[Techtalk] VLANs and linux

Fri Jan 11 10:17:29 UTC 2008

On Thu, Jan 10, 2008 at 04:19:41PM -0800, Carla Schroder wrote:
> I am confused on making VLANs. I have a nice cheep Netgear 8-port smart switch 
> that includes VLAN guff that I got for testing. But I keep getting stuck, and 
> the Netgear manual assumes I know what I'm doing. I should be able to create 
> a couple of VLAN segments on a single switch, shouldn't I?
> 
> So does it go like this:
> 
> -create VLAN segments on switch
> -configure network interfaces on Linux hosts with vconfig
> -do some hocus-pocus to router

    most distribs are shipped with modules and utilites that permit to a
    linux box to be plugged on a trunk port (multiple tagged vlans).
    my main advice would be not to set any vlan on vlan#1 that is most
    of the time a kind of fall-back or default vlan, or that cannot be set
    private enough to be added into trunk port etc ... I always
    set all used ports to other vlans and let that #1-vlan appart on
    purpose, mostly unused, in order not to fall into future troubles
    with any vendor unwanted default behaviour.

    now the usual trouble is that #1 is also the usual default vlan when
    switches aren't configured, so the first step when moving away from
    that one isn't easy when the switch is already on duty ...

    appart from that everything is ok with linux and vlans.

    here's an example with debian /etc/network/interfaces (probably some
    aliases name could be used instead of numbers) :

------------------------------------------------
# The loopback network interface
auto lo
iface lo inet loopback

# eth0 is on a trunk port with tagged _and_ untagged packets
# The primary network interface (could be unumbered though)
# will read untagged packet (not all switches provide such)
auto eth0
iface eth0 inet static
        address 192.168.65.55
        netmask 255.255.255.255
        up vconfig add eth0 3
        up vconfig add eth0 2

# on vlan#3 a first IP
auto eth0.3
iface eth0.3 inet static
        address 192.168.66.55
        netmask 255.255.255.0
        network 192.168.66.0
        broadcast 192.168.65.255
        gateway 192.168.66.1

# (an additionnal IP address on the same vlan#3 for service moving purpose)
auto eth0.3:0
iface eth0.3:0 inet static
        address 192.168.66.179
        netmask 255.255.255.0

# on vlan#2 another IP in another private subnet
auto eth0.2
iface eth0.2 inet static
        address 192.168.68.55
        netmask 255.255.255.0
        network 192.168.68.0
        broadcast 192.168.68.255
--------------------------------------------------------------------------

this linux box doesn't make any routing between vlans, it's done on another
one.

-- 
    Jean-Daniel Pauget