Difference between revisions of "VLAN"

From ArchWiki
Jump to: navigation, search
(ip -d link show to get the VID on an interface)
m (add ja link)
 
(24 intermediate revisions by 10 users not shown)
Line 1: Line 1:
[[ru:VLAN]]
 
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[ja:VLAN]]
 +
[[ru:VLAN]]
 +
[[zh-CN:VLAN]]
 +
{{Related articles start}}
 +
{{Related|Network Configuration}}
 +
{{Related|systemd-networkd}}
 +
{{Related|Netctl}}
 +
{{Related articles end}}
 +
 
Virtual LANs give you the ability to sub-divide a LAN. Linux can accept '''VLAN''' tagged traffic and presents each '''VLAN ID''' as a different network interface (eg: {{ic|eth0.100}} for '''VLAN ID''' {{ic|100}})
 
Virtual LANs give you the ability to sub-divide a LAN. Linux can accept '''VLAN''' tagged traffic and presents each '''VLAN ID''' as a different network interface (eg: {{ic|eth0.100}} for '''VLAN ID''' {{ic|100}})
{{Article summary start}}
+
 
{{Article summary text|This article explains how to configure a VLAN using {{Pkg|iproute2}} and [[netcfg]]}}
+
This article explains how to configure a VLAN using {{Pkg|iproute2}} and [[systemd-networkd]] or [[netctl]].
{{Article summary heading|Related}}
+
{{Article summary wiki|Network}}
+
{{Article summary wiki|Netcfg}}
+
{{Article summary end}}
+
  
 
==Configuration==
 
==Configuration==
Previously Arch Linux used {{AUR|vconfig}} to setup VLANs. This had been superseded by the {{ic|ip}} command. Make sure you have {{Pkg|iproute2}} installed.
+
Previously Arch Linux used the {{ic|vconfig}} command to setup VLANs. This had been superseded by the {{ic|ip}} command. Make sure you have {{Pkg|iproute2}} installed.
  
 
In the following examples, lets assume the '''interface''' is {{ic|eth0}}, the assigned '''name''' is {{ic|eth0.100}} and the '''vlan id''' is {{ic|100}}.
 
In the following examples, lets assume the '''interface''' is {{ic|eth0}}, the assigned '''name''' is {{ic|eth0.100}} and the '''vlan id''' is {{ic|100}}.
Line 16: Line 20:
  
 
Add the VLAN with the following command:
 
Add the VLAN with the following command:
{{bc|# ip link add link eth0 name eth0.100 type vlan id 100}}
 
Run {{ic|ip link}} to confirm that it has been created.
 
  
This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, {{ic|eth0}}) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.
+
# ip link add link eth0 name eth0.100 type vlan id 100
  
Using a '''name''' like {{ic|eth0.100}} is just convention and not enforced; you can alternatively use eth0_100 or something descriptive like IPTV
+
Run {{ic|ip link}} to confirm that it has been created.
  
To see the VLAN ID on an interface, in case you used an unconventional name:
+
This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, {{ic|eth0}}) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.
{{bc|# ip -d link show eth0.100}}
+
 
The {{ic|-d}} flag shows full details on an inteface.
+
Using a '''name''' like {{ic|eth0.100}} is just convention and not enforced; you can alternatively use {{ic|eth0_100}} or something descriptive like {{ic|IPTV}}. To see the VLAN ID on an interface, in case you used an unconventional name:
 +
 
 +
# ip -d link show eth0.100
 +
 
 +
The {{ic|-d}} flag shows full details on an interface:
 +
 
 +
# ip -d addr show
 +
4: eno1.100@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
 +
    link/ether 96:4a:9c:84:36:51 brd ff:ff:ff:ff:ff:ff promiscuity 0
 +
    '''vlan protocol 802.1Q id 100 <REORDER_HDR>'''
 +
    inet6 fe80::944a:9cff:fe84:3651/64 scope link
 +
      valid_lft forever preferred_lft forever
  
 
===Add an IP===
 
===Add an IP===
Line 40: Line 53:
 
{{bc|# ip link delete eth0.100}}
 
{{bc|# ip link delete eth0.100}}
  
===Starting at boot===
+
=== Starting at boot ===
You can use the following parameters in [[netcfg]] profiles to have VLANs configured automatically:
+
  
{{hc|/etc/network.d/my-network|<nowiki>
+
==== systemd-networkd ====
# vlan specific part:
+
CONNECTION="vlan"
+
VLAN_PHYS_DEV="eth0"
+
VLAN_ID="100"
+
INTERFACE="eth0.100"
+
  
# general IP configuration:
+
Use the following configuration files:
IP="static"
+
 
ADDR="192.168.100.1"
+
{{hc|/etc/systemd/network/''eno1''.network|<nowiki>
NETMASK="255.255.255.0"
+
[Match]
GATEWAY="192.168.100.254"
+
Name=eno1
 +
 
 +
[Network]
 +
DHCP=v4
 +
VLAN=eno1.100
 +
VLAN=eno1.200
 
</nowiki>}}
 
</nowiki>}}
  
Enable the daemon {{ic|netcfg@my-network}}. Read [[Daemons]] for more details.
+
{{hc|/etc/systemd/network/''eno1.100''.netdev|<nowiki>
 +
[NetDev]
 +
Name=eno1.100
 +
Kind=vlan
 +
 
 +
[VLAN]
 +
Id=100
 +
</nowiki>}}
 +
 
 +
{{hc|/etc/systemd/network/''eno1.200''.netdev|<nowiki>
 +
[NetDev]
 +
Name=eno1.200
 +
Kind=vlan
 +
 
 +
[VLAN]
 +
Id=200
 +
</nowiki>}}
 +
 
 +
Then [[enable]] {{ic|systemd-networkd.service}}. See [[systemd-networkd]] for details.
 +
 
 +
==== netctl ====
 +
 
 +
You can use [[netctl]] for this purpose, see the self-explanatory example profiles in {{ic|/etc/netctl/examples/vlan-{dhcp,static} }}.
  
 
==Troubleshooting==
 
==Troubleshooting==
Line 87: Line 121:
  
 
A reboot should mean that VLANs configure correctly with the names assigned to them.
 
A reboot should mean that VLANs configure correctly with the names assigned to them.
 
==See also==
 
* [https://bbs.archlinux.org/viewtopic.php?pid=1036395#p1036395 Post about using POST_UP and PRE_DOWN]
 

Latest revision as of 11:01, 6 February 2016

Virtual LANs give you the ability to sub-divide a LAN. Linux can accept VLAN tagged traffic and presents each VLAN ID as a different network interface (eg: eth0.100 for VLAN ID 100)

This article explains how to configure a VLAN using iproute2 and systemd-networkd or netctl.

Configuration

Previously Arch Linux used the vconfig command to setup VLANs. This had been superseded by the ip command. Make sure you have iproute2 installed.

In the following examples, lets assume the interface is eth0, the assigned name is eth0.100 and the vlan id is 100.

Create the VLAN device

Add the VLAN with the following command:

# ip link add link eth0 name eth0.100 type vlan id 100

Run ip link to confirm that it has been created.

This interface behaves like a normal interface. All traffic routed to it will go through the master interface (in this example, eth0) but with a VLAN tag. Only VLAN aware devices can accept them if configured correctly else the traffic is dropped.

Using a name like eth0.100 is just convention and not enforced; you can alternatively use eth0_100 or something descriptive like IPTV. To see the VLAN ID on an interface, in case you used an unconventional name:

# ip -d link show eth0.100

The -d flag shows full details on an interface:

# ip -d addr show
4: eno1.100@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
   link/ether 96:4a:9c:84:36:51 brd ff:ff:ff:ff:ff:ff promiscuity 0 
   vlan protocol 802.1Q id 100 <REORDER_HDR> 
   inet6 fe80::944a:9cff:fe84:3651/64 scope link 
      valid_lft forever preferred_lft forever

Add an IP

Now add an IPv4 address to the just created vlan link, and activate the link:

# ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
# ip link set dev eth0.100 up

Turning down the device

To cleanly shutdown the setting before you remove the link, you can do:

# ip link set dev eth0.100 down

Removing the device

Removing a VLAN interface is significantly less convoluted

# ip link delete eth0.100

Starting at boot

systemd-networkd

Use the following configuration files:

/etc/systemd/network/eno1.network
[Match]
Name=eno1

[Network]
DHCP=v4
VLAN=eno1.100
VLAN=eno1.200
/etc/systemd/network/eno1.100.netdev
[NetDev]
Name=eno1.100
Kind=vlan

[VLAN]
Id=100
/etc/systemd/network/eno1.200.netdev
[NetDev]
Name=eno1.200
Kind=vlan

[VLAN]
Id=200

Then enable systemd-networkd.service. See systemd-networkd for details.

netctl

You can use netctl for this purpose, see the self-explanatory example profiles in /etc/netctl/examples/vlan-{dhcp,static} .

Troubleshooting

udev renames the virtual devices

An annoyance is that udev may try to rename virtual devices as they are added, thus ignoring the name configured for them (in this case eth0.100).

For instance, if the following commands are issued:

# ip link add link eth0 name eth0.100 type vlan id 100
# ip link show 

This could generate the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: rename1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

udev has ignored the configured virtual interface name eth0.100 and autonamed it rename1.

The solution is to edit /etc/udev/rules.d/network_persistent.rules and append DRIVERS=="?*" to the end of the physical interface's configuration line.

For example, for the interface aa:bb:cc:dd:ee:ff (eth0):

/etc/udev/rules.d/network_persistent.rules
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0", DRIVERS=="?*"

A reboot should mean that VLANs configure correctly with the names assigned to them.