Your KVM environment might be used in a simple infrastructure using a local area network and if that's the case, you just need to plug in the LAN cable and you're ready to go. But if VLANs are involved, the setup is a bit more complicated. These are the steps that you need to take to use VLAN tags in a KVM virtual environment.
In order to have VLAN tagging in a KVM environment, you need to create VLANs on the virtualization host, not on the virtual machines (VMs). That is because it really is the bridge on the host that (physically) communicates to the network infrastructure, and not the VMs themselves. These host-based VLANs must be associated with one bridge for each VLAN. A host that has four VLANs will therefore have four bridges. Additionally, users need to tell the VM configuration file (on the host) which bridge to use.
So let's work on an example KVM host that already has some network configuration files in it. This is what the "/etc/sysconfig/network" directory looks like. You can see that it contains two bridges, and also three network interface files that define different VLANs:
kvm-2:/etc/sysconfig/network # ls
config if-up.d ifcfg-eth0 ifcfg-vlan2054 ifcfg.template routes
dhcp ifcfg-br0 ifcfg-eth1 ifcfg-vlan2143 ifroute-lo scripts
if-down.d ifcfg-br1 ifcfg-lo ifcfg-vlan3004 providers
This is the content of one example vlan configuration file. Note the use of the VLAN_ID parameter, which makes the configuration specific to one VLAN:
kvm-2:/etc/sysconfig/network # cat ifcfg-vlan2143
You could also give it an IP address as well, but no IP address was needed in this example. If the VLAN interface on the host needs to be addressed directly, it needs an IP address as well. This is the case, for example, if you need to address it for management purposes. If it's used as a pass-through only, you can perfectly do without an IP address on the physical interface.
On this example, machine all VLANs were configured on eth1; eth0 is for management purposes only. This is the contents of ifcfg-eth0:
kvm-2:/etc/sysconfig/network # cat ifcfg-eth0
NAME='VIC Ethernet NIC'
Now for every VLAN there needs to be a specific bridge. The vlan2143 is connected to br1. This is seen in the BRIDGE_PORTS parameter in the bridge configuration file as you can see in the following listing.
kvm-2:/etc/sysconfig/network # cat ifcfg-br1
To finalize the configuration, you need an interface definition in the VM configuration file so that it knows which specific bridge it is connected to. So, if the name of the VM is san-2, use virsh edit san-2 and make sure it includes the following interface definition:
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
At this point you can bring up the entire configuration and you'll see that each VM is assigned to the VLAN you've created for it.