Multiple VLAN(sub) on Vyos


I want to set up sub VLAN with a network class 192.

What are my options.

My goal is to have multiple VLANs attached to my ESXI environment.

For example, Management(VLAN100)- 192.168.2.x, Vmotion(VLAN101)-192.168.3.x, VM traffic - 192.168.4.x; of course all network class are route able to each other. For example, I have existing router (CISCO-


Want to use vyos solution for above requirements.


I did review the follow video tutorial.



You can use per VLAN a NIC (easy when virtualized).
Or , completely the opposite, create a so called router on a stick. It has only a single NIC, having all VLANs on it.
See under VLAN Sub-Interfaces (802.1Q)



I use VMworkStation and split off all my Subnet/Zones on a per Virtual NIC basis and then use the Vyos to create Zone/ZonePolicies and use it to route what traffic i want between subnets.

So i have:
NIC 2 = Stroage
NIC 4 = Production
NIC 5 = Application

Obviously not exactly VLANs as per se but a good way to do it with out having to have switches/routers etc.

If you want more info let me know.



Good day,

I am planning the exact same thing except I am looking at a fully virtualized network connected to a physical.

So the path will look like:
Router -> Host System -> Virtual Box ->
10 + VM’s in virtual box with a domain controller.
2 VM’s will not be on the domain, but for security/learning purposes I want the various systems that are on the domain to be on separate subnets than the Domain controller & exchange servers.

Router - Host system & 2 non domain VM’s will be on 192.168.1.*
VyOS will obviously have Eth0 on the 192.168.1.* and Eth1 on 192.168.3.*
Domain Controller VM & Exchange VM on 192.168.3.*
Email Server on 192.168.70.*
Windows Clients on 192.168.80.*
Linux Clients on 192.168.100.*

So obviously for the last three I am looking at creating the vlan’s and getting those configured to talk to the domain controllers and the net.
I am even thinking of getting a couple of Scada VM up and having them in the 24-bit block range.

My Goal is to setup a network that is as close to a corporate/industrial model as possible for local pen testing purposes.