centos7 configure network card sub-interface

Configure sub-interface

Configuring subinterfaces in CentOS 7 can be used to implement virtualized networks or split a physical network interface into multiple logical interfaces to achieve different network segmentation or VLAN support. The following are the general steps for configuring subinterfaces in CentOS 7:

  1. Open a terminal: First, log in to the terminal of your CentOS 7 server via SSH or directly.

  2. Edit the network configuration file: Use a text editor (such as vim or nano) to edit the network configuration file, usually located in the /etc/sysconfig/network-scripts/ directory. You need to find the configuration file for the physical interface you want to create a subinterface, which usually exists with a file name like ifcfg-enp0sX, where enp0sX is the name of your physical interface.

sudo vim /etc/sysconfig/network-scripts/ifcfg-enp0sX
  1. Copy original configuration file: Copy the configuration file of the physical interface to create a new sub-interface configuration file. You can copy the file into a format like ifcfg-enp0sX:Y, where Y is the identifier of the subinterface.
sudo cp /etc/sysconfig/network-scripts/ifcfg-enp0sX /etc/sysconfig/network-scripts/ifcfg-enp0sX:Y

  1. Edit subinterface configuration file: Use a text editor to edit the newly created subinterface configuration file. Make sure to make the following configuration changes:

    • Modify DEVICE to the name of the sub-interface, for example DEVICE=enp0sX:Y.
    • If required, you can configure the IP address, subnet mask, and gateway.
    • If required, VLAN identifiers (802.1Q tags) can be configured.

Example subinterface configuration file:

DEVICE=enp0sX:Y
BOOTPROTO=static
IPADDR=IP address of the subinterface
NETMASK=subnet mask
ONBOOT=yes
  1. Restart Network Services: Save and close the subinterface configuration file, then restart Network Services to apply the changes.
sudo systemctl restart network
  1. Verify configuration: Use the ifconfig or ip a command to verify that the new subinterface has been created and is running. You should be able to see the subinterface information.
ifconfig enp0sX:Y

Now, you have successfully configured the subinterface. You can use it for different network segmentation or VLAN support and further configure it according to your needs. Be sure to replace information such as the actual interface name, IP address, and subnet mask with your actual configuration.

Configure vlan information on the sub-interface

In the subinterface’s configuration file, you can add VLAN information. This requires you to edit the subinterface’s configuration file to include the VLAN tag information. Here are the steps on how to add VLAN information in the subinterface configuration file:

  1. Open a terminal and log in to the CentOS 7 server.

  2. Edit the configuration file of the sub-interface, usually located in the /etc/sysconfig/network-scripts/ directory. The file name format is ifcfg-enp0sX:Y (according to your sub-interface name).

sudo vim /etc/sysconfig/network-scripts/ifcfg-enp0sX:Y
  1. In the configuration file, add the VLAN tag information. You can specify the VLAN ID using the VLAN parameter.

Example VLAN subinterface configuration file (ifcfg-enp0sX:Y), assuming VLAN ID is 100:

DEVICE=enp0sX:Y
BOOTPROTO=static
IPADDR=IP address of the subinterface
NETMASK=subnet mask
GATEWAY=Gateway IP address
ONBOOT=yes
VLAN=yes
VLAN_ID=100

In the above configuration, the VLAN_ID parameter specifies the ID of the VLAN, and the VLAN parameter is set to yes to enable the VLAN.

  1. Save and close the configuration file.

  2. Restart the network service to apply the changes:

sudo systemctl restart network

Now, you have successfully added the VLAN information in the subinterface configuration file. This will make the subinterface a VLAN subinterface, allowing you to implement VLAN separation in CentOS 7. Be sure to replace information such as the actual interface name, IP address, subnet mask, gateway, and VLAN ID with your actual configuration.

Sub-interfaces are separated by “.”

Can enp0sX:Y be written as enp0sX.Y?

In CentOS 7, subinterface naming usually uses a colon : to separate the identifiers of the physical interface and the subinterface, such as enp0sX:Y. This is a common naming convention used to represent the Y subinterface of a physical interface enp0sX. This naming scheme is standard on most Linux systems.

If you wish to use a dot . to separate the physical interface and sub-interface identifiers, for example enp0sX.Y, you can try, but please note that this may not be supported by all network configuration tools and scripting support. Using the colon : is generally the more widely accepted standard approach because it is consistent with how VLAN tags are named.

In summary, while enp0sX:Y is the standard subinterface naming method, you can try using enp0sX.Y, just make sure to maintain consistency in the configuration file and Tested and verified in actual use to ensure it works properly.

#Example 1
sudo ip link add link enp0sX name enp0sX.Y type vlan id Y

#Example 2
sudo vim /etc/sysconfig/network-scripts/ifcfg-enp0sX.Y
DEVICE=enp0sX.Y
BOOTPROTO=static
IPADDR=IP address of the subinterface
NETMASK=subnet mask
GATEWAY=Gateway IP address
ONBOOT=yes

Note

In CentOS7, NetworkManager is not very friendly to network management. It is recommended to disable the NetworkManager service and use the network service to manage the network

A practical case in a production environment

[root@-compute-zyq ~]# ip a | grep bond
2: eno1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond1 state UP group default qlen 1000
3: eno2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond2 state UP group default qlen 1000
4: eno3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
5: eno4: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
6: ens4f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond1 state UP group default qlen 1000
7: ens4f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond2 state UP group default qlen 1000
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
9: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
10: bond2: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
11: bond0.150@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 10.33.16.152/21 brd 10.33.23.255 scope global bond0.150
13: bond1.301@bond1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    inet 10.33.96.152/20 brd 10.33.111.255 scope global bond1.301
15: bond2.300@bond2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    inet 10.33.32.152/21 brd 10.33.39.255 scope global bond2.300
[root@-compute-zyq ~]# cd /etc/sysconfig/network-scripts/
[root@-compute-zyq network-scripts]# ls
ifcfg-bond0 ifcfg-bond1 ifcfg-bond2.200 ifdown ifdown-ipv6 ifdown-routes ifup ifup-ippp ifup-plusb ifup-Team network-functions
ifcfg-bond0.150 ifcfg-bond1.301 ifcfg-bond2.300 ifdown-bnep ifdown-isdn ifdown-sit ifup-aliases ifup-ipv6 ifup-post ifup-TeamPort network-functions-ipv6
ifcfg-bond0.199 ifcfg-bond1-slave-eno1 ifcfg-bond2-slave-eno2 ifdown-eth ifdown-ovs ifdown-Team ifup-bnep ifup-isdn ifup-ppp ifup-tunnel route-bond0.150
ifcfg-bond0-slave-eno3 ifcfg-bond1-slave-ens4f0 ifcfg-bond2-slave-ens4f1 ifdown-ib ifdown-post ifdown-TeamPort ifup-eth ifup-ovs ifup-routes ifup-wireless route-bond1.301
ifcfg-bond0-slave-eno4 ifcfg-bond2 ifcfg-lo ifdown-ippp ifdown-ppp ifdown-tunnel ifup-ib ifup-plip ifup-sit init.ipv6-global route-bond2.300
[root@-compute-zyq network-scripts]# cat route-bond0.150
10.33.42.0/23 via 10.33.23.254
[root@-compute-zyq network-scripts]# cat route-bond1.301
100.126.0.0/21 via 10.33.111.254 dev bond1.301
100.127.244.0/22 via 10.33.111.254 dev bond1.301
[root@-compute-zyq network-scripts]# cat route-bond2.300
10.33.39.12/32 via 10.33.32.1 dev bond2.300
[root@-compute-zyq network-scripts]#

In CentOS 7, when you use the ip a command to view an interface with a naming format similar to bond1.143@bond1:, the interface represents a VLAN (Virtual Local Area Network) sub-interface. Let me explain:

  1. bond1 represents the bond interface of the physical network adapter. In this case, it appears that you have a network adapter bond named bond1, which can be composed of multiple physical network adapters to provide redundancy and load balancing.

  2. .143 represents VLAN tag. VLAN is a virtual network technology used to segment a single physical network into multiple logical networks, each of which can have different configurations and security policies. Here, .143 means that the subinterface is associated with VLAN 143.

  3. @bond1 indicates that this VLAN sub-interface is attached to the bond1 physical interface.

Therefore, bond1.143@bond1: represents a VLAN 143 subinterface bonded to a physical network adapter named bond1. This configuration is often used to divide network traffic and provide network isolation to meet different network needs.