802.1Q VLAN trunk in Linux
802.1Q VLAN trunk in Linux
I need to configure an Ethernet interface as an IEEE 802.1q VLAN trunk on Linux Mint for Lab purposes so I can connect GNS3 with a physical Cisco Switch. So I will create 6 vlan interface using VLAN ID 101-106 on eth0 interface.
For example interface eth0.101 will be sending packets tagged with VID 101. Packets received on eth0 tagged with VID 101 will show up on eth0.101 as untagged packets. Only packets that were tagged with VID 101 will arrive on the VLAN interface.
Instead of using the (deprecated) "vconfig" command you can use the "ip link". For example:
ip link add link eth0 name eth0.101 type vlan id 101
Detailed information about VLAN interface:
Latter can be done in two ways, either make it permanent by editing the /etc/network/interfaces file OR run a script with the appropriate commands every time you need it.
To make sure that 802.1q module is loaded after a reboot we need to add the module to the /etc/modules.
First make a backup of your /etc/network/interfaces file before making any changes.
Restart your network interface:
Using tcpdump on interface eth0 we see that packets are passing with the VLAN ID tagged
Using tcpdump on the vlan interface eth0.101 or eth0.102 we see that packets are passing with VLAN ID untagged
Similarly sending packets from the switch SVI interface to the Linux computer we also see the packets with VLAN ID tagged on physical interface eth0.
And packets captured on vlan interfaces on Linux computer have VLAN ID untagged
Install VLAN package
sudo apt-get install vlan
Load the 8021q kernel module
sudo modprobe 8021q
Check if the kernel module is loaded
$ lsmod | grep 8021q
8021q 24353 0
garp 14313 1 8021q
mrp 18471 1 8021q
Create VLAN interfaces
Use the vconfig tool to create virtual VLAN interfaces sudo vconfig add eth0 101
sudo vconfig add eth0 102
sudo vconfig add eth0 103
sudo vconfig add eth0 104
sudo vconfig add eth0 105
sudo vconfig add eth0 106
This will create the virtual interfaces eth0.101 - eth0.106.For example interface eth0.101 will be sending packets tagged with VID 101. Packets received on eth0 tagged with VID 101 will show up on eth0.101 as untagged packets. Only packets that were tagged with VID 101 will arrive on the VLAN interface.
Instead of using the (deprecated) "vconfig" command you can use the "ip link". For example:
ip link add link eth0 name eth0.101 type vlan id 101
To remove a VLAN interface
sudo vconfig rem eth0.101
Assign IP address on vlan interface
sudo ip addr add 10.0.101.1/24 dev eth0.101
sudo ip addr add 10.0.102.1/24 dev eth0.102
sudo ip addr add 10.0.103.1/24 dev eth0.103
sudo ip addr add 10.0.104.1/24 dev eth0.104
sudo ip addr add 10.0.105.1/24 dev eth0.105
sudo ip addr add 10.0.106.1/24 dev eth0.106
Detailed information about VLAN interface:
$ sudo cat /proc/net/vlan/eth0.101
eth0.101 VID: 101 REORDER_HDR: 1 dev->priv_flags: 1
total frames received 1104
total bytes received 92424
Broadcast/Multicast Rcvd 51
total frames transmitted 1208
total bytes transmitted 131766
Device: eth0
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
Permanent VLAN mapping
To preserve the vlan configuration when the system reboots we need to make sure that module 802.1q is loaded and that the interface vlan configuration exists.Latter can be done in two ways, either make it permanent by editing the /etc/network/interfaces file OR run a script with the appropriate commands every time you need it.
To make sure that 802.1q module is loaded after a reboot we need to add the module to the /etc/modules.
sudo su -c 'echo "8021q" >> /etc/modules'
To check it:
$ cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
# Parameters can be specified after the module name.
lp
rtc
8021q
A. Edit /etc/network/interfaces
To save the vlan interfaces and make them available when the system boots we need to edit file /etc/network/interfaces.First make a backup of your /etc/network/interfaces file before making any changes.
sudo cp /etc/network/interfaces /etc/network/interfaces.backup
sudo nano /etc/network/interfaces
$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1
#add VLAN 101 on eth0
auto eth0.101
iface eth0.101 inet static
address 10.0.101.1
netmask 255.255.255.0
#add VLAN 102 on eth0
auto eth0.102
iface eth0.102 inet static
address 10.0.102.1
netmask 255.255.255.0
#add VLAN 103 on eth0
auto eth0.103
iface eth0.103 inet static
address 10.0.103.1
netmask 255.255.255.0
#add VLAN 104 on eth0
auto eth0.104
iface eth0.104 inet static
address 10.0.104.1
netmask 255.255.255.0
#add VLAN 105 on eth0
auto eth0.105
iface eth0.105 inet static
address 10.0.105.1
netmask 255.255.255.0
#add VLAN 106 on eth0
auto eth0.106
iface eth0.106 inet static
address 10.0.106.1
netmask 255.255.255.0
B.Run a script
Run the following script manually every time is needed. #!/bin/bash
modprobe 8021q
# bring interfaces up
ifconfig eth0 down
ifconfig eth0 up
# setup vlans
vconfig add eth0 101
vconfig add eth0 102
vconfig add eth0 103
vconfig add eth0 104
vconfig add eth0 105
vconfig add eth0 106
ifconfig eth0.101 10.0.101.1 netmask 255.255.255.0 up
ifconfig eth0.102 10.0.102.1 netmask 255.255.255.0 up
ifconfig eth0.103 10.0.103.1 netmask 255.255.255.0 up
ifconfig eth0.104 10.0.104.1 netmask 255.255.255.0 up
ifconfig eth0.105 10.0.105.1 netmask 255.255.255.0 up
ifconfig eth0.106 10.0.106.1 netmask 255.255.255.0 up
Restart your network interface:
sudo service networking restart
Cisco Switch Configuration
interface FastEthernet0/1
description --Trunk to Linux--
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface Vlan101
ip address 10.0.101.254 255.255.255.0
!
interface Vlan102
ip address 10.0.102.254 255.255.255.0
Verifying
We can verifying by pinging from Linux computer to the vlan SVI interfaces on the cisco switch ping 10.0.101.254 -c 5; ping 10.0.102.254 -c 5
Using tcpdump on interface eth0 we see that packets are passing with the VLAN ID tagged
sudo tcpdump -i eth0 -n -e vlan
14:27:10.001070 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 10.0.101.1 > 10.0.101.254: ICMP echo request, id 4796, seq 1, length 64
14:27:14.003204 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 102: vlan 102, p 0, ethertype IPv4, 10.0.102.1 > 10.0.102.254: ICMP echo request, id 4797, seq 1, length 64
Using tcpdump on the vlan interface eth0.101 or eth0.102 we see that packets are passing with VLAN ID untagged
sudo tcpdump -i eth0.101 -n -e
14:35:50.792633 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 98: 10.0.101.1 > 10.0.101.254: ICMP echo request, id 4834, seq 1, length 64
14:35:50.793104 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 98: 10.0.101.254 > 10.0.101.1: ICMP echo reply, id 4834, seq 1, length 64
sudo tcpdump -i eth0.102 -n -e
14:39:26.003155 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 98: 10.0.102.1 > 10.0.102.254: ICMP echo request, id 4839, seq 1, length 64
14:39:26.003589 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 98: 10.0.102.254 > 10.0.102.1: ICMP echo reply, id 4839, seq 1, length 64
Similarly sending packets from the switch SVI interface to the Linux computer we also see the packets with VLAN ID tagged on physical interface eth0.
SW#ping 10.0.101.1
SW#ping 10.0.102.1
sudo tcpdump -i eth0 -n -e vlan
14:40:30.946055 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 118: vlan 101, p 0, ethertype IPv4, 10.0.101.1 > 10.0.101.254: ICMP echo reply, id 5569, seq 5160, length 80
14:40:35.458061 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype 802.1Q (0x8100), length 118: vlan 102, p 0, ethertype IPv4, 10.0.102.1 > 10.0.102.254: ICMP echo reply, id 835, seq 4155, length 80
And packets captured on vlan interfaces on Linux computer have VLAN ID untagged
sudo tcpdump -i eth0.101 -n -e
14:49:18.062039 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 114: 10.0.101.254 > 10.0.101.1: ICMP echo request, id 2560, seq 8314, length 80
14:49:18.062077 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 114: 10.0.101.1 > 10.0.101.254: ICMP echo reply, id 2560, seq 8314, length 80
sudo tcpdump -i eth0.102 -n -e
14:49:37.390147 00:0f:8f:05:b6:00 > 00:1f:c6:75:58:8b, ethertype IPv4 (0x0800), length 114: 10.0.102.254 > 10.0.102.1: ICMP echo request, id 4021, seq 3229, length 80
14:49:37.390187 00:1f:c6:75:58:8b > 00:0f:8f:05:b6:00, ethertype IPv4 (0x0800), length 114: 10.0.102.1 > 10.0.102.254: ICMP echo reply, id 4021, seq 3229, length 80
Comments