RHEL7: How to configure vlans.

Share this link

Presentation of Vlans

If you’ve got a switch with vlan capabilities, at one point or another, you will want to add vlans to your network. Vlan stands for virtual local area network. It is a way to create separate virtual networks from a single physical one (see wikipedia for an in-depth explanation). In a typical production environment, you’ve got several vlans: one for console management, one for storage, one for backup, one for application flows, etc.

Vlans receive a number for identification between 0 and 4095. Avoid 0, 1 and 4095.

Normally, the number 1 is reserved for management. On some switches, it is not possible to change this configuration. Check your switch documentation for more details.

This separation is done through a mechanism called tagging. Each port of a switch is associated with a vlan. Each packet going into a switch through a port receives a tag containing the vlan number, telling from which vlan it is coming. This tag is removed when the packet leaves the switch. In the remaining of this tutorial we will use the 802.1Q standard.

If your server isn’t used as a router between vlans or if it doesn’t need to be connected to several vlans at the same time through the same cable, no additional configuration is required.

However, if it is a router or if it sees several vlans at the same time, your server needs to be connected to a special kind of port called a trunk. A trunk is a port of a switch where the tags are not removed. It is up to the server to remove them.

Configuration Procedure

First, you will need to set up a trunk on the switch side. It’s only in a second stage that you will need to configure vlans on the server side.

Let’s assume that we configured a trunk on a switch dealing with two vlans:

  • vlan number 10 called vlan10, representing the 192.168.10.0/24 network,
  • vlan number 20 called vlan20, representing the 192.168.20.0/24 network.

We now want to connect our server to the trunk through the eth0 network interface with a cable.

To remove any previous configuration on the eth0 network interface, type:

# nmcli con del eth0

Note: It is important that there is no ip configuration on the main interface (no ip address, etc).

To create the two vlans on the eth0 network interface, type:

# nmcli con add type vlan con-name vlan10 dev eth0 id 10
Connection 'vlan10' (8275c94d-2dc7-4c6c-95fd-e64caec67850) successfully added.
# nmcli con add type vlan con-name vlan20 dev eth0 id 20
Connection 'vlan20' (e10eea8c-ea4e-483a-8ceb-1669d2252106) successfully added.

To check the new configuration, type:

# nmcli con show
NAME    UUID                                  TYPE            DEVICE 
vlan20  e10eea8c-ea4e-483a-8ceb-1669d2252106  vlan            --     
vlan10  8275c94d-2dc7-4c6c-95fd-e64caec67850  vlan            --     

Now, you can configure the network interfaces as usual (look at the network configuration tutorial for more details):

# nmcli con mod vlan10 ipv4.addresses 192.168.10.1/24
# nmcli con mod vlan10 ipv4.gateway 192.168.10.1
# nmcli con mod vlan10 ipv4.method manual
# nmcli con up vlan10
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
# nmcli con mod vlan20 ipv4.addresses 192.168.20.1/24
# nmcli con mod vlan20 ipv4.gateway 192.168.20.1
# nmcli con mod vlan20 ipv4.method manual
# nmcli con up vlan20
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

Finally, to check the configuration, type:

# nmcli dev
DEVICE       TYPE      STATE         CONNECTION 
eth0.10      vlan      connected     vlan10     
eth0.20      vlan      connected     vlan20     
eth0         ethernet  disconnected  --         
lo           loopback  unmanaged     --         
# nmcli con show
NAME UUID TYPE DEVICE 
vlan20 e10eea8c-ea4e-483a-8ceb-1669d2252106 vlan eth0.20 
vlan10 8275c94d-2dc7-4c6c-95fd-e64caec67850 vlan eth0.10 

Note: You’ve got now two sub-interfaces called eth0.10 and eth0.20.

After this configuration, two new files have been created in the /etc/sysconfig/network-script directory and one removed (ifcfg-eth0):

  • ifcfg-vlan10:
    VLAN=yes
    TYPE=Vlan
    PHYSDEV=eth0
    VLAN_ID=10
    REORDER_HDR=0
    BOOTPROTO=none
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=no
    IPV6INIT=yes
    IPV6_AUTOCONF=yes
    IPV6_DEFROUTE=yes
    IPV6_FAILURE_FATAL=no
    NAME=vlan10
    UUID=8275c94d-2dc7-4c6c-95fd-e64caec67850
    ONBOOT=yes
    IPADDR=192.168.10.1
    PREFIX=24
    GATEWAY=192.168.10.1
    IPV6_PEERDNS=yes
    IPV6_PEERROUTES=yes
  • ifcfg-vlan20:
    VLAN=yes
    TYPE=Vlan
    PHYSDEV=eth0
    VLAN_ID=20
    REORDER_HDR=0
    BOOTPROTO=none
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=no
    IPV6INIT=yes
    IPV6_AUTOCONF=yes
    IPV6_DEFROUTE=yes
    IPV6_FAILURE_FATAL=no
    NAME=vlan20
    UUID=e10eea8c-ea4e-483a-8ceb-1669d2252106
    ONBOOT=yes
    IPADDR=192.168.20.1
    PREFIX=24
    GATEWAY=192.168.20.1
    IPV6_PEERDNS=yes
    IPV6_PEERROUTES=yes

Obviously, if you plan to route packets between your two network interfaces, type:

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# sysctl -p

Note: Additional details about the sysctl command are available in the sysctl tutorial.

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create a user account named "tony" with password “redhat” and belonging to a secondary group called “team”.

RHCE7: Task of the day

Allowed time: 10 minutes.
Configure a system to forward all email to a central mail server at 192.168.1.1 (change the IP address accordingly).

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...