Configure VLAN tagged interface over LACP bond on CentOS / RHEL

In one of my previous articles I presented how to:
Configure a bridge interface over a VLAN tagged bonded interface on CentOS / RHEL

This is a supplement to the above tutorial – sometimes all you need is to configure just a regular interface over a VLAN tagged bond and the below procedure describes how to do it on CentOS 7 / RHEL 7 in few easy steps.

The example interface stack used in this procedure looks as follows:
bond0 (enp2s0f0 + enp3s0f0) -> bond0.3506@bond0

0. Prerequisites

Stop and disable NetworkManager:

[root@infra1 ~]# systemctl stop NetworkManager
[root@infra1 ~]# systemctl disable NetworkManager

Ensure, that 8021q module is enabled:

[root@infra1 ~]# lsmod | grep 8021q
8021q                  33080  0
garp                   14384  1 8021q
mrp                    18542  1 8021q

1. Linux Bond (Mode 4 – LACP, 802.3ad) configuration

In this example bond0 is a LACP based bonded interface, including two slave interfaces: enp2s0f0 and enp3s0f0.

Modify corresponding files accordingly:

/etc/sysconfig/network-scripts/ifcfg-bond0 configuration file:

DEVICE=bond0
TYPE=Bond
ONBOOT=yes
BONDING_OPTS="mode=802.3ad miimon=100 lacp_rate=fast"
NM_CONTROLLED=no
MTU="9000"

/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 configuration file:

TYPE=Ethernet
BOOTPROTO=none
DEVICE=enp2s0f0
ONBOOT=yes
NM_CONTROLLED=no
SLAVE=yes
MASTER=bond0

/etc/sysconfig/network-scripts/ifcfg-enp3s0f0 configuration file:

TYPE=Ethernet
BOOTPROTO=none
DEVICE=enp3s0f0
ONBOOT=yes
NM_CONTROLLED=no
SLAVE=yes
MASTER=bond0

2. VLAN tagged interface configuration on top of the bonded interface

Let’s say we have a tagged VLAN 3506 configured in trunk on switch ports where both LACP slave links are connected, now we can take out VLAN 3506 from trunk by means of creating a corresponding VLAN tagged interface on top of the Bond.

/etc/sysconfig/network-scripts/ifcfg-bond0.3506 configuration file:

DEVICE=bond0.3506
ONPARENT=yes
BOOTPROTO=none
DEFROUTE=yes
IPADDR=192.168.2.78
PREFIX=24
GATEWAY=192.168.2.1
DNS1=8.8.8.8
DNS2=8.8.4.4
VLAN=yes
NM_CONTROLLED=no
ZONE=trusted

Don’t forget to restart the network service:

[root@infra1 ~]# systemctl restart network