| View previous topic :: View next topic |
| Author |
Message |
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
 Posted: Thu Oct 14, 2004 6:00 pm Post subject: [HOWTO] VLANs in a Snap with Gentoo |
 |
|
I've been meaning to figure this out, so today I did and it's so easy I thought I'd post a guide so people don't put it off like I did thinking it complicated.
First, let me explain the differences between the Linux and Cisco implementations of 802.1q. 802.1q is the standards-based trunking protocol, meaning it allows the carrying of multiple VLANs. Cisco has another protocol that they used first, but most devices can use both. Being OSS fans, we like the standards so we'll stick with 802.1q.
Cisco uses one port to communicate with all VLANs in an 802.1q trunk. Linux splits this task, one VLAN per virtual NIC. Gentoo will setup these Virtual NICs for you once you tell it what to expect.
Assumptions
I'm assuming that your switches already have VLANs setup and that you simply want to add Linux to the mix. I also assume that your using the cisco port FastEthernet 0/1, that your linux box is using eth1 for this exercise and that you have 3 vlans setup on the Cisco device with the IDs, 1 2 3.
Cisco VLAN Setup
Setup the Cisco port for an 802.1q trunk first if that is what is on the other end. If a Linux device, just do the Linux side twice. If you have a different VLAN capable device, you'll have to consult your vendor's documentation and get back to us with a comment here to tell us how to do it.
For the 2900XL, Log into the IOS and type the following commands:
| Code: | en
password: <enter enable password>
config t
int fa 0/1
shut
switchport trunk encapsulation dot1q
switchport mode trunk
no shut |
or on the 2500:
| Code: | enable
config terminal
interface fastethernet 0/1
shutdown
switchport mode trunk
switchport trunk access allowed vlan <all / vlan ID>
no shutdown |
You should also remove any other confugrations for the port that are out of date such as setting the port for a specific vlan with a command like:
| Code: | | no switchport access vlan $vlanID |
Installing Needed Software
The following command should show if you have VLAN support in you kernel.
| Code: | | grep CONFIG_VLAN_8021Q /usr/src/linux/.config |
If you see
| Code: | | # CONFIG_VLAN_8021Q is not set |
You need to config your kernel to set this up as a module and then issues the following commands. It will work on either the current 2.4 or 2.6 kernels in portage.
| Code: | cd /usr/src/linux
make modules
make modules_install |
Mine is built as a module so I see the line
| Code: | | CONFIG_VLAN_8021Q=m |
Once you have the above worked out,
Then make sure you have the directory /proc/net/vlan/ and it includes a file called config. That is a sure sign that you have vlan compatability in your kernel.
Final for software setup:
NIC Setup
To setup the VLANs you want to talk to you must edit your net configuration in /etc/conf.d/net. You'll want to remove any current configuration for your NIC and enter something akin to the following:
| Code: | ifconfig_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ifconfig_eth1_1=( "10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0" )
ifconfig_eth1_2=( "dhcp" )
ifconfig_eth1_3=( "dhcp" ) |
or for iproute2:
| Code: | ipaddr_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ipaddr_eth1_1=( "10.0.20.254/24 brd 10.0.20.255" )
ipaddr_eth1_2=( "dhcp" )
ipaddr_eth1_3=( "dhcp" )
|
You'll notice that the ifconfig_ethX_N variable is given the same sort of configuration that your previous ifconfig_ethX variables had. Additionally, the variable ifconfig_ethX_vlans contains a list of the vlans you want to talk to.
Start it all up
Now all you have to do is type /etc/init.d/net.eth1 restart and it should all come up. You will get feedback about the individual interfaces if something goes wrong.
If you get the message | Quote: | | ERROR: trying to add VLAN #1 to IF -:eth2:- error: Invalid argument |
then check your config in the variable ifconfig_eth2_1 or more accurately the variable of that ilk cooresponding to the indications from the error message.
Conclusion
You should find that /proc/net/vlan now has a file cooresponding to each of the virtual NICs in it. You can look into the file to see the configuration of that virtual NIC in terms of the VLAN setup.
Also, take a look at your routing table, you should notice it has increased in size many fold.
If you want this box to route traffic between VLAN simply issue the following command:
| Code: | | echo 1 > /proc/sys/net/ipv4/ip_forward |
You can find my wiki notes on this subject here . I'd also like to mess around with the [url=http://lcdpd.sourceforge.net/]Linux CDP project[url], evidently it is defunct due to an apparent lack of interest. I have been told that ethreal supports some CDP stuff but haven't played with that yet. I'd appreciate your comments if you've used it. Perhaps we can revive it.
EDIT: Oct. 30, 2004
* Thanks to UberLord for the new variables in /etc/conf.d/net and also including the ones for iproute2.
* Thanks to Gentoo Box for the Cisco 2500 configuration.
* While I'm at it thanks, to all those showing appreciation for the guide. 
* Updated my CDP Comment to reflect new information.
_________________
An Evil Genious' Guide to Sheeple and How To Avoid Becoming One | 0x4C9EF4A
Last edited by flickerfly on Sat Oct 30, 2004 3:05 pm; edited 2 times in total |
|
| Back to top |
|
 |
Strenuus
n00b
Joined: 27 Jan 2004
Posts: 26
Location: Texas
|
| Posted: Fri Oct 29, 2004 9:30 pm Post subject: |
|
|
| Thank you so much flickerfly, I too have been putting this off for a while now and didn't think it would have been that simple. Thank you for the simpe howto. |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
|
| Back to top |
|
|
Strenuus
n00b
Joined: 27 Jan 2004
Posts: 26
Location: Texas
|
| Posted: Fri Oct 29, 2004 9:38 pm Post subject: Re: Linux CDP |
|
|
Have you had any luck on getting Linux CDP working and do you know if there is a ebuild for it somewhere in portage? |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri Oct 29, 2004 11:33 pm Post subject: Re: [HOWTO] VLANs in a Snap with Gentoo |
|
|
| flickerfly wrote: |
To setup the VLANs you want to talk to you must edit your net configuration in /etc/conf.d/net. You'll want to remove any current configuration for your NIC and enter something akin to the following:
| Code: | iface_eth1="0.0.0.0"
iface_eth1_vlans="1 2 3"
iface_eth1_1="10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0"
iface_eth1_2="dhcp"
iface_eth1_3="dhcp" |
|
Just a note to say that the variables you've used were depreciated some time ago - although they should still work
The new settings should be
| Code: |
ifconfig_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ifconfig_eth1_1=( "10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0" )
ifconfig_eth1_2=( "dhcp" )
ifconfig_eth1_3=( "dhcp" )
|
or for iproute2
| Code: |
ipaddr_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ipaddr_eth1_1=( "10.0.20.254/24 brd 10.0.20.255" )
ipaddr_eth1_2=( "dhcp" )
ipaddr_eth1_3=( "dhcp" )
|
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
|
| Back to top |
|
|
ali3nx
l33t
Joined: 21 Sep 2003
Posts: 722
Location: Winnipeg, Canada
|
| Posted: Sat Oct 30, 2004 7:18 am Post subject: |
|
|
nice 
I'll be making use of this in short order at the isp i work for! Thanks
_________________
Compiling Gentoo since version 1.4
Thousands of Gentoo Installs Completed
Emerged on every continent but Antarctica
Compile long and Prosper! |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Sat Oct 30, 2004 11:09 am Post subject: |
|
|
| flickerfly wrote: | | What is the benefit of the new ones? I don't see any change outside the variable name. What do I gain? |
For the vlans variable - nothing as it's just a name change to bring it inline with our other variables
For the others, you gain the ability to easily define aliases like so
| Code: | ifconfig_eth0=( "192.168.0.1 netmask 255.255.255.0"
"192.168.0.2 netmask 255.255.255.0"
"dhcp" ) |
This creates eth0, and two aliase eth0:1 and eth0:2
You need to use this structure when defining tun/tap or bridge interfaces if you need to give them an address (note - not availble in portage yet)
| Code: | | ifconfig_eth0=( "tuntap" "192.168.0.1 netmask 255.255.255.0" ) |
Hopefully you can now see why we're encouraging the new variables
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
GentooBox
Veteran
Joined: 22 Jun 2003
Posts: 1168
Location: Denmark
|
| Posted: Sat Oct 30, 2004 12:07 pm Post subject: |
|
|
what ! is there a CDP for linux ? thats awsome.
nice guide BTW.
and thanks for useing dot1q instead of ISL.
| Quote: | en
password: <enter enable password>
config t
int fa 0/1
shut
switchport trunk encapsulation dot1q
switchport mode trunk
no shut |
this is how its done on Cisco 2500 switches.
| Code: |
enable
config terminal
interface fastethernet 0/1
shutdown
switchport mode trunk
switchport trunk access allowed vlan <all / vlan ID>
no shutdown
|
Cisco 2500 switches only supports dot1q, so its enabled by default.
EDIT: you dont have to shutdown the interface before useing trunk, Cisco switches restart the interface by itself.
_________________
Encrypt, lock up everything and duct tape the rest |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
| Posted: Sat Oct 30, 2004 2:35 pm Post subject: |
|
|
| GentooBox wrote: | | you dont have to shutdown the interface before useing trunk, Cisco switches restart the interface by itself. |
True, however, it is considered best practice. Other devices are less likely to see the port going up and down. I don't think any massive consequences would occur if you didn't.
_________________
An Evil Genious' Guide to Sheeple and How To Avoid Becoming One | 0x4C9EF4A |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
| Posted: Tue Nov 09, 2004 8:08 pm Post subject: Re: [HOWTO] VLANs in a Snap with Gentoo |
|
|
| UberLord wrote: | | flickerfly wrote: |
To setup the VLANs you want to talk to you must edit your net configuration in /etc/conf.d/net. You'll want to remove any current configuration for your NIC and enter something akin to the following:
| Code: | iface_eth1="0.0.0.0"
iface_eth1_vlans="1 2 3"
iface_eth1_1="10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0"
iface_eth1_2="dhcp"
iface_eth1_3="dhcp" |
|
Just a note to say that the variables you've used were depreciated some time ago - although they should still work
The new settings should be
| Code: |
ifconfig_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ifconfig_eth1_1=( "10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0" )
ifconfig_eth1_2=( "dhcp" )
ifconfig_eth1_3=( "dhcp" )
|
or for iproute2
| Code: |
ipaddr_eth1=( "0.0.0.0" )
vlans_eth1="1 2 3"
ipaddr_eth1_1=( "10.0.20.254/24 brd 10.0.20.255" )
ipaddr_eth1_2=( "dhcp" )
ipaddr_eth1_3=( "dhcp" )
|
|
I've not been able to make the ipaddr stuff work at all and looking at my init.d/net.ethX file, it hasn't a chance. ifconfig stuff works, but I still have to use the old iface_eth1_vlans="1 2 3" bit. Is this a result of features not yet in stable?
_________________
An Evil Genious' Guide to Sheeple and How To Avoid Becoming One | 0x4C9EF4A |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Wed Nov 10, 2004 9:40 am Post subject: Re: [HOWTO] VLANs in a Snap with Gentoo |
|
|
| flickerfly wrote: | | I've not been able to make the ipaddr stuff work at all and looking at my init.d/net.ethX file, it hasn't a chance. ifconfig stuff works, but I still have to use the old iface_eth1_vlans="1 2 3" bit. Is this a result of features not yet in stable? |
You're right - the iface_eth1_vlans variable is still required for stable (must remember this - lol).
ipaddr is very flaky in stable - broken for the most part. I can assure you that it's rock solid in unstable
However, as you're obviously clued up about vlan, how about trying out baselayout-1.11.6-r1 or better and giving me some feedback about vlan working or not  |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
| Posted: Wed Nov 10, 2004 1:10 pm Post subject: Re: [HOWTO] VLANs in a Snap with Gentoo |
|
|
| UberLord wrote: | | However, as you're obviously clued up about vlan, how about trying out baselayout-1.11.6-r1 or better and giving me some feedback about vlan working or not |
Sure is there a bug I should post my results under?
_________________
An Evil Genious' Guide to Sheeple and How To Avoid Becoming One | 0x4C9EF4A |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Wed Nov 10, 2004 2:55 pm Post subject: Re: [HOWTO] VLANs in a Snap with Gentoo |
|
|
| flickerfly wrote: | | UberLord wrote: | | However, as you're obviously clued up about vlan, how about trying out baselayout-1.11.6-r1 or better and giving me some feedback about vlan working or not |
Sure is there a bug I should post my results under? |
You can post here or create a new bug @ bugs.gentoo.org |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Wed Nov 10, 2004 5:07 pm Post subject: |
|
|
| flickerfly wrote: | | I'm going to need a quick tutorial on unmanking that package. I know how to do it the old way, but haven't fully understood the new method yet. |
| Code: |
mkdir /etc/portage
echo "sys-apps/baselayout ~x86" >> /etc/portage/package.keywords
echo "=sys-apps/sysvinit-2.85-r1 ~x86" >> /etc/portage/package.keywords
echo "=sys-libs/readline-5.0-r1 ~x86" >> /etc/portage/package.keywords
echo "=app-shells/bash-3.0-r7 ~x86" >> /etc/portage/package.keywords
emerge -uaDv world
|
|
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Thu Nov 11, 2004 7:26 pm Post subject: |
|
|
I have many difficulties. I always wondered why Gentoo has to complicate things by abstracting the network configuration.
I simply want to route traffic between two vlans. Following your howto, compared to when I do a manual configuration, I end up with eth0 having an ipv6 address, unable to define a default gateway and with SIOCSIFMTU error, probably due to the mtu 1504 defined in your wiki. I also have to spoof the mac address.
So here is how I configured /etc/conf.d/net | Code: | ifconfig_eth0=( "0.0.0.0 hw ether 00:04:E2:7D:93:C3 mtu 1504" )
vlans_eth0="0 1"
ifconfig_eth0_0=( "192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0" )
ifconfig_eth0_1=( "nnn.nnn.nnn.nnn broadcast nnn.nnn.nnn.255 netmask 255.255.255.0" )
# For setting the default gateway
#
gateway="eth0/nnn.nnn.nnn.1" |
That's just to establish the connections. I'll deal with the routing later.
Is it possible or do I have to completely rewrite /etc/init.d/net.eth0 (which I'm very much tempted to do).
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
flickerfly
l33t
Joined: 08 Nov 2002
Posts: 677
Location: Lanham, MD
|
| Posted: Thu Nov 11, 2004 8:49 pm Post subject: |
|
|
| tecknojunky wrote: | I have many difficulties. I always wondered why Gentoo has to complicate things by abstracting the network configuration.
I simply want to route traffic between two vlans. Following your howto, compared to when I do a manual configuration, I end up with eth0 having an ipv6 address, unable to define a default gateway and with SIOCSIFMTU error, probably due to the mtu 1504 defined in your wiki. I also have to spoof the mac address.
So here is how I configured /etc/conf.d/net | Code: | ifconfig_eth0=( "0.0.0.0 hw ether 00:04:E2:7D:93:C3 mtu 1504" )
vlans_eth0="0 1"
ifconfig_eth0_0=( "192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0" )
ifconfig_eth0_1=( "nnn.nnn.nnn.nnn broadcast nnn.nnn.nnn.255 netmask 255.255.255.0" )
# For setting the default gateway
#
gateway="eth0/nnn.nnn.nnn.1" |
That's just to establish the connections. I'll deal with the routing later.
Is it possible or do I have to completely rewrite /etc/init.d/net.eth0 (which I'm very much tempted to do). |
Try the old config. It's best on a stable system and be sure of 802.1q trunking vs Cisco's proprietary ISL(I think in the name)
| Code: | iface_eth1="0.0.0.0"
iface_eth1_vlans="1 2 3"
iface_eth1_1="10.0.20.254 broadcast 10.0.20.255 netmask 255.255.255.0"
iface_eth1_2="dhcp"
iface_eth1_3="dhcp" |
_________________
An Evil Genious' Guide to Sheeple and How To Avoid Becoming One | 0x4C9EF4A |
|
| Back to top |
|
|
gtsquirrel
Tux's lil' helper
Joined: 21 Nov 2002
Posts: 85
Location: San Jose, CA
|
| Posted: Thu Nov 11, 2004 11:32 pm Post subject: Adding VLAN options |
|
|
Hey,
Thanks for posting this! I was about to add my own /etc/init.d/vlan script to handle this apart from the regular Gentoo network initialization. I did have a few questions, though.
vconfig has lots of different options, so I'm wondering how to customize that in the /etc/conf.d/net file. How can I specify a PER_DEVICE or a PER_KERNEL bind-type? And how can I specify a naming scheme to use? (VLAN_PLUS_VID, VLAN_PLUS_VID_NO_PAD, DEV_PLUS_VID, DEV_PLUS_VID_NO_PAD)
I took a brief look at the code in /etc/init.d/net.eth0, but didn't really see anything that looked to be for this.
Thanks!
chris |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Fri Nov 12, 2004 1:44 am Post subject: |
|
|
Well, I finaly got fed up learning stuff way too off and complicated. I decided to simply put the ifconfig and route commands directly into the net.eth0 script. Suddenly, life became much simpler.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri Nov 12, 2004 10:54 am Post subject: Re: Adding VLAN options |
|
|
| gtsquirrel wrote: |
vconfig has lots of different options, so I'm wondering how to customize that in the /etc/conf.d/net file. How can I specify a PER_DEVICE or a PER_KERNEL bind-type? And how can I specify a naming scheme to use? (VLAN_PLUS_VID, VLAN_PLUS_VID_NO_PAD, DEV_PLUS_VID, DEV_PLUS_VID_NO_PAD) |
At present you can't - not even in unstable baselayout-1.11.6-r1.
Hopefully have something in next release of baselayout |
|
| Back to top |
|
|
gtsquirrel
Tux's lil' helper
Joined: 21 Nov 2002
Posts: 85
Location: San Jose, CA
|
| Posted: Fri Nov 12, 2004 9:59 pm Post subject: |
|
|
Actually, it appears as though PER_DEVICE and PER_KERNEL support has been stripped from vconfig 1.8. I wonder what else they've changed ...
Thanks!
chris |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Sat Nov 13, 2004 4:23 am Post subject: |
|
|
Bummer, another tile fell on my head.  iptables do not support aliases or vlans. So, I've put in a second nic.
The downside is that it's connected to the same switch, so I'm using two ports. Kinda dumb when you know the switch and Linux can both talk vlan.
It would seem that iptables2 could do that, but it looked radically different in terms of commands, and I need a router now, not in two months.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
