Linux Horizon

VLAN - Virtual Local Area Network

Hacker Emblem

Short for Virtual Local Area Network (Virual LAN, IEEE 802.1q), a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration and you can have multiple networks on the same cable without having them interfere each other. It is similar to having one cable for every network.

According to IEEE standard 802.1Q, virtual LANs offer a method of dividing one physical network into multiple broadcast domains. In enterprise networks, these broadcast domains usually match with IP subnet boundaries, so that each subnet has its own VLAN. In other sources of information VLAN can be found as MAC Bridge.

A VLAN allows multiple virtual LANs to coexist on the same physical LAN (switched). This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet NIC that is part of both VLANs (a one-armed router). The frames are "tagged" with an 802.1q prefix as they enter the network, which the Ethernet switches will use to separate traffic. (http://www.tldp.org/LDP/Linux-Dictionary/html/v.html)

To identify traffic belonging to different VLANs, the 802.1Q standard defines a method called VLAN tagging. With tagging, switches insert a 4-byte VLAN tag into the header of each frame. The tag contains a 12-bit .VLAN ID. that identifies the frames VLAN membership.

Credits: http://scry.wanfear.com/~greear/vlan.html, Thea

Ok, let's get back to our linux box... :-)

Many linux distros already include the vlan tools in the distribution.
Example for GNU/Debian (at the root shell prompt): apt-get install vlan

If your linux distribution does not have such program then go to http://scry.wanfear.com/~greear/vlan.html and download the latest source or binary of the vlan. In the source archive you will find a very good documentation about setting a vlan and linking a linux box with a Cisco box...

The following situation may happend:
	tar -xvzf linux-2.x.xx.tar.gz
	cd $HOME/linux
	patch -p 1 < $HOME/vlan/[vlan.patch]
	cd $HOME/vlan
	make

Now you can compile your new kernel. For kernel compilation read the INSTALL file within the kernel archive because kernel complation support will not be covered in this page.

If your kernel was compiled with 802.1q (not module) do not try to modprobe or insmod because you already loaded the 802.1q support in the booting process.

Setting up the VLAN

As root:
modprobe 8021q	# skip this line if your kernel was compiled with 802.1q and not as module
Let's add three vlan interfaces based on eth0 and having the id 2, 3 and 4:
vconfig add eth0 2
vconfig add eth0 3
vconfig add eth0 4
NOTICE!!! Do not use vlan 1. On many hardware equipments it is used as management vlan (ex. Cisco).

To see the new interfaces that was created:
ifconfig eth0.2
ifconfig eth0.3
ifconfig eth0.4
To delete the vlan interfaces:
vconfig rem eth0.2
vconfig rem eth0.3
vconfig rem eth0.4
Many useful information and statistics can be found in the /proc/net/vlan/ folder (example for the eth0.2 interface)
[root@linuxbox root]# cat /proc/net/vlan/eth0.2
eth0.2  VID: 2      REORDER_HDR: 1  dev->priv_flags: 1
         total frames received:     53973265
          total bytes received:   1075877000
      Broadcast/Multicast Rcvd:       397878

      total frames transmitted:     41904604
       total bytes transmitted:   2333267429
            total headroom inc:            0
           total encap on xmit:     41904604
Device: eth0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
EGRESSS priority Mappings:
From now on, you can configure your vlan interface like any other interface.
On the http://scry.wanfear.com/~greear/vlan/cisco_howto.html is a comprehensive documetation about CISCO and Linux VLAN
I suggest using vlans with bonding to increase the available bandwith. The following example is based on vlan and bonding.
A brief howto about Linux Bonding can be found on the Bonding (Port Trunking) - High Avalability Network Segment page.
#!/bin/bash

modprobe 8021q
modprobe bonding mode=0 miimon=100

ifconfig eth0 down
ifconfig eth1 down
ifconfig eth2 down

ifconfig bond0 hw ether 00:11:22:33:44:55
ifconfig bond0 10.1.1.3 up
ifenslave bond0 eth1
ifenslave bond0 eth0

ifconfig bond0 0.0.0.0
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0

vconfig add bond0 2
vconfig add bond0 3
vconfig add bond0 4
vconfig add bond0 5
vconfig add bond0 6

ifconfig bond0.2 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 up
ifconfig bond0.3 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 up
ifconfig bond0.4 192.168.4.1 netmask 255.255.255.0 broadcast 192.168.4.255 up
ifconfig bond0.5 192.168.5.1 netmask 255.255.255.0 broadcast 192.168.5.255 up
ifconfig bond0.6 192.168.6.1 netmask 255.255.255.0 broadcast 192.168.6.255 up

echo 1 > /proc/sys/net/ipv4/ip_forward
If you need additional infos or Q&A please go to Contact Page for our e-mail addresses...

LiNUX Horizon it is a NetXpert Partner Site Meter

LiNUX Horizon Main Page | LiNUX Horizon Online Shop | LiNUX Horizon Forum


Advertising links: Laptop Notebook | Calculatoare | PDA GPS


No Banana Union - No Software Patents Say NO to software patents!

Valid XHTML 1.0! Valid CSS! Viewable With Any Browser