medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
391673497fc772ec15ffdb02c66d53ed3ec8e0f3
the_information_nexus/tech_docs/linux/vlans.md
Whisker Jones aeba9bdb34 structure updates
2024-05-01 12:28:44 -06:00

3.8 KiB
Raw Blame History

Handling VLANs in Linux is primarily done through the kernel's support for 802.1Q, the networking standard used for VLAN tagging. VLANs allow network traffic to be segmented into separate sub-networks while still being transmitted through the same physical network interface. This segmentation can improve security, manageability, and performance of networks.

Setting Up VLANs in Linux

  1. Installing Necessary Tools: To configure VLANs in Linux, you will need the vlan package, which includes the necessary utilities.

    sudo apt-get install vlan

    After installation, make sure that the 8021q module is loaded into the kernel:

    sudo modprobe 8021q

  2. Creating VLAN Interfaces: You can create VLAN interfaces using vconfig or the more modern ip command from the iproute2 package.

    Using ip command:

    sudo ip link add link eth0 name eth0.10 type vlan id 10

    This command creates a VLAN with ID 10 on the eth0 interface, resulting in a new interface eth0.10.

  3. Configuring IP Addresses: Assign an IP address to the VLAN interface as you would with any other interface.

    sudo ip addr add 192.168.10.1/24 dev eth0.10
sudo ip link set eth0.10 up

  4. Routing and Further Configuration: You can configure routing and firewall rules specific to this VLAN. For instance, setting up iptables to handle traffic flowing through eth0.10 differently from other traffic.

Switching Traffic Between VLANs

To "switch" traffic between VLANs on a Linux system, you essentially need to route traffic between these VLAN interfaces. This involves a few key steps:

  1. Enable IP Forwarding: To allow the Linux kernel to forward packets between interfaces (including VLAN interfaces), enable IP forwarding.

    echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

  2. Configure Routing (if necessary): If the VLANs need to communicate with each other, ensure that there are appropriate routing rules in place. This is typically handled automatically by the kernel if the VLAN interfaces are up and configured with IP addresses. However, you may need to add specific routes if there are complex network configurations or subnets involved.

  3. Firewall Rules: Using tools like iptables or nftables, manage the flow of traffic between VLANs. You can define rules that allow or block traffic based on VLAN ID, source IP, destination IP, and other parameters.

    Example iptables rule to allow all traffic between VLAN 10 and VLAN 20:

    sudo iptables -A FORWARD -i eth0.10 -o eth0.20 -j ACCEPT
sudo iptables -A FORWARD -i eth0.20 -o eth0.10 -j ACCEPT

  4. Use of Bridge or Advanced Routing: For more complex scenarios where packets need to be passed between different VLANs without routing, you can use a Linux bridge. This setup can mimic traditional hardware-based VLAN configurations where VLANs are used to segment a larger network without configuring IP routing between them.

    sudo ip link add name br0 type bridge
sudo ip link set eth0.10 master br0
sudo ip link set eth0.20 master br0
sudo ip link set br0 up

    This configuration effectively creates a bridge br0 that connects VLAN 10 and VLAN 20, allowing direct communication between devices on these two VLANs.

Conclusion

Linux handles VLANs quite efficiently, allowing for complex network configurations that are typically handled by dedicated networking hardware. Whether you are routing between VLANs or simply segregating network traffic, Linux provides the tools and capabilities to manage this effectively. As you move forward, consider integrating these configurations into network management scripts or using network management tools like Ansible for automation and consistency.