Difference between revisions of "VLAN"

From ArchWiki
Jump to: navigation, search
(netcfg VLAN support)
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
{{stub}}
 
 
[[ru:VLAN]]
 
[[ru:VLAN]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
Virtual LANs give you the ability to sub-divide a LAN. Linux can accept '''VLAN''' tagged traffic and presents each '''VLAN ID''' as a different network interface (eg: {{ic|eth0.100}} for '''VLAN ID''' {{ic|100}})
 +
  
 
{{Article summary start}}
 
{{Article summary start}}
{{Article summary text|VLAN}}
+
{{Article summary text|This article explains how to configure a VLAN using {{Pkg|iproute2}} and [[netcfg]]}}
 
{{Article summary heading|Related}}
 
{{Article summary heading|Related}}
 
{{Article summary wiki|Network}}
 
{{Article summary wiki|Network}}
Line 10: Line 11:
 
{{Article summary end}}
 
{{Article summary end}}
  
==Introduction==
+
==Configuration==
Virtual LANs give you the ability to sub-divide a LAN. Linux can accept VLAN tagged traffic and presents each VID as a different network interface (eg: eth0.100 for VID 100)
+
Previously Arch Linux used [https://aur.archlinux.org/packages/vconfig/ vconfig] to setup VLANs. This had been superseded by the {{ic|ip}} command. Make sure you have {{Pkg|iproute2}} installed.
==Getting Started==
+
Previously Arch Linux used '''vconfig''' to setup VLANs. This had been superseded by the ip command. Make sure you have '''iproute2''' installed<br>
+
# pacman -Ss iproute2
+
Alternatively you can install [https://aur.archlinux.org/packages.php?ID=20495 vconfig] from [[AUR]]
+
  
==Configuring VLANs==
+
In the following examples, lets assume the '''interface''' is {{ic|eth0}}, the assigned '''name''' is {{ic|eth0.100}} and the '''vlan id''' is {{ic|100}}.
===Adding a VLAN===
+
===Create the VLAN device===
To add a VLAN use a command with this needlessly long syntax:
+
 
ip link add link INTERFACE name INTERFACE.VID type vlan id VID
+
Add the VLAN with the following command:
Example:
+
{{bc|# ip link add link eth0 name eth0.100 type vlan id 100}}
ip link add link eth0 name eth0.100 type vlan id 100
+
Run {{ic|ip link}} to confirm that it has been created.
Run '''ifconfig -a''' to confirm that it has been created (Non deprected alternative is to run '''ip link''').<br>
+
 
This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, eth0) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.<br>
+
This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, {{ic|eth0}}) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.
Using a name like eth0.100 is just convention and not enforced. You can alternatively use eth0_100 or something descriptive like IPTV
+
 
===Configuring the VLAN===
+
Using a '''name''' like {{ic|eth0.100}} is just convention and not enforced; you can alternatively use eth0_100 or something descriptive like IPTV
To add an IPv4 address the the just created vlan link, and activate the link you can do:
+
===Add an IP===
ip addr add IP/NETMASK brd BROADCAST-ADDR dev INTERFACE.VID
+
Now add an IPv4 address to the just created vlan link, and activate the link:
ip link set dev INTERFACE.VID up
+
{{bc|
Example:
+
# ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
+
# ip link set dev eth0.100 up
ip link set dev eth0.100 up
+
}}
===De-Configuring the VLAN===
+
===Turning down the device===
 
To cleanly shutdown the setting before you remove the link, you can do:
 
To cleanly shutdown the setting before you remove the link, you can do:
ip link set dev INTERFACE.VID down
+
{{bc|# ip link set dev eth0.100 down}}
Example:
+
===Removing the device===
ip link set dev eth0.100 down
+
===Removing a VLAN===
+
 
Removing a VLAN interface is significantly less convoluted
 
Removing a VLAN interface is significantly less convoluted
ip link delete INTERFACE.VID
+
{{bc|# ip link delete eth0.100}}
Example:
+
ip link delete eth0.100
+
  
===UDEV considerations===
+
===Starting at boot===
An annoyance is that '''udev''' may try to rename virtual devices as they are added, thus ignoring the INTERFACE.VID configured for them either via iproute2 or via a netcfg profile<br>
+
You can use the following parameters in [[netcfg]] profiles to have VLANs configured automatically:
For instance, if the following commands are issued:
+
ip link add link eth0 name eth0.100 type vlan id 100
+
ip link show
+
This would generate the following output:  
+
  
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN  
+
{{hc|/etc/network.d/my-network|<nowiki>
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+
# vlan specific part:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
+
CONNECTION="vlan"
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
+
VLAN_PHYS_DEV="eth0"
3: rename1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state DOWN
+
VLAN_ID="100"
 +
INTERFACE="eth0.100"
 +
 
 +
# general IP configuration:
 +
IP="static"
 +
ADDR="192.168.100.1"
 +
NETMASK="255.255.255.0"
 +
GATEWAY="192.168.100.254"
 +
</nowiki>}}
 +
 
 +
Enable the daemon {{ic|netcfg@my-network}}. Read [[Daemons]] for more details.
 +
 
 +
==Troubleshooting==
 +
===udev renames the virtual devices===
 +
An annoyance is that [[udev]] may try to rename virtual devices as they are added, thus ignoring the '''name''' configured for them (in this case {{ic|eth0.100}}).
 +
 
 +
For instance, if the following commands are issued:
 +
{{bc|
 +
# ip link add link eth0 name eth0.100 type vlan id 100
 +
# ip link show
 +
}}
 +
This could generate the following output:
 +
{{bc|<nowiki>
 +
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN  
 +
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 +
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
 
     link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
 
     link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
 +
3: rename1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state DOWN
 +
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
 +
</nowiki>}}
 +
'''udev''' has ignored the configured virtual interface name {{ic|eth0.100}} and autonamed it '''rename1'''.
  
'''udev''' has ignored the configured virtual interface name of INTERFACE.VID and autonamed it '''rename1'''. Hmmph!
+
The solution is to edit {{ic|/etc/udev/rules.d/network_persistent.rules}} and append '''DRIVERS=="?*"''' to the end of the physical interface's configuration line.
  
The solution is to edit /etc/udev/rules.d/network_persistent.rules and append '''DRIVERS=="?*"''' to the end of the physical interface's configuration line. <br>
 
 
For example, for the interface '''aa:bb:cc:dd:ee:ff''' (eth0):  
 
For example, for the interface '''aa:bb:cc:dd:ee:ff''' (eth0):  
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0", DRIVERS=="?*"
+
{{hc|/etc/udev/rules.d/network_persistent.rules|<nowiki>
 +
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0", DRIVERS=="?*"
 +
</nowiki>}}
  
 
A reboot should mean that VLANs configure correctly with the names assigned to them.
 
A reboot should mean that VLANs configure correctly with the names assigned to them.
 
+
==See also==
==VLANs at boot==
+
* [https://bbs.archlinux.org/viewtopic.php?pid=1036395#p1036395 Post about using POST_UP and PRE_DOWN]
You can use netcfg profile and put POST_UP, PRE_DOWN command to do above action.
+
(Similar thing as done here: [https://bbs.archlinux.org/viewtopic.php?pid=1036395#p1036395])
+
I did it for my eht0, that have is both multi-home (DHCP to the modem, and local subnet 192.168.12.0), and VLAN 112 as well.
+
Here is an extract of a sample /etc/rc.d/my-network file:
+
CONNECTION='ethernet'
+
DESCRIPTION='modem cable connection'
+
INTERFACE='eth0'
+
IP='dhcp'
+
POST_UP='ip addr add 192.168.12.1/24 brd 192.168.12.255 dev eth0; ip link add link eth0 name eth0.112 type vlan id 112; ip addr add 192.168.112.1/24 brd 192.168.112.255 dev eth0.112; ip link set dev eth0.112 up'
+
PRE_DOWN='ip link set dev eth0.112 down; ip link delete eth0.112; ip addr del 192.168.12.1/24 dev eth0'
+
 
+
Question: Any \ like syntax available at eol to have POST_UP split on multi-line ?<br>
+
Seems it should be possible to put such control directly for netcfg into /etc/rc.conf (instead of inside the POST_UP in the netcfg profile file).
+
Extra info on how to do that still missing ... (not clear)<br>
+
possible issue is to get error in one of commands put inside POST_UP/PRE_DOWN.
+
This can prevent to manual stop/start control of the network link
+
===Manual start/stop===
+
To control by hand the link after boot using the netcfg profile you put in place, you can try following commands:
+
/etc/rc.d/net-profiles restart
+
/etc/rc.d/net-profiles stop
+
/etc/rc.d/net-profiles start
+

Revision as of 13:09, 28 December 2012

Virtual LANs give you the ability to sub-divide a LAN. Linux can accept VLAN tagged traffic and presents each VLAN ID as a different network interface (eg: eth0.100 for VLAN ID 100)


Summary help replacing me
This article explains how to configure a VLAN using iproute2 and netcfg
Related
Network
Netcfg

Configuration

Previously Arch Linux used vconfig to setup VLANs. This had been superseded by the ip command. Make sure you have iproute2 installed.

In the following examples, lets assume the interface is eth0, the assigned name is eth0.100 and the vlan id is 100.

Create the VLAN device

Add the VLAN with the following command:

# ip link add link eth0 name eth0.100 type vlan id 100

Run ip link to confirm that it has been created.

This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, eth0) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.

Using a name like eth0.100 is just convention and not enforced; you can alternatively use eth0_100 or something descriptive like IPTV

Add an IP

Now add an IPv4 address to the just created vlan link, and activate the link:

# ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
# ip link set dev eth0.100 up

Turning down the device

To cleanly shutdown the setting before you remove the link, you can do:

# ip link set dev eth0.100 down

Removing the device

Removing a VLAN interface is significantly less convoluted

# ip link delete eth0.100

Starting at boot

You can use the following parameters in netcfg profiles to have VLANs configured automatically:

/etc/network.d/my-network
# vlan specific part:
CONNECTION="vlan"
VLAN_PHYS_DEV="eth0"
VLAN_ID="100"
INTERFACE="eth0.100"

# general IP configuration:
IP="static"
ADDR="192.168.100.1"
NETMASK="255.255.255.0"
GATEWAY="192.168.100.254"

Enable the daemon netcfg@my-network. Read Daemons for more details.

Troubleshooting

udev renames the virtual devices

An annoyance is that udev may try to rename virtual devices as they are added, thus ignoring the name configured for them (in this case eth0.100).

For instance, if the following commands are issued:

# ip link add link eth0 name eth0.100 type vlan id 100
# ip link show 

This could generate the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: rename1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

udev has ignored the configured virtual interface name eth0.100 and autonamed it rename1.

The solution is to edit /etc/udev/rules.d/network_persistent.rules and append DRIVERS=="?*" to the end of the physical interface's configuration line.

For example, for the interface aa:bb:cc:dd:ee:ff (eth0):

/etc/udev/rules.d/network_persistent.rules
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0", DRIVERS=="?*"

A reboot should mean that VLANs configure correctly with the names assigned to them.

See also