RHEL 802.1q / VLAN Tagging

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
(Procedure)
Current revision (19:47, 2 April 2008) (edit) (undo)
(Current boot environment)
 
(4 intermediate revisions not shown.)
Line 16: Line 16:
# '''modprobe 8021q'''
# '''modprobe 8021q'''
-
* Create a VLAN device on the ''bond0'' interface for both VLANs.
+
* Create a VLAN device on the ''bond0'' interface for VLAN 1100.
-
# '''vconfig add bond0 825'''
+
# '''vconfig add bond0 1100'''
# '''vconfig add bond0 1100'''
-
* Configure the VLAN devices.
+
* Configure the VLAN device.
-
# '''ifconfig bond0.825 10.216.16.48 255.255.240.0 up'''
+
# '''ifconfig bond0.1100 10.216.225.1 netmask 255.255.240.0 up'''
-
# '''ifconfig bond0.1100 10.216.225.1 255.255.240.0 up'''
+
=== Preserving the changes across system boots ===
=== Preserving the changes across system boots ===
To preserve the 802.1 configuration changes across reboots, create appropriate ''/etc/sysconfig/network-scripts'' files.
To preserve the 802.1 configuration changes across reboots, create appropriate ''/etc/sysconfig/network-scripts'' files.
- 
-
e.g., ''/etc/sysconfig/network-scripts/ifcfg-bond0.825''
 
-
DEVICE=bond0.825
 
-
IPADDR=10.216.16.49
 
-
NETMASK=255.255.240.0
 
-
GATEWAY=10.216.16.1
 
-
ONBOOT=yes
 
-
BOOTPROTO=static
 
-
USERCTL=no
 
-
'''VLAN=yes'''
 
e.g., ''/etc/sysconfig/network-scripts/ifcfg-bond0.1100''
e.g., ''/etc/sysconfig/network-scripts/ifcfg-bond0.1100''
Line 46: Line 34:
USERCTL=no
USERCTL=no
'''VLAN=yes'''
'''VLAN=yes'''
 +
 +
== If you don't use a native VLAN ==
 +
 +
If you do not use a native VLAN, the configuration is a bit more complex. In this example, I'd have to:
 +
 +
* Configure a ''bond0.825'' interface.
 +
* Use ''GATEWAYDEV=bond0.825'' in ''/etc/sysconfig/network'' so that the default route uses a tagged interface. I believe the default route would otherwise have used the untagged ''bond0'' interface, which would cause problems communicating with other networks.
 +
* Potentially remove the network route 10.216.16.0/20 through interface ''bond0''. When bringing up ''bond0'', which is a prerequisite to bringing up ''bond0.1100'', the network route 10.216.16.0/20 through device ''bond0'' is created. When bringing up ''bond0.825'', the network route 10.216.16.0/20 through device ''bond0.825'' is created. Having the same route with different devices appears to cause problems; I had to manually delete route 10.216.16.0/20 through device ''bond0'' to make this work.

Current revision

Contents

Overview

In this example on a RHEL 5 system, I take a bonded (mode 6, balance-alb) network interface and enable 802.1q, or "VLAN tagging." The bonded interface will be a member of two VLANs:

  • The "native VLAN" (in this example, VLAN 825). Frames for the native VLAN are not tagged, so no special configuration has to be performed for this VLAN. The bond0 interface is on the native VLAN with IP address 10.216.16.48 and netmask 255.255.240.0.
  • VLAN 1100 with IP address 10.216.225.1 and netmask 255.255.240.0

Procedure

Note: Once your network administrator enables 802.1q on the switch, your system may "fall off" the network if its network interface is not on the native VLAN (if applicable), as the host won't know how to handle VLAN-tagged frames until you perform the below steps.

Current boot environment

The following steps will enable 802.1q for your current session. The configuration will not be preserved across reboots.

  • Enable the 8021q kernel module.
# modprobe 8021q
  • Create a VLAN device on the bond0 interface for VLAN 1100.
# vconfig add bond0 1100
  • Configure the VLAN device.
# ifconfig bond0.1100 10.216.225.1 netmask 255.255.240.0 up

Preserving the changes across system boots

To preserve the 802.1 configuration changes across reboots, create appropriate /etc/sysconfig/network-scripts files.

e.g., /etc/sysconfig/network-scripts/ifcfg-bond0.1100

DEVICE=bond0.1100
IPADDR=10.216.225.1
NETMASK=255.255.240.0
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
VLAN=yes

If you don't use a native VLAN

If you do not use a native VLAN, the configuration is a bit more complex. In this example, I'd have to:

  • Configure a bond0.825 interface.
  • Use GATEWAYDEV=bond0.825 in /etc/sysconfig/network so that the default route uses a tagged interface. I believe the default route would otherwise have used the untagged bond0 interface, which would cause problems communicating with other networks.
  • Potentially remove the network route 10.216.16.0/20 through interface bond0. When bringing up bond0, which is a prerequisite to bringing up bond0.1100, the network route 10.216.16.0/20 through device bond0 is created. When bringing up bond0.825, the network route 10.216.16.0/20 through device bond0.825 is created. Having the same route with different devices appears to cause problems; I had to manually delete route 10.216.16.0/20 through device bond0 to make this work.
Personal tools