How to Configure VLANs on a Bonded Interface in RHEL 9
In modern enterprise environments, network reliability and segmentation are not just best practices; they are essential requirements. System administrators running Red Hat Enterprise Linux 9 (RHEL 9) can achieve a powerful combination of both by layering VLANs on top of a bonded network interface. This advanced configuration provides high availability and increased throughput through bonding, while also delivering the security and traffic isolation benefits of VLANs.
This guide provides a clear, step-by-step process for configuring a VLAN on a bonded interface using nmcli, the command-line tool for NetworkManager in RHEL 9.
Understanding the Core Components
Before diving into the configuration, it’s crucial to understand the two technologies we are combining.
Network Bonding: Also known as link aggregation or NIC teaming, bonding combines multiple physical network interfaces into a single logical interface. This offers two primary advantages:
- Fault Tolerance: If one of the physical links in the bond fails, traffic automatically fails over to the remaining active links, preventing network downtime. This is often configured in an
active-backupmode. - Load Balancing: In certain modes (like
802.3ad), traffic is distributed across all physical links in the bond, increasing the total available bandwidth.
- Fault Tolerance: If one of the physical links in the bond fails, traffic automatically fails over to the remaining active links, preventing network downtime. This is often configured in an
VLANs (Virtual Local Area Networks): VLANs allow you to segment a physical network into multiple, isolated broadcast domains. Devices on one VLAN cannot communicate directly with devices on another VLAN without a router. This is fundamental for improving network security and organizing traffic, such as separating management, production, and storage network traffic even if they share the same physical hardware.
By placing a VLAN on a bonded interface, you create a network connection that is both highly resilient and properly segmented.
Step-by-Step Configuration with nmcli
We will use nmcli for this entire process. This method is the standard for RHEL 9 and ensures that your network configurations are persistent across reboots. For this example, we will bond two interfaces, eth0 and eth1, into a bond named bond0 and then create VLAN 100 on top of it.
Step 1: Create the Bond Master Interface
First, create the logical bonded interface. We’ll configure it in active-backup mode, which is a common choice for fault tolerance.
nmcli con add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup,miimon=100"
type bond: Specifies the connection type.con-name bond0: The name of the connection profile in NetworkManager.ifname bond0: The name of the network interface that will be created.bond.options: Sets the bonding mode (active-backup) and the link monitoring frequency (miimon=100milliseconds).
Step 2: Add Physical Interfaces as Slaves to the Bond
Next, enslave the physical network adapters to the bond master interface you just created. This action dedicates them to the bond.
Create the first slave connection:
nmcli con add type ethernet con-name bond0-slave-eth0 ifname eth0 master bond0
Create the second slave connection:
nmcli con add type ethernet con-name bond0-slave-eth1 ifname eth1 master bond0
type ethernet: Specifies that we are configuring a physical interface.ifname eth0/eth1: The name of the physical device.master bond0: This crucial parameter assigns the interface as a slave to thebond0master.
Step 3: Create the VLAN Interface on the Bond
With the bond established, you can now create the VLAN interface. Crucially, the VLAN is created on the bond0 interface, not the physical NICs.
nmcli con add type vlan con-name vlan100 ifname bond0.100 dev bond0 id 100
type vlan: Specifies the connection type.con-name vlan100: A descriptive name for the VLAN connection profile.ifname bond0.100: The name of the new VLAN interface (convention isparent_interface.vlan_id).dev bond0: Specifies that the parent device for this VLAN isbond0.id 100: The numerical VLAN tag. This must match the VLAN ID configured on your network switch.
Step 4: Configure the IP Address for the VLAN
The server will communicate over the VLAN interface, so this is where you assign your static IP address, gateway, and DNS information.
nmcli con modify vlan100 ipv4.addresses 192.168.1.50/24 ipv4.gateway 192.168.1.1 ipv4.dns "8.8.8.8,8.8.4.4" ipv4.method manual
This command modifies the vlan100 connection profile to set a static IP address (manual method) and associated network details.
Step 5: Activate the Network Connections
Finally, bring up the interfaces. It’s best practice to bring up the slaves first, followed by the master bond, and then the VLAN interface.
nmcli con up bond0-slave-eth0
nmcli con up bond0-slave-eth1
nmcli con up vlan100
Bringing up the VLAN connection (vlan100) will automatically activate its master (bond0), so you often don’t need to explicitly bring up bond0.
Verification and Security Tips
After configuration, you must verify that everything is working as expected.
Check IP Addressing and Interface Status:
Use theip addr showcommand. You should see thebond0interface and, importantly, thebond0.100interface with the IP address you assigned.# ip addr show ... 5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 ... link/ether ... 6: bond0.100@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ... inet 192.168.1.50/24 brd 192.168.1.255 scope global noprefixroute bond0.100 ...Inspect the Bond Status:
To check the health of the bond itself, examine its proc file. This will show you the bonding mode, MII status, and which slave interface is currently active.cat /proc/net/bonding/bond0
Security Best Practice:
This setup allows you to create multiple VLAN interfaces on the same bonded link. This is highly efficient for servers that need access to different secure networks. For example, you can create vlan100 for application traffic, vlan200 for storage traffic, and vlan300 for management—all running over the same redundant pair of physical network connections. This approach maximizes hardware usage while strictly enforcing network segmentation policies.
By following this guide, you can build a robust, resilient, and secure network foundation for your critical RHEL 9 servers.
Source: https://infotechys.com/bonded-interfaces-vlans-rhel-9/
