802.1Q VLAN trunk in Linux

802.1Q VLAN trunk in Linux

I need to configure an Ethernet interface as an IEEE 802.1q VLAN trunk on Linux Mint for Lab purposes so I can connect GNS3 with a physical Cisco Switch. So I will create 6 vlan interface using VLAN ID 101-106 on eth0 interface.

Install VLAN package

 sudo apt-get install vlan 


Load the 8021q kernel module

 sudo modprobe 8021q   

Check if the kernel module is loaded

 $ lsmod | grep 8021q  
 8021q         24353 0   
 garp          14313 1 8021q  
 mrp           18471 1 8021q   

Create VLAN interfaces

Use the vconfig tool to create virtual VLAN interfaces
 sudo vconfig add eth0 101   
 sudo vconfig add eth0 102   
 sudo vconfig add eth0 103   
 sudo vconfig add eth0 104   
 sudo vconfig add eth0 105   
 sudo vconfig add eth0 106  
This will create the virtual interfaces eth0.101 - eth0.106.
For example interface eth0.101 will be sending packets tagged with VID 101. Packets received on eth0 tagged with VID 101 will show up on eth0.101 as untagged packets. Only packets that were tagged with VID 101 will arrive on the VLAN interface.

Instead of using the (deprecated) "vconfig" command you can use the "ip link". For example:
ip link add link eth0 name eth0.101 type vlan id 101

To remove a VLAN interface
 sudo vconfig rem eth0.101   

Assign IP address on vlan interface

 sudo ip addr add 10.0.101.1/24 dev eth0.101   
 sudo ip addr add 10.0.102.1/24 dev eth0.102   
 sudo ip addr add 10.0.103.1/24 dev eth0.103   
 sudo ip addr add 10.0.104.1/24 dev eth0.104   
 sudo ip addr add 10.0.105.1/24 dev eth0.105   
 sudo ip addr add 10.0.106.1/24 dev eth0.106  

Detailed information about VLAN interface:
 $ sudo cat /proc/net/vlan/eth0.101  
 eth0.101 VID: 101      REORDER_HDR: 1 dev->priv_flags: 1  
      total frames received     1104  
      total bytes received    92424  
    Broadcast/Multicast Rcvd      51  
   
    total frames transmitted     1208  
     total bytes transmitted    131766  
 Device: eth0  
 INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0  
  EGRESS priority mappings:     

Permanent VLAN mapping

To preserve the vlan configuration when the system reboots we need to make sure that module 802.1q is loaded and that the interface vlan configuration exists.
Latter can be done in two ways, either make it permanent by editing the /etc/network/interfaces file OR run a script with the appropriate commands every time you need it.

To make sure that 802.1q module is loaded after a reboot we need to add the module to the /etc/modules.
 sudo su -c 'echo "8021q" >> /etc/modules'    

To check it:
 $ cat /etc/modules  
 # /etc/modules: kernel modules to load at boot time.  
 #  
 # This file contains the names of kernel modules that should be loaded  
 # at boot time, one per line. Lines beginning with "#" are ignored.  
 # Parameters can be specified after the module name.  
   
 lp  
 rtc  
 8021q   

A. Edit /etc/network/interfaces

To save the vlan interfaces and make them available when the system boots we need to edit file /etc/network/interfaces.
First make a backup of your /etc/network/interfaces file before making any changes.
 sudo cp /etc/network/interfaces /etc/network/interfaces.backup

 sudo nano /etc/network/interfaces   
 $ cat /etc/network/interfaces  
 # interfaces(5) file used by ifup(8) and ifdown(8)  
 # The loopback network interface  
 auto lo  
 iface lo inet loopback  
   
 # The primary network interface  
  allow-hotplug eth0  
  auto eth0  
  iface eth0 inet static  
  address 192.168.0.10  
  netmask 255.255.255.0  
  gateway 192.168.0.1  

 #add VLAN 101 on eth0  
 auto eth0.101  
 iface eth0.101 inet static  
  address  10.0.101.1
  netmask 255.255.255.0
   
 #add VLAN 102 on eth0  
 auto eth0.102  
 iface eth0.102 inet static  
  address 10.0.102.1
  netmask 255.255.255.0  
   
 #add VLAN 103 on eth0  
 auto eth0.103  
 iface eth0.103 inet static  
  address 10.0.103.1  
  netmask 255.255.255.0  
   
 #add VLAN 104 on eth0  
 auto eth0.104  
 iface eth0.104 inet static  
  address 10.0.104.1  
  netmask 255.255.255.0
   
 #add VLAN 105 on eth0  
 auto eth0.105  
 iface eth0.105 inet static  
  address 10.0.105.1  
  netmask 255.255.255.0  
   
 #add VLAN 106 on eth0  
 auto eth0.106  
 iface eth0.106 inet static  
  address 10.0.106.1  
  netmask 255.255.255.0  

B.Run a script

Run the following script manually every time is needed.
 #!/bin/bash   
 modprobe 8021q  
 # bring interfaces up  
 ifconfig eth0 down   
 ifconfig eth0 up   
    
 # setup vlans  
 vconfig add eth0 101   
 vconfig add eth0 102   
 vconfig add eth0 103    
 vconfig add eth0 104    
 vconfig add eth0 105    
 vconfig add eth0 106  
   
 ifconfig eth0.101 10.0.101.1 netmask 255.255.255.0 up  
 ifconfig eth0.102 10.0.102.1 netmask 255.255.255.0 up  
 ifconfig eth0.103 10.0.103.1 netmask 255.255.255.0 up  
 ifconfig eth0.104 10.0.104.1 netmask 255.255.255.0 up  
 ifconfig eth0.105 10.0.105.1 netmask 255.255.255.0 up  
 ifconfig eth0.106 10.0.106.1 netmask 255.255.255.0 up 

Restart your network interface:
 sudo service networking restart    

Cisco Switch Configuration

 interface FastEthernet0/1  
  description --Trunk to Linux--  
  switchport trunk encapsulation dot1q  
  switchport mode trunk  
  no ip address  
  spanning-tree bpdufilter enable  
  spanning-tree bpduguard enable  
 !  
 interface Vlan101  
  ip address 10.0.101.254 255.255.255.0  
 !  
 interface Vlan102  
  ip address 10.0.102.254 255.255.255.0    


Verifying

We can verifying by pinging from Linux computer to the vlan SVI interfaces on the cisco switch
 ping 10.0.101.254 -c 5; ping 10.0.102.254 -c 5    

Using tcpdump on interface eth0 we see that packets are passing with the VLAN ID tagged
 sudo tcpdump -i eth0 -n -e vlan  
   
 14:27:10.001070 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 10.0.101.1 > 10.0.101.254: ICMP echo request, id 4796, seq 1, length 64 
 14:27:14.003204 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 102: vlan 102, p 0, ethertype IPv4, 10.0.102.1 > 10.0.102.254: ICMP echo request, id 4797, seq 1, length 64  



Using tcpdump on the vlan interface eth0.101 or eth0.102 we see that packets are passing with VLAN ID untagged
 sudo tcpdump -i eth0.101 -n -e  
   
 14:35:50.792633 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 98: 10.0.101.1 > 10.0.101.254: ICMP echo request, id 4834, seq 1, length 64  
 14:35:50.793104 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 98: 10.0.101.254 > 10.0.101.1: ICMP echo reply, id 4834, seq 1, length 64  

 sudo tcpdump -i eth0.102 -n -e  
   
 14:39:26.003155 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 98: 10.0.102.1 > 10.0.102.254: ICMP echo request, id 4839, seq 1, length 64  
 14:39:26.003589 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 98: 10.0.102.254 > 10.0.102.1: ICMP echo reply, id 4839, seq 1, length 64  


Similarly sending packets from the switch SVI interface to the Linux computer we also see the packets with VLAN ID tagged on physical interface eth0.
 SW#ping 10.0.101.1  
 SW#ping 10.0.102.1  

 sudo tcpdump -i eth0 -n -e vlan  
   
 14:40:30.946055 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 118: vlan 101, p 0, ethertype IPv4, 10.0.101.1 > 10.0.101.254: ICMP echo reply, id 5569, seq 5160, length 80  
 14:40:35.458061 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 118: vlan 102, p 0, ethertype IPv4, 10.0.102.1 > 10.0.102.254: ICMP echo reply, id 835, seq 4155, length 80  



And packets captured on vlan interfaces on Linux computer have VLAN ID untagged
 sudo tcpdump -i eth0.101 -n -e  
   
 14:49:18.062039 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 114: 10.0.101.254 > 10.0.101.1: ICMP echo request, id 2560, seq 8314, length 80  
 14:49:18.062077 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 114: 10.0.101.1 > 10.0.101.254: ICMP echo reply, id 2560, seq 8314, length 80  

 sudo tcpdump -i eth0.102 -n -e  
   
 14:49:37.390147 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 114: 10.0.102.254 > 10.0.102.1: ICMP echo request, id 4021, seq 3229, length 80  
 14:49:37.390187 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 114: 10.0.102.1 > 10.0.102.254: ICMP echo reply, id 4021, seq 3229, length 80  

Comments

Popular Posts