VLAN - Virtual Local Area Network
Short for Virtual Local Area Network (Virual LAN, IEEE 802.1q), a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration and you can have multiple networks on the same cable without having them interfere each other. It is similar to having one cable for every network.
According to IEEE standard 802.1Q, virtual LANs offer a method of dividing one physical network into multiple broadcast domains. In enterprise networks, these broadcast domains usually match with IP subnet boundaries, so that each subnet has its own VLAN. In other sources of information VLAN can be found as MAC Bridge.
A VLAN allows multiple virtual LANs to coexist on the same physical LAN (switched). This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet NIC that is part of both VLANs (a one-armed router). The frames are "tagged" with an 802.1q prefix as they enter the network, which the Ethernet switches will use to separate traffic. (http://www.tldp.org/LDP/Linux-Dictionary/html/v.html)
To identify traffic belonging to different VLANs, the 802.1Q standard defines a method called VLAN tagging. With tagging, switches insert a 4-byte VLAN tag into the header of each frame. The tag contains a 12-bit .VLAN ID. that identifies the frames VLAN membership.
Credits: http://scry.wanfear.com/~greear/vlan.html, Thea
Ok, let's get back to our linux box... :-)
Many linux distros already include the vlan tools in the distribution.
Example for GNU/Debian (at the root shell prompt): apt-get install vlan
If your linux distribution does not have such program then go to http://scry.wanfear.com/~greear/vlan.html and download the latest source or binary of the vlan. In the source archive you will find a very good documentation about setting a vlan and linking a linux box with a Cisco box...
tar -xvzf linux-2.x.xx.tar.gz cd $HOME/linux patch -p 1 < $HOME/vlan/[vlan.patch] cd $HOME/vlan make
Now you can compile your new kernel. For kernel compilation read the INSTALL file within the kernel archive
because kernel complation support will not be covered in this page.
If your kernel was compiled with 802.1q (not module) do not try to modprobe or insmod because you already loaded the 802.1q support in the booting process.
modprobe 8021q # skip this line if your kernel was compiled with 802.1q and not as moduleLet's add three vlan interfaces based on eth0 and having the id 2, 3 and 4:
vconfig add eth0 2 vconfig add eth0 3 vconfig add eth0 4NOTICE!!! Do not use vlan 1. On many hardware equipments it is used as management vlan (ex. Cisco).
ifconfig eth0.2 ifconfig eth0.3 ifconfig eth0.4To delete the vlan interfaces:
vconfig rem eth0.2 vconfig rem eth0.3 vconfig rem eth0.4Many useful information and statistics can be found in the /proc/net/vlan/ folder (example for the eth0.2 interface)
[root@linuxbox root]# cat /proc/net/vlan/eth0.2 eth0.2 VID: 2 REORDER_HDR: 1 dev->priv_flags: 1 total frames received: 53973265 total bytes received: 1075877000 Broadcast/Multicast Rcvd: 397878 total frames transmitted: 41904604 total bytes transmitted: 2333267429 total headroom inc: 0 total encap on xmit: 41904604 Device: eth0 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0 EGRESSS priority Mappings:From now on, you can configure your vlan interface like any other interface.
#!/bin/bash modprobe 8021q modprobe bonding mode=0 miimon=100 ifconfig eth0 down ifconfig eth1 down ifconfig eth2 down ifconfig bond0 hw ether 00:11:22:33:44:55 ifconfig bond0 10.1.1.3 up ifenslave bond0 eth1 ifenslave bond0 eth0 ifconfig bond0 0.0.0.0 ifconfig eth0 0.0.0.0 ifconfig eth1 0.0.0.0 vconfig add bond0 2 vconfig add bond0 3 vconfig add bond0 4 vconfig add bond0 5 vconfig add bond0 6 ifconfig bond0.2 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 up ifconfig bond0.3 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 up ifconfig bond0.4 192.168.4.1 netmask 255.255.255.0 broadcast 192.168.4.255 up ifconfig bond0.5 192.168.5.1 netmask 255.255.255.0 broadcast 192.168.5.255 up ifconfig bond0.6 192.168.6.1 netmask 255.255.255.0 broadcast 192.168.6.255 up echo 1 > /proc/sys/net/ipv4/ip_forward