VLAN is an acronym for Virtual Local Area Network. Several VLANs can co-exist on a single physical switch, which are configured via software (Linux commands and configuration files) and not through hardware interface (you still need to configure switch).
Hubs or switch connects all nodes in a LAN and node can communicate without a router. For example, all nodes in LAN A can communicate with each other without the need for a router. If a node from LAN A wants to communicate with LAN B node, you need to use a router. Therefore, each LAN (A, B, C and so on) are separated using a router.
VLAN as a name suggest combine multiple LANs at once. But what are the advantages of VLAN?
- Performance
- Ease of management
- Security
- Trunks
- You don't have to configure any hardware device, when physically moving server computer to another location etc.
VLAN concepts and fundamental discussion is beyond the scope of this article. I am reading following textbooks. I found these textbooks extremely useful and highly recommended:
- Cisco CNNA ICND books (part I and II)
- Andrew S. Tanenbaum, Computer Networks book
Linux VLAN Configuration Issue
I am lucky enough to get couple of hints from our internal wiki docs :D.
- Not all network drivers support VLAN. You may need to patch your driver.
- MTU may be another problem. It works by tagging each frame i.e. an Ethernet header extension that enlarges the header from 14 to 18 bytes. The VLAN tag contains the VLAN ID and priority. See Linux VLAN site for patches and other information.
- Do not use VLAN ID 1 as it may be used for admin purpose.
Linux VLAN How To
My VLAN ID is 5. So I need to copy file /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0.5
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.5
Now, I've one network card (eth0) and it needs to use tagged network traffic for VLAN ID 5.
- eth0 - Your regular network interface
- eth0.5 - Your virtual interface that use untagged frames
Do not modify /etc/sysconfig/network-scripts/ifcfg-eth0 file. Now open file /etc/sysconfig/network-scripts/ifcfg-eth0.5 using vi text editor:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0.5
Find DEVICE=ifcfg-eth0line and replace with:
DEVICE=ifcfg-eth0.5
Append line:
VLAN=yes
Also make sure you assign correct IP address using DHCP or static IP. Save the file. Remove gateway entry from all other network config files. Only add gateway to /etc/sysconfig/network file. Save and close the file. Restart network:
# /etc/init.d/network restart
Please note that if you need to configure for VLAN ID 2 then copy the copy file /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0.2 and do the above procedure again.
Using vconfig command
Above method is perfect and works with Red hat Enterprise Linux / CentOS / Fedora Linux without any problem. However, you will notice that there is a command called vconfig. The vconfig program allows you to create and remove vlan-devices on a vlan enabled kernel. Vlan-devices are virtual ethernet devices which represents the virtual lans on the physical lan.
Please note that this is yet another method of configuring VLAN. If you are happy with above method no need to read below.
Add VLAN ID 5 with follwing command for eth0:
# vconfig add eth0 5
The vconfig add command creates a vlan-device on eth0 which result into eth0.5 interface. You can use normal ifconfig command to see device information:
# ifconfig eth0.5
Use ifconfig to assign IP address to vlan interfere :
# ifconfig eth0.5 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 up
Get detailed information about VLAN interface:
# cat /proc/net/vlan/eth0.5
If you wish to delete VLAN interface delete command:
# ifconfig eth0.5 down
# vconfig rem eth0.5
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Jun/18/2008
{ 31 comments… read them below or add one }
A VLAN is a logical grouping of two or more servers which are not necessarily on the same physical network segment but which share the same IP network subnet. The advantage to passing traffic across a VLAN versus a LAN is that information on one VLAN can only be seen on that VLAN, and not by every server on the entire LAN. This is especially beneficial when you have many different nodes on a network sharing information with each other.
Most web server hosting companies deploys some sort of VLAN to protect customers.
plese send me how to configure vlan in linux
@anoop
err .. sorry i just forgot to add Instructions as I am busy on some other work.. I will add them possibly by tomorrow
A VLAN is a “Virtual Local Area Network” and is present in L2 (Level 2) of the protocal stack. The above postings may be misleading in that the word “server” is used rather than “host”.
A host may be a server, workstation or other device which conforms to 802.1q specification. Therefore, it is possible (with certain limitations) to attach a laptop to a VLAN seen by a server.
802.1q provides for an additional 4-bytes of information added to the L2 frame, 12 bits of which indicate the VLAN is. Thus one may have 4K VLANs.
When you want to configure a VLAN in Linux, assuming your kernel supports it (2.6+ do) you need to make sure 802.1q support is available. This is most easily done with modprobe. So the command:
/sbin/modprobe 8021q
should do the trick.
Then, for any given NIC interface you only have to do the following:
/sbin/vconfig add eth
/sbin/ifconfig eth. 192.168.0.x netmask 255.255.255.0
Of course I just picked some arbitrary class C address, you would have to use what is appropriate for you.
You may need then to add to the routing table (not knowing what Linux you are running) something like:
/sbin/route add -net 192.168.0.0 netmask 255.255.255.0 eth.
ALL THE ABOVE MUST BE AS ROOT.
How can config IP addressing in Suse linux? Please send me the path to adding the IP address and make a work group.
could you pleasesend me the instructions for setting up the VLAN
viswanathsingh,
Instructions/commands are mentioned above. Please read the vconfig and VLAN config section.
Samarendra,
Run yast or yast2 command to change network configuration under Suse Linux.
yast
OR
yast2
Any one is having idea how to test VTUN
how to test VLAN (i want to know basic scenario)
Hi, I’ve configure a repotec switch with vlans 802.1q and my pc with Ubuntu(my router) to use vlan tagged protocol.
It works fine for Internet navigation, but I can’t access to web pages on my Ubuntu server.
I’ve look in some forums and in google but I haven’t found nothing.
Somebody can help me?
Thanks
how to add loopback adapter in rhel 4.0
Here is my problem.
Office 1 has 3 networks (VLAN port-based)
Office 2 is 500′ away with a switch in the middle and only one cat5 cable
I’m trying to find a way to convert port-based vlan to TAG (IEEE 802.1Q or similar )
Ex: On a x86 with linux or wrt54g
Port1 = Lan #1 => Tag #1 on port4
Port2 = Lan #2 => Tag #1 on port4
Port3 = Lan #3 => Tag #1 on port4
port4 got to the other wrt54g on port4
on the other device
port4 (tag #1) => Port1
port4 (tag #2) => Port2
port4 (tag #3) => Port3
So basicly is how to tag a incomming packet on port x and untag once on the other side.
The routing part is almost simple.
Eric
I was looking for a site to explain this in plain english and i found it! thank god! :)
a few questions:
1st, how can i configure the system so everything takes a dhcp address once the system initializes? Should i configure a dhcp server so that when a computer starts it will send a DHCP request? How can i setup a dhcp server to give different ip address ranges to different VLANS? If i am trying to access a resource from within a vlan, will i need a dns server internally to translate the domain name (if used) to the different ip addresses a device will have?
thanks!
Sir,
I have followed the steps mentioned in “How to configure VLAN in LINUX”. I am using fedora 7.
although I am able to configure VLAN but I am not able to ping it to my client computer and vice versa.
If I don’t configure vlan then everything works fine on this interface i.e. eth1.
Kindly provide me with some solution.
Hi everyone,
is it possible to do “one dhcp server using multiple vlan’s”? does anyone successfully do this? Please let us know howto.
Thank you.
“one dhcp server using multiple vlan’s”
I’d presume you change /etc/sysconfig/dhcpd file
specify which virtual adaptors you want the dhcpd service to runon “eth0 eth1 eth1.10″ would be ethernet if 0, 1, and vlan 10 on eth1. Thats where I’d start. Though you may have a lot of….er..fun if you dont have an injection of which vlan is making the request they’ll all get the same pool. (option 82 enabled devices)
Hi,
is there any way to find out that whether systems are connected under physical or virtual LAN’s?
please tell me know …
I have configured valn in two linux machines with vlan id 4. Ping is working between the virtual interfaces but the ping packets have no tag attached.
I anyone have some idea please share..
Thanks
i have xp in my system but i wanna install ubundu Linux on it by virtual machine but it running till when it display one error after that it need additional virtual machine it cant be go ahead give me salvations how it ll be install on xp plz
Ye,after reading this topic,I learn a lot.So first,say thanks everyone.
Back to this topic,I have a question.
At say of topic owner,”an Ethernet header extension that enlarges the header from 14 to 18 bytes”,what means? I capture a frame. A Ethernet header contains destination,source,type fields.(I use adsl).And en-largeing above means add a field at Ethernet header,or add one in other place?
My Goal is building a experiment environment for network communication. It will be a complex one.It contains hundreds nodes with multiple topology structures.
Could someone give me a hand?And is vlan OK for it?If not,which can?
very Helpful
It worked
Hey folks,
I have a couple of questions:
1.If i want to copy a file from my windows desktop to my linux (RHEL 4.0) virtual machine, how should i do it?
2.How can i assign ip address to my virtual machine?
Thanks
NSiva
very nice! 2 minutes & vlans are set
thanx
Hi All,
Very very basic question, for configuring VLAN in Linux is that necessary to have a manageable switches ??
Thanks,
Sathish
Can you give me the whole codes for virtual lan. and there should be browser and it should allow us to access a file from another ip address and it should allow copy, paste, save, open commands in that programm for that access file.
The line “DEVICE=ifcfg-eth0.5″, should be written as “DEVICE=eth0.5″ !!!
hey folks
how can i configure the vlan priority bits on the ethernet header…it wud be of gr8 help if ne1 could provide som inputs on this
regards
Arun
In the above test I have seen the statement like “Remove gateway entry from all other network config files.” How can I find the places where the gateway is configured on the system ?
Please let me know how can I test my vlan config using one single Linux PC ?
is it virtual ip?can it be used with RAC?