(14) VLAN tagging-- Debian GNU/Linux

Setting up VLAN on Debian GNU/linux

請先確定Debian/Ubuntu上已經安裝了vlan套件，並且8021q模組已被啟用：

aptitude install vlan
modprobe 8021q

假設eth0的網路是192.168.10.0/24，而switch上另外有兩個VLAN，分別是VLAN5(192.168.100.0/24)/VLAN10(192.168.200.0/24)，希望同時能跟這兩個VLAN的網路溝通：

auto eth0
iface eth0 inet static
 address 192.168.10.198
 netmask 255.255.255.0
 gateway 192.168.10.1

auto eth0.5
iface eth0.5 inet static
 address 192.168.100.2
 netmask 255.255.255.0
 gateway 192.168.100.254
 
auto eth0.10
iface eth0.10 inet static
 address 192.168.200.2
 netmask 255.255.255.0
 gateway 192.168.200.254

延續之前的設定：我們已經把eth0/eth1結合成bond0，現在我們又要為bond0加上VLAN tag:bond0.5/bond0.10。

auto eth0
iface eth0 inet manual
 bond-master bond0

auto eth1
iface eth1 inet manual
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.10.99
 netmask 255.255.255.0
 gateway 192.168.10.1
 bond-slaves eth0 eth1
 bond-mode 6
 bond-miimon 100
 bond-downdelay 200
 bond-updelay 200

auto bond0.5
iface bond0.5 inet static
 address 192.168.100.1
 netmask 255.255.255.0
 gateway 192.168.100.254

auto bond0.10
iface bond0.10 inet static
 address 192.168.200.1
 netmask 255.255.255.0
 gateway 192.168.200.254

檢查vlan的狀態：

cat /proc/net/vlan/config

VLAN Dev name  | VLAN ID
Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD
vlan5          | 5  | bond0
vlan10         | 10  | bond0

cat /proc/net/vlan/vlan5

vlan5  VID: 5  REORDER_HDR: 1  dev->priv_flags: 1
         total frames received            0
          total bytes received            0
      Broadcast/Multicast Rcvd            0

      total frames transmitted           35
       total bytes transmitted         7725
Device: bond0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings: 

可以在更複雜一點：我們已經把eth0/eth1結合成bond0，又再分享了bond0成為br0；現在我們又要為br0加上VLAN tag:br0.5/br0.10。

auto eth0
iface eth0 inet manual
bond-master bond0

auto eth1
iface eth1 inet manual
bond-master bond0

auto bond0
iface bond0 inet manual
 # address 192.168.10.198
 # netmask 255.255.255.0
 # gateway 192.168.10.1
 bond-slaves eth0 eth1
 bond-mode 5
 bond-miimon 100
 bond-downdelay 200
 bond-updelay 200

auto br0
iface br0 inet static
 address 192.168.10.22
 netmask 255.255.255.0
 gateway 192.168.10.1
 bridge_ports bond0
 bridge_stp off

auto vlan5
iface vlan5 inet static
 vlan-raw-device br0
 address 192.168.100.2
 netmask 255.255.255.0
 gateway 192.168.100.254

auto vlan10
iface vlan10 inet static
 vlan-raw-device br0
 address 192.168.200.2
 netmask 255.255.255.0
 gateway 192.168.200.254

請特別注意兩個VLAN我使用不同的寫法：vlan5以及br0.10。實際上vlan5這種寫法比較直覺且容易閱讀，只是需要多加上vlan-raw-device來宣告原始的裝置為何；至於br0.5雖然比較難馬上看懂(br0.5跟br0:5實在很相似阿！)，但是設定檔卻相當好寫！

VLAN真的很容易上手對吧！

參考文章：

• VLAN Networking
• Configure an Ethernet interface as a VLAN trunk (Debian)

Share