Synology Multi-VLAN Setup

Over Christmas, my awesome wife bought me a Synology DS214 for my expanded home lab. One of the many reasons Synology was selected is because the DSM operating system supports multiple VLANs. However, the web interface only lets you set one interface. I found a number of conflicted articles describing how to configure the other VLANs. I upgraded my Synology to DSM v4.3 and then followed the process below to add the VLAN setup.

Depending on your switch setup, you may need to remove all VLAN configuration from the Synology’s port until the VLAN is created, or you can tag a single VLAN, or you can tag multiple VLANs and set a native VLAN. In a worst case scenario, you can connect the Synology to a port with no VLANs, configure the first VLAN, then move it to a properly configured tag. I trust the reader to understand and troubleshoot their local network configuration. If you do lose all connection to your Synology, you can always reset it to defaults and try again.

UPDATE: This process is confirmed to work with both DSM v4 and DSM v5!

UPDATE TWO: This will not work with DSM v6! See the comments for details.

Configure the networking for your primary VLAN. This can be done under Control Panel -> Network. Under the Gateway tab, add the default gateway and configure the hostname. Configure a DNS server (I would suggest waiting on Active Directory configuration, which will gray out this option, until after completing all networking). Switch the Network Interface tab and select the LAN interface. Specify the IP address and netmask as you would normally. Check the box to enable your VLAN, in my case VLAN 2. Apply the configuration. At this point, you may lose connectivity; check your VLAN config and re-establish connectivity before continuing.

You’ll notice there’s nothing in the Network control panel to configure a second VLAN. For our next step, we move to the command line. If you haven’t done so yet, enable the command line interface – using SSH, not telnet, of course. SSH to the synology and log in as root, with the admin web user’s password (Note to all vendors: Please stop doing this. Either allow admin to sudo or rip it out and just use root). You’ll be in the BusyBox shell, which should be familiar to linux users. We’re going to use a little script to add VLANs. You can copy this into your SSH client, or store it in a file and execute it manually, whichever is easier. If you only need to add one VLAN, I suggest the former; the more you need, the more appealing the latter option is.

Here are the parameters for my additional VLAN:

  • Interface: eth0 [A DS214 only has one interface, larger units may use the bond0 interface or individual eth interfaces depending on configuration]
  • VLAN ID: 5
  • Address: 172.16.5.1
  • Netmask: 255.255.255.240
  • Broadcast 172.16.5.15

The script below sets variables containing these 5 values, calls vconfig to add a subinterface, brings up the interface, and creates an ifcfg script so it persists across reboots:

interface=eth0
vlan=5
ipaddr=172.16.5.1
broadcast=172.16.5.15
netmask=255.255.255.240

vconfig add $interface $vlan
ifconfig $interface.$vlan $ipaddr broadcast $broadcast netmask $netmask
cat > /etc/sysconfig/network-scripts/ifcfg-$interface.$vlan << END
DEVICE=$interface.$vlan
VLAN_ROW_DEVICE=$interface
VLAN_ID=$vlan
ONBOOT=yes
BOOTPROTO=static
IPADDR=$ipaddr
NETMASK=$netmask
END

After running this script, the VLAN configuration is live. If you go back to the Network control panel in the DSM interface, you should see an additional LAN interface. Repeat the script as many times as you need with additional VLAN configurations and ensure each shows up properly.

Though there is no absolute need, I would suggest rebooting the Synology at this point to ensure persistence across reboots, then proceed with configuring your other devices to make use of the new interfaces. It’s better to find out if there are issues now than when you have a power failure months down the road and lose access to some data because the interfaces went away.

Once you are sure your networking configuration is final, go ahead and finish your DSM configuration and start using it. Enjoy!

13 thoughts on “Synology Multi-VLAN Setup

  1. Nice, been looking for someone else doing this. So I assume switch side you’re trunking two and five? I assume so, but your write up didn’t mention anything of it. Thanks!

    • Correct. There are too many vendors with too many configs to address the configuration of trunks specifically. Trunk whatever VLANs you need (2 and 5 in my case) to your synology’s port(s) and you’re set. Just follow the guide in the indented paragraph at the top to ensure you maintain connectivity while implementing the sub-ints. In my first try, I was not so lucky and had to do a hard reset – not something you want to do if you have data on there already 🙂

  2. Thank you for your script. It does work well for me.

    Remarks : 802.1q might already be enabled on the interface before using the script.

    Unfortunately, I still have a problem : After disabling 802.1q on one of my interface (For untaged part), that interface disappeared (but still working). We cannot configure it through the web interface nor modifying rules into the firewall.

    Furthermore, is there any way to get a more usable name for each vlan in the interface (for instance, the real name of the interface, such as eth0.10)? It’s a bit frustrating that all vlan interface have the same name…

    Greetings

    • I’m not sure what might have happened when you disabled the interface and it disappeared permanently. I thankfully have not encountered that error and I do not have a spare DSM to try and replicate that with.

      I am not sure what you mean by the VLAN name. If you can try and explain it with some examples, perhaps I can help.

      • Hi,

        Thanks for your reply.

        When adding vlan interfaces, whatever the name I put for ifconfig ($interface.$vlan), DSM show only “LAN” on every interface.

        I have tried to disable the vlan on one of those interface through DSM and it works. but the interface “LAN” disappear on the DSM interface list – even after a reboot.

        For instance, I cannot configure the interface through DSM, including DHCP server parametters…

  3. I tried your method for my new box with DSM 6.0-7135 but it would not work, because there just is no vconfig 😦
    However after taking a look around in the box I found a directory /etc/sysconfig/network-scripts.
    Therein are config-files for each interface.
    I just did a

    cp ifcfg-. ifcfg-.
    (in my case cp ifcfg-bond0.10 ifcfg-bond0.11)

    and edited the new file according to my needs.
    After a reboot the new interface is there 🙂

    • Jens-Peter, I haven’t upgraded to DSM 6 yet. Thanks for the heads up! By any chance have you upgraded from 5.0 to 6.0 to know if it breaks anything or just requires the new method for future changes?

      • This is the first time I need vlan in a NAS and I upgraded our new 2015+ to DSM 6 virtually out of the box 🙂
        So no, I don’t know how an upgrade with enabled multiple vlans would work.
        I guess however, since this seems to be a new mechanism, that you would have to recreate your vlans after the upgrade. (at least those that were not configured by the gui)

  4. So i’m trying to do this using DSM 5.2 (after having it working once), but now i’m getting the error:
    “vconfig: can’t open ‘/proc/net/vlan/config’: No such file or directory”

    any ideas how i can fix it? (without doing a dsm reinstall!!)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s