I am on ubuntu 16.04 on 4.4 kernel. I was trying out to see how to get the macvlan interface up but no success yet. These are the steps I used to create and get the interface up.

  1. ip link add mymacvlan1 link wlan0 type macvlan mode bridge
  2. ifconfig mymacvlan1 up
  3. route add default gw mymacvlan1

The moment I enter the 3rd command, my wifi connection goes off. I am not sure what's happening. Also after step (1) if I just do ifconfig mymacvlan1 up and then do dhclient mymacvlan1, it just freezes there. How to make the macvlan interface automatically acquire an IP from the DHCP?

Any help appreciated! Thanks!

1 Answer 1


Macvlans are not built to work on wireless interfaces. The reason is that all APs will reject frames originating from a MAC address which did not authenticate with them, while the whole point of macvlans is exactly to provide new subinterfaces with their own MAC address, different from that of the physical interface. It is thus no surprise that when you try to enable a default gateway on the macvlan interface, which automatically tears down the original gateway on the wlan0 interface (remember the rule: one default gateway per routing table only), you are left without a connection.

To circumvent this problem, you should use an ipvlan instead, which uses the mac address of the physical interface. Here you will find a detailed example of how to set it up, an example which I bet will suit you just fine.

You use it as follows, assuming your wifi interface is called wlan0:

ip link add link wlan0 ipvl0 type ipvlan mode l2
ip link set dev ipvl0 up
ip addr add dev ipvl0

(my LAN is, change as needed to adapt it to your case) and you can also change the default gateway to be accessible on the new virtual interface, instead of the old, physical one:

ip route del default
ip route add default via dev ipvl0 src metric 1

The only noteworthy comment is that I used mode L2: ipvlans have three modes of operation, L2,L3,L3S (never mind that it is generally said that they have two modes, there is also the L3S which is similar to L3 but allows operation of iptables/conntrack). The difference between L2 and L3 is that L2 allows the virtual interface to be bridged with the physical interface, which means it can have an address in the same subnet as the physical interface and L2 traffic is correctly relayed. L3 mode instead does not relay L2 traffic, and requires configuration as an IPv4 router: different subnets, need to setup routes, and so on. More hassle than worth, most of the times.

Incidentally, having an underlying wireless interface is just about the only reasonable use case for ipvlans instead of macvlans. In all other cases, just stick to macvlans.

  • What exactly do you mean by frames being rejected due to failure in authentication with the AP? Commented Aug 18, 2016 at 17:21
  • 2
    @soupybionics All communications are split into frames of fixed size, to make sending large amount of data possible. Wifi frames (also called 802.11 frames) carry three MAC addresses, including the one of the sender. Since the Mac address of the macvlan differs from that of the wifi interface, when the access point (AP) receives the frames, it will see the MAC address of the macvlan interface, not that of wlan0, and cry foul: someone who has not been authorized (=did not give me his password) is trying to persuade me to send frames onto the Internet. Thus these frames are discarded. Commented Aug 18, 2016 at 18:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .