# Bridge for VLAN 40 with systemd-networkd Steps to create a persistent bridge **br1.40** for VLAN 40 on **eth1** using **systemd-networkd** (systemd 232). --- ## Your current layout (satbox) Existing files in `/etc/systemd/network/`: - **10-** — eth0 (link + network) - **11-, 12-, 13-** — eth0.50, eth0.60, eth0.201 (netdev + network each) - **20-, 30-, 40-** — eth1, eth2, eth3 (link + network) - **50-** — br1 (netdev + network) New files below use **21-** for VLAN 40 on eth1 (`eth1.40`) and **51-** for bridge `br1.40` (after 50-br1). --- ## 1. Prerequisites - **Kernel module**: VLAN support must be loaded. Ensure `8021q` is loaded (often already is if you use VLANs): ```bash sudo modprobe 8021q ``` To load at boot (if not already): ```bash echo 8021q | sudo tee -a /etc/modules-load.d/8021q.conf ``` - **Config directory**: All configs go under `/etc/systemd/network/`. Create it if missing: ```bash sudo mkdir -p /etc/systemd/network ``` --- ## 2. Define the VLAN interface (.netdev) Create a netdev file so systemd-networkd creates the VLAN interface on eth1 at boot. **File:** `/etc/systemd/network/21-eth1.40.netdev` ```ini [NetDev] Name=eth1.40 Kind=vlan [Vlan] Id=40 ``` --- ## 3. Define the bridge (.netdev) Create the bridge device. Same pattern as your existing `50-br1.netdev`. **File:** `/etc/systemd/network/51-br1.40.netdev` ```ini [NetDev] Name=br1.40 Kind=bridge ``` --- ## 4. Attach the VLAN to the bridge (.network) Use a `.network` file that matches the VLAN interface and adds it to the bridge. **File:** `/etc/systemd/network/21-eth1.40.network` ```ini [Match] Name=eth1.40 [Network] Bridge=br1.40 ``` --- ## 5. Configure the bridge (.network) Optional: assign an IP to the bridge if the host must be on VLAN 40 (e.g. for management or routing). If the bridge is only for VMs, you can omit the address or use a small subnet. Same pattern as your existing `50-br1.network`. **File:** `/etc/systemd/network/51-br1.40.network` ```ini [Match] Name=br1.40 [Network] Address=192.168.40.254/24 ``` Adjust the address to match your VLAN 40 subnet. Remove the `Address=` line if you do not want an IP on the host. --- ## 6. Add VLAN to the parent interface (.network) Edit **`20-eth1.network`** so that eth1 explicitly carries VLAN 40. Your file currently looks like: ```ini [Match] Name=eth1 [Network] Bridge=br1 ``` Add **`VLAN=eth1.40`** under `[Network]` (same pattern as `10-eth0.network`, which has `VLAN=eth0.50`, `VLAN=eth0.60`, `VLAN=eth0.201`). After editing: ```ini [Match] Name=eth1 [Network] Bridge=br1 VLAN=eth1.40 ``` This ties the VLAN to eth1 so it is created when eth1 is configured. eth1 stays in br1; eth1.40 will be created and then attached to br1.40 by the 21-eth1.40.network file. --- ## 7. Apply and check 1. Restart systemd-networkd: ```bash sudo systemctl restart systemd-networkd ``` 2. Check that the VLAN and bridge exist and the VLAN is in the bridge: ```bash ip -br link show eth1.40 ip -br link show br1.40 ip link show master br1.40 ``` 3. Optional: check status: ```bash networkctl status br1.40 networkctl status eth1.40 ``` --- ## 8. Deploy the VM on br1.40 After `br1.40` is up and has `eth1.40` as a port, deploy the Rina VM onto it: ```bash BRIDGE=br1.40 ./deploy-rina-vm.sh ``` The VM will get an IP in your VLAN 40 subnet via cloud-init (e.g. 192.168.40.225); adjust cloud-init if your subnet or gateway differ. --- ## File summary | File | Purpose | |------|--------| | **Edit** `20-eth1.network` | Add `VLAN=eth1.40` under `[Network]` so eth1 carries VLAN 40 | | `21-eth1.40.netdev` | Creates VLAN interface `eth1.40` on eth1 | | `21-eth1.40.network` | Puts `eth1.40` into bridge `br1.40` | | `51-br1.40.netdev` | Creates bridge `br1.40` (after 50-br1) | | `51-br1.40.network` | Optional: IP on `br1.40` (e.g. 192.168.40.254/24) | Files are processed in alphanumeric order. Netdevs (21-, 51-) are applied first, then network files; br1.40 exists before `21-eth1.40.network` adds the VLAN to it. --- ## Troubleshooting - **VLAN interface not created**: Ensure `8021q` is loaded and eth1 is up. Check logs: `journalctl -u systemd-networkd -n 50`. - **VLAN not in bridge**: Ensure the `[Match] Name=` in `21-eth1.40.network` matches the VLAN interface name exactly (`eth1.40`). - **Changes not applied**: Run `sudo systemctl restart systemd-networkd` and re-check `ip link` and `networkctl`.