VLAN configuration in linux nic interface

Sarath Pillai's picture
VLAN in Linux

Configuring multiple vlan's in a switch is a norm these days. If you are using windows machine as a server, most of the time's nic card manufacturers provide, a graphical utility to configure vlan options for the nic card. However Linux machines provide an inbuilt functionality to configure your nic card interface to send VLAN information in the traffic.

Configuring vlan in Linux machine is not a touch task, it only requires the correct vlan, and ip information to be present on the interface configuration file.

In this post we will be going through the steps for configuring vlan on a Linux machine. We will start with some VLAN basics and then move towards configuration options.

What is a vlan?

Initially when networking switches were introduced in the market, all devices connected to it, in any of its port, were members of the same network or LAN.

Which means each and every host attached to that network switch, was able to reach all other hosts attached to that switch without any gateway or router in between. In other words, we can say that all machine's attached to that switch was in one broadcast domain.

There arised a need to cost effectively isolate broadcast domains, comprising of hosts from different physical locations. Dr.W.David.Sincoskie came up with a solution called VLAN's.


noteAn important fact to keep always in mind is that VLAN's work in Layer 2(Data link layer). The main building block of a vlan is ethernet frames(network data in data link layer are called frames).And the entire show of VLAN is run by switches.And operating system's sometimes coordinate with switches to comfortably run the show, by following some standards.


Virtual Local Area Network is the method of segregating, group of different hosts, to different broadcast domains, so that different virtual networks are formed. Don't forget that all the hosts are connected to the same switch, but can isolate them into different network's as required with the help of VLAN's.

How does VLAN work?

Vlan's are identified by number's. And these number's range from 1-4094. VLAN id(number's) are assigned to switch ports. If i have assigned a vlan id of 300 to one of my switch port, then that port will only accept traffic from other ports with vlan id 300. Also the hosts connected to that port will be a member of vlan 300. If that host needs to be a member of another vlan, at the same time, then another physical cable needs to be connected to a different port,with different vlan id.

As i told before, your vlan 300 can have its member's from other switches also(because an entire network infrastructure will consist many switches, which might be located in different floors etc.).

Suppose i have a 24 port switch, and would like to have 4 vlan's(vlan 200,vlan 300,vlan 400, vlan 500) and 15 hosts connected to it. In this case, if i need to also include hosts on other switch to the same vlan 200,300.400,& 500 then i will need to interconnect these switches together. As i told, one switch port can only be assigned with one vlan id, so i will need 4 ports on this switch with required vlan id's connected to the same vlan id ports on the other switch. Which means i will require 4 ports for 4 vlan's to interconnect different switches.

From the above seen diagram, if you want to make a host, member of multiple vlan's, then you need to have multiple physical cable's running from the switch to host(no of cables = no of vlans required by the host ). because you can only use one port for one vlan.

To solve the above two problems IEEE(Inernet Engineering Task Force),the people who standardizes the internet protocols, came up with a standardization called as 802.1Q, and is called as vlan tagging.

What is VLAN tagging?

VLAN tagging is done by adding VLAN information in the Ethernet frame itself. So computer hosts will now add an additional flag in the Ethernet frame for switches to recognize,which intern will send it to appropriate ports.

So now, after the implementation of 802.1q one single port and a single cable can carry multiple VLAN information. So for interconnecting switches together, only one cable is more than enough.

VLAN tagging support in Linux, is infact a kernel feature. You can verify if that kernel module is loaded in your Linux machine as shown below.

[root@myvm1 ~]# lsmod | grep 8021
8021q                  22217  0

 

Most of the linux machine's, have this module loaded by default for vlan tagging facility, so no worries.

As i mentioned, vlan information is included in the ethernet frame itself, by adding a 4 byte vlan identifier to the frame. Switches will strip of, or add the vlan information whenever required. So, the ethernet frame with vlan information added looks something like the below.

So our topic of interest is, how to tell our linux machine to insert that 802.1q vlan info in the ethernet frame that goes out. For that we need to configure our linux nic interface with the vlan id info. This can be done in two ways.

Vconfig command

create a vlan interface on your linux machine with vconfig command as shown below.

[root@myvm1 ~]# vconfig add eth0 300
Added VLAN with VID == 300 to IF -:eth0:-

The above shown command creates a network interface called eth0.300, just to verify, lets do an ifconfig.

[root@myvm1 network-scripts]# ifconfig -a
eth0.300  Link encap:Ethernet  HWaddr 00:0C:29:93:A0:52
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 

Now add your required VLAN Ip address by the following command.

[root@myvm1]# ifconfig eth0.300 192.168.3.45 netmask 255.255.255.0 broadcast 192.168.3.255 up
[root@myvm1]# ifconfig eth0.300
eth0.300  Link encap:Ethernet  HWaddr 00:0C:29:93:A0:52
          inet addr:192.168.3.45  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe93:a052/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:10581 (10.3 KiB)

 

you can also delete the interface, you created with vconfig command, with the below command.

vconfig rem eth0.300

 

How to make vlan info permanent in linux?

For that, you need create an interface file like other interface files in /etc/sysconfig/network-scripts/ directory with vlan id info inside.

So for example our eth0.300 file will look like this.

[root@myvm1 network-scripts]# cat ifcfg-eth0.300
DEVICE=eth0.300
BOOTPROTO=static
HWADDR=00:0c:29:93:a0:52
ONBOOT=yes
TYPE=Ethernet
VLAN=yes
NETMASK=255.255.255.0
IPADDR=192.168.3.45

Now simply restart the network, or simply bring up the new interface with ifup eth0.300 command

Note: VLAN is a big networking topic. I have only explained the necessary parts of it, to build a basic ground for understanding the purpose of VLAN tagging in Linux(our post topic).

Rate this article: 
Average: 4.7 (32 votes)

Comments

for example, it have a vlan 120 and configure the next nets:

192.168.20.0/29
172.30.201.128/32
66.78.107.192/26

In summary, have some vlans with some nets every one in the same nic.

slashmaster's picture

Hi hope,

VLAN is a layer two concept, so theoritically its possible to configure different subnets in one same vlan. However its not a good idea to configure such way.

For example, you can make your mentioned subnets in the same vlan 120 on the switch side(some juniper switches does allow to do that, like juniper ex4200)

192.168.20.0/29
172.30.201.128/32
66.78.107.192/26

And also you will be able to communicate between those different subnet, not because they are in one single broadcast domain made by the vlan, but because of routing in the switch. Means when a packet reaches from a subnet of 192.168.20.0/29 destined for 172.30.201.128/32, it will reach the destination not because of the same vlan, but because of the routing table entries in the switch.. The below discussion in the cisco forum might be helpful for you.

https://supportforums.cisco.com/thread/2014310

Regards

you did not mention that package that is require:- vconfig for centos and vlan for ubuntu

ho to configure different vlan different gateway on same pc with only one port.

Sarath Pillai's picture

Hi Anil,

For that you need to make the port on the switch to which your lan cable is connected TRUNK.
A trunk port is normally used to pass all vlan traffic (as the host sends vlan information in the fram, the switch will come to know the packet is for which vlan). Trunking is also used to interconnect switches.

Once you have made the port trunk, create virtual interfaces with VLAN information as shown in the article.

Also you can assign different gateway with route command as well as embed it in the network config file itself. Please lemme know if you have any issues.

Regards

Hi ,

Nice doc...
i have a question i want to find only vlan's in my linux client, what is the command for that?.

Thank,
Srikanth B.

Super information..Thank You

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.