VLANs are a way of virtually dividing up a network into many different subnetworks, also referred to as segmenting. Each segment will have its own broadcast domain and be isolated from other VLANs.

On FreeBSD, VLANs must be supported by the network card driver. To see which drivers support vlans, refer to the vlan(4) manual page.

When configuring a VLAN, a couple pieces of information must be known. First, which network interface? Second, what is the VLAN tag?

To configure VLANs at run time, with a NIC of em0 and a VLAN tag of 5 the command would look like this:

# ifconfig em0.5 create vlan 5 vlandev em0 inet 192.168.20.20/24

To configure VLANs at boot time, /etc/rc.conf must be updated. To duplicate the configuration above, the following will need to be added:

vlans_em0="5"
ifconfig_em0_5="inet 192.168.20.20/24"

Additional VLANs may be added, by simply adding the tag to the vlans_em0 field and adding an additional line configuring the network on that VLAN tag's interface.

It is useful to assign a symbolic name to an interface so that when the associated hardware is changed, only a few configuration variables need to be updated. For example, security cameras need to be run over VLAN 1 on em0. Later, if the em0 card is replaced with a card that uses the ixgb(4) driver, all references to em0.1 will not have to change to ixgb0.1.

To configure VLAN 5, on the NIC em0, assign the interface name cameras, and assign the interface an IP address of 192.168.20.20 with a 24-bit prefix, use this command:

# ifconfig em0.5 create vlan 5 vlandev em0 name cameras inet 192.168.20.20/24

For an interface named video, use the following:

# ifconfig video.5 create vlan 5 vlandev video name cameras inet 192.168.20.20/24

To apply the changes at boot time, add the following lines to /etc/rc.conf:

vlans_video="camera"
create_args_camera="vlan 5"
ifconfig_camera="inet 192.168.20.20/24"