VLANs on Linux
Before you begin configuration, make sure the IP address of the switch falls within the new management subnet. The IP configuration is associated with a virtual interface. This is normally VLAN1.
Listing 6. IP Address for VLAN1
interface VLAN1 ip address 10.0.0.2 255.255.255.224
The firewall is connected to port 1 on the switch, which is referred to as FastEthernet 0/1 in IOS notation. The first task is to set the encapsulation and native VLAN, then you can enable the trunk.
Listing 7. Enabling the Trunk
interface FastEthernet 0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 1 switchport mode trunk
Once the trunk is active, you need to move ports from the default VLAN into their new one. This is done by entering the interface configuration and issuing switchport access vlan <vlan id>. Although not necessary, it is helpful to physically group VLANs to make them easier to manage.
Listing 8. Moving the Ports
interface FastEthernet0/2 switchport access vlan 2 interface FastEthernet0/3 switchport access vlan 2 interface FastEthernet0/4 switchport access vlan 3 interface FastEthernet0/5 switchport access vlan 3 interface FastEthernet0/2 switchport access vlan 3
Once your changes are complete, you can see which ports are in which VLAN by using the show vlan command.
The first order of business is to test whether you can move packets of all sizes successfully without MTU issues. Packets above 1,476 bytes should trigger any MTU issue you have. This can be tested by pinging from the firewall to a machine on a non-native VLAN. If small packets work but large packets do not, you most likely have an MTU issue.
Because you are using DHCP, you now need to update your dhcpd.conf file to reflect the new subnets. Once it is restarted, client machines start to receive their new IP addresses.
Without a policy, a firewall is useless. Unfortunately, defining that policy is beyond the scope of this article. However, a variety of effective tools are freely available for this purpose.
Now that everything is working, we need to make sure the switch's new configuration is written to memory. This is done from enable mode using the write memory command.
As you can see, VLAN trunking can be a valuable tool. I hope you have learned where it can be useful, the risks and benefits of using it and the basics of its configuration. Even though this document focuses on a Cisco 2924 switch, it shouldn't be difficult to translate the configuration here to any switch that supports 802.1q trunks.
I would like to give special thanks to Cheryl Lehman for helping to make my first article readable and to Randall Shutt for reviewing the content.
Paul Frieden has been working with Linux for eight years. He currently works for Parkland College as a Network Specialist. If you have further questions, you can reach him at firstname.lastname@example.org.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
|CentOS 6.8 Released||May 27, 2016|
|Secure Desktops with Qubes: Introduction||May 27, 2016|
|Chris Birchall's Re-Engineering Legacy Software (Manning Publications)||May 26, 2016|
|ServersCheck's Thermal Imaging Camera Sensor||May 25, 2016|
|Petros Koutoupis' RapidDisk||May 24, 2016|
|The Italian Army Switches to LibreOffice||May 23, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Secure Desktops with Qubes: Introduction
- Chris Birchall's Re-Engineering Legacy Software (Manning Publications)
- The Italian Army Switches to LibreOffice
- Linux Mint 18
- Petros Koutoupis' RapidDisk
- ServersCheck's Thermal Imaging Camera Sensor
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide