VLANs with KVM guests on Ubuntu 18.04 / netplan

There is a frustrating lack of information on how to set up multiple VLAN interfaces on a KVM host out there. I made my way through it in production today with great applications of thud and blunder; here’s an example of a working 01-netcfg.yaml with multiple VLANs on a single (real) bridge interface, presenting as multiple bridges.

Everything feeds through properly so that you can bring KVM guests up on br0 for the default VLAN, br100 for VLAN 100, or br200 for VLAN 200. Adapt as necessary for whatever VLANs you happen to be using.

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: no
      dhcp6: no
    eno2:
      dhcp4: no
      dhcp6: no
  vlans:
    br0.100:
      link: br0
      id: 100
    br0.200:
      link: br0
      id: 200
  bridges:
    br0:
      interfaces:
        - eno1
        - eno2
      dhcp4: no
      dhcp6: no
      addresses: [ 10.0.0.2/24 ]
      gateway4: 10.0.0.1
      nameservers:
        addresses: [ 8.8.8.8,1.1.1.1 ]
    br100:
      interfaces:
        - br0.100
      dhcp4: no
      dhcp6: no
      addresses: [ 10.0.100.1/24 ]
    br200:
      interfaces:
        - br0.200
      dhcp4: no
      dhcp6: no
      addresses: [ 10.0.200.1/24 ]

Published by

Jim Salter

Mercenary sysadmin, open source advocate, and frotzer of the jim-jam.

4 thoughts on “VLANs with KVM guests on Ubuntu 18.04 / netplan”

  1. Just wanted to say thank you for posting this! I’ve been banging my head on this for past few hours and this help me sort out my issues. 🙂

  2. Thanks for sharing this! I’ve been a little puzzled as to how to configure netplan with VLANs for my KVM box in 18.04, and this did the trick.

  3. Thanks a lot for sharing this. Agree it is very difficult to find useful info on netplan.
    This was exactly what I needed to setup my pfSense(guest) on Ubuntu(host) with KVM. Below is my config.

    vlans:
    vlan10:
    accept-ra: no
    id: 10
    link: br-lan0
    bridges:
    br-wan:
    interfaces: [eth1]
    dhcp4: no
    dhcp6: no
    parameters:
    stp: false
    br-lan0:
    interfaces: [eth0]
    dhcp4: no
    dhcp6: no
    parameters:
    stp: false
    br-lan10:
    interfaces: [vlan10]
    addresses: [192.168.10.10/24]
    gateway4: 192.168.10.1
    nameservers:
    addresses: [192.168.10.1]
    parameters:
    stp: false

  4. Thank you for this. It is very useful.

    So, if I understood this correctly, Everything that is on br0 only (10.0.0.2/24) is untagged or part of a native VLAN and everything which comes in as br0.100(10.0.100.1/24) or br0.200(10.0.200.1/24) is VLANs 100 and 200 respectively, correct?
    Will the guests see the three bridges as three separate interfaces which are available?
    And my last question is, does the host need to have IPs in all the VLANs, or could the address fields be left empty for the guests to get their own IPs, in these VLANs, but not the host?

Leave a Reply

Your email address will not be published. Required fields are marked *