VLANs on Linux
Linux has long been able to connect to VLAN trunks with a kernel patch, and the functionality was integrated into the mainstream kernel in 2.4.14. Kernel 2.6 also supports VLAN trunking.
In order to use 802.1q trunking, simply set the CONFIG_VLAN_8021Q option when configuring your kernel. Depending on what Ethernet card you have, you may need to patch the driver to make VLANs work correctly. This process is discussed in greater detail later in the article.
As mentioned earlier, 802.1q works by tagging each frame with a 4-byte VLAN identifier. However, some Ethernet drivers assume the maximum frame size is 1,500 bytes. The addition of the 4-byte tag does not leave as much room for data. Thus, although small packets are sent and received correctly, large packets fail. The solution is either to drop the MTU of the VLAN device or to correct the assumptions of the driver.
Patches are available on the Linux VLAN Web site for a variety of cards (see Resources). Several drivers work correctly out of the box (or tar.gz, as the case may be), including the e100 driver for Intel-based cards.
Configuring VLANs under Linux is a process similar to configuring regular Ethernet interfaces. The main difference is you first must attach each VLAN to a physical device. This is accomplished with the vconfig utility. If the trunk device itself is configured, it is treated as native. For example, these commands define VLANs 2-4 on device eth0:
vconfig add eth0 2 vconfig add eth0 3 vconfig add eth0 4
The vconfig program can set a variety of other options, including device-naming conventions. Hereafter, these are assumed to be at their defaults.
Once the virtual interfaces are defined, they can be used in the same way as other interfaces. The standard utilities, such as ifconfig and route, all accept VLAN interfaces and behave as expected. For example, all VLAN interfaces can be listed with ifconfig -a.
Depending on your distribution, support may be available for automatically configuring VLANs on startup. Debian 3.0 or greater supports this support, but Red Hat and Fedora currently do not. For other distributions, you simply need to write a script that executes vconfig prior to the main network startup scripts.
Because the configuration interfaces for different brands of switches all are different, the focus of this section is the common Cisco 2924. All switch configurations are from this model but should work with little change on other IOS-based switches. A variety of configuration commands are related to trunking, but only the most basic are covered here. The samples also assume the ports all have a default configuration. Specifically, this means all ports are configured as access ports in VLAN 1.
This article focuses on the Linux side of the configuration, so only a basic explanation of the switch commands are given. Listing 1 is a configuration fragment that could be entered into a Cisco Catalyst 2924 switch. See Resources for URLs to complete documentation of these commands.
Listing 1. Configuring a Cisco Catalyst 2924 Switch
interface FastEthernet 0/1 switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 1 interface FastEthernet 0/2 switchport access vlan 2
The commands here are fairly self explanatory if you are familiar with the VLAN terminology presented earlier. Briefly, the first section converts the first port into a trunk running 802.1q encapsulation with native VLAN 1. The second section simply moves port 2 into VLAN 2.
It is important to see how VLANs are configured and operating on the switch. The first task is to see the status of a particular port. This can be done with show interfaces <interface> switchport command.
Listing 2. show interfaces <interface> switchport
#show interfaces FastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (VLAN0001) Trunking VLANs Enabled: ALL Trunking VLANs Active: 1-5 Pruning VLANs Enabled: 6-1001 ...
Probably the most useful command is the show vlan command. It shows you a table indicating which ports are in which VLANs.
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- diff -u: What's New in Kernel Development