xfffffc00 broadcast 10.1.75.255

A VLAN for a test network:

# echo 'inet 10.1.80.1 255.255.248.0 NONE descr TEST group TEST vlan 12 vlandev rl2' > /etc/hostname.vlan12
# sh /etc/netstart vlan12
# ifconfig vlan12
vlan12: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:40:48:b1:2d:db
        description: TEST
        priority: 0
        vlan: 12 parent interface: rl2
        groups: vlan TEST
        status: active
        inet6 fe80::240:48ff:feb1:2ddb%vlan12 prefixlen 64 scopeid 0x9
        inet 10.1.80.1 netmask 0xfffff800 broadcast 10.1.87.255

A VLAN for a guest network:

# echo 'inet 10.1.88.1 255.255.248.0 NONE descr GUEST group GUEST vlan 15 vlandev rl2' > /etc/hostname.vlan15
# sh /etc/netstart vlan15
# ifconfig vlan15
vlan15: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:40:48:b1:2d:db
        description: GUEST
        priority: 0
        vlan: 15 parent interface: rl2
        groups: vlan GUEST
        status: active
        inet6 fe80::240:48ff:feb1:2ddb%vlan15 prefixlen 64 scopeid 0xc
        inet 10.1.88.1 netmask 0xfffff800 broadcast 10.1.95.255

Summary

Now we have an “IP unnumbered interface” rl2 which is transporting VLANs 5, 12, and 15. It can be connected directly to a VLAN-capable switch with a similar “VLAN trunk” configured on the switch side. The entire configuration took 12 commands and can be done in less than a minute if you’re a fast typer. This is just one example of how OpenBSD provides powerful interfaces for building networks.