[TriLUG] tagging vlans with Red Hat /CentOS

jonc jonc at nc.rr.com
Thu Feb 8 10:27:52 EST 2007


I think the key sentence top point out in the KB article is the first
one:
   When connected to a properly configured network device,
   your Red Hat Enterprise Linux 3 system can communicate
   over a network using 802.1q Virtual Local Area Network
  (VLAN) tagged frames.

Is your switch setup for VLANs and what is the setup on the switch?

Typically, we setup a VLAN in a scenario where you would like certain
traffic to travel over its own (physically) separate network. Say you
are running VoIP on your local network. Ideally you want the Voice
traffic to run without interference from the data traffic. You don't
want the Voice packets to queue up behind large data packets. That would
slow them down and they would arrive too late to be used. So to isolate
your VoIP traffic from you normal data traffic, you run the  VoIP
traffic on a different network - one that is not congested by data. 

It would be very expensive and somewhat confusing to have two sets of
network wires running to every desk. Plus there would be the added
expense of having two sets of switches and routers. Add to that the fact
that modern switches have way more capacity than most folks normally
use... if only there were a way to setup your single switch to use its
excess capacity to act like it were more than one switch... then you
could hook up multiple devices off the single switch, but the devices
would all think they were on separate networks: VLANs.

On a typical switch you setup each VLAN like you are setting up a unique
physically separate network. Each VLAN has it's own network IP address
and subnet mask. For a Cisco switch creating a VLAN is as easy as:
  vlan database
    vlan 10
  exit

You can give the VLAN its own network address (but you don't have to):
  interface Vlan10
  ip address 192.168.10.2 255.255.255.0

Note: on some Cisco switches you must "shutdown" VLAN 1 (the default
VLAN) before you can enable any other VLAN's on the switch. This doesn't
really shutdown the default VLAN - it still carries any general network
traffic.

So now your switch has multiple (logical) networks setup inside it. How
does it know which VLAN to use for what traffic?
Typically one of the VLANs (Vlan 1 for Cisco) is the default. This is
the VLAN used by any non-tagged traffic. 

If you want to move VoIP traffic across a different VLAN, then you have
to setup a VLAN for Voice. Typically we use VLAN 10 for VoIP. You setup
a VLAN 10 on the switch, and you program all the switch ports to look
for VoIP packets (traffic using ports typical of Voice traffic or tagged
as voice) and send them to VLAN 10. Now, if a VoIP packet passes into
the switch through one of the programmed switch ports, it will
automatically be placed on the internal VLAN 10 network - separate from
the default VLAN 1 network.

Now here is the tricky part... The traffic flows fine over the switch
(it probably would even without VLANs, heck it's a gigabit switch!) and
now it exits to a router. If the router treats VLAN 1 (ordinary data)
and VLAN 10 (voice data) as the same, then you have the same problem as
before - the voice packets get stuck queuing up behind the data packets.
But if your router gives VLAN 10 packets priority, while stuffing VLAN 1
packets into a buffer and making those wait, then the VoIP packets get
to where they need to be without a time-killing delay.

If your RedHat server is the router on a network doing Voice and Data,
then you will want to setup a priority queuing-buffer that processes
VLAN 10 packets; or in this case, packets that come in via interface
eth0.10

Normal data traffic would be handled by interface: eth0.1

Remember that both interfaces are on separate networks. They will each
need their own IP information. As an example:

=== ifcfg-eth0.10 ===
  DEVICE=eth0.10
  BOOTPROTO=static
  HWADDR=00:08:02:DF:89:4A
  IPADDR=192.168.10.1
  NETMASK=255.255.252.0
  NETWORK=192.168.10.0
  ONBOOT=yes
  TYPE=Ethernet
  VLAN=yes

=== ifcfg-eth0.1 ===
  DEVICE=eth0.1
  BOOTPROTO=static
  HWADDR=00:08:02:DF:89:4A
  IPADDR=192.168.1.1
  NETMASK=255.255.252.0
  NETWORK=192.168.1.0
  ONBOOT=yes
  TYPE=Ethernet
  VLAN=yes

Note: you *cannot* put a "GATEWAY=" statement in these files. There can
only be one default route. The "GATEWAY=" can go in your
/etc/sysconfig/network file.
If you want to route the networks to different places, you will have to
setup routing statements for each network......but that is different
post that I made a couple of months back.

Jon (get your Joyner on) Carnes

On Wed, 2007-02-07 at 17:24, Chris Bullock wrote:
> I am starting to play with vmware and I need to tag the port that my
> vmware box is connected to on the lan so that the vmware physical
> interface is a member of all associated vlans, but I have not gotten it to
> successfully work, so I want to narrow my search to 1 the switch, 2 the
> os, 3 the nic of the server.
> I followed this kb article on red hats web site:
> http://kbase.redhat.com/faq/FAQ_45_3681.shtm
> 
> When I tag the port on the switch, I lose all my networking to that host,
> even after restarting the network.  Here is my eth0 config:
> [cgb at apollo ~]$ sudo cat /etc/sysconfig/network-scripts/ifcfg-eth0*
> DEVICE=eth0
> ONBOOT=yes
> 
> DEVICE=eth0.4
> BOOTPROTO=static
> HWADDR=00:08:02:DF:89:4A
> IPADDR=172.24.4.243
> NETMASK=255.255.252.0
> NETWORK=172.24.4.0
> GATEWAY=172.24.4.1
> ONBOOT=yes
> TYPE=Ethernet
> VLAN=yes
> 
> Here is the outcome of ifconfig:
> [cgb at apollo ~]$ /sbin/ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:08:02:DF:89:4A
>           inet addr:172.24.4.241  Bcast:172.24.7.255  Mask:255.255.252.0
>           inet6 addr: fe80::208:2ff:fedf:894a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:7163372 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:8645697 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:819521529 (781.5 MiB)  TX bytes:3667339610 (3.4 GiB)
> 
> eth0.4    Link encap:Ethernet  HWaddr 00:08:02:DF:89:4A
>           inet addr:172.24.4.243  Bcast:172.24.7.255  Mask:255.255.252.0
>           inet6 addr: fe80::208:2ff:fedf:894a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:674 (674.0 b)
> 
> 
> My question here is where in the world is it pulling the IP address for
> eth0?
> 
> Here is some of the dmesg with eth0 in it:
> bridge-eth0: enabling the bridge
> bridge-eth0: enabled promiscuous mode
> bridge-eth0: up
> e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex
> divert: allocating divert_blk for eth0.4
> eth0.4: add 33:33:00:00:00:01 mcast address to master interface
> eth0.4: add 33:33:ff:df:89:4a mcast address to master interface
> eth0.4: add 01:00:5e:00:00:01 mcast address to master interface
> eth0: no IPv6 routers present
> eth0.4: no IPv6 routers present
> [cgb at apollo ~]$ 
> Any help would be appreciated.
> Chris
> 
> 
>  
> ____________________________________________________________________________________
> Finding fabulous fares is fun.  
> Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
> http://farechase.yahoo.com/promo-generic-14795097




More information about the TriLUG mailing list