What
is a LAN?
Okay,
most of you already know what a LAN is but let’s give it a
definition to make sure. We have to do this because, if you don’t
know what a LAN is, you can’t understand what a VLAN is.
A
LAN is a local area network and is defined as all devices in the same
broadcast domain. If you remember, routers stop broadcasts, switches
just forward them.
What
is a VLAN?
As
I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a
broadcast domain created by switches. Normally, it is a router
creating that broadcast domain. With VLAN’s, a switch can create
the broadcast domain.
This
works by, you, the administrator, putting some switch ports in a VLAN
other than 1, the default VLAN. All ports in a single VLAN are in a
single broadcast domain.
Because
switches can talk to each other, some ports on switch A can be in
VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts
between these devices will not be seen on any other port in any other
VLAN, other than 10. However, these devices can all communicate
because they are on the same VLAN. Without additional configuration,
they would not be able to communicate with any other devices, not in
their VLAN.
Are
VLANs required?
It
is important to point out that you don’t have to configure a VLAN
until your network gets so large and has so much traffic that you
need one. Many times, people are simply using VLAN’s because the
network they are working on was already using them.
Another
important fact is that, on a Cisco switch, VLAN’s are enabled by
default and ALL devices are already in a VLAN. The VLAN that all
devices are already in is VLAN 1. So, by default, you can just use
all the ports on a switch and all devices will be able to talk to one
another.
When
do I need a VLAN?
You
need to consider using VLAN’s in any of the following situations:
- You have more than 200 devices on your LAN
- You have a lot of broadcast traffic on your LAN
- Groups of users need more security or are being slowed down by too many broadcasts?
- Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.
- Or, just to make a single switch into multiple virtual switches.
Why
not just subnet my network?
A
common question is why not just subnet the network instead of using
VLAN’s? Each VLAN should be in its own subnet. The benefit that a
VLAN provides over a subnetted network is that devices in different
physical locations, not going back to the same router, can be on the
same network. The limitation of subnetting a network with a router is
that all devices on that subnet must be connected to the same switch
and that switch must be connected to a port on the router.
============================================
Linux
VLAN configuration
1.
Connect the eth0 interface of your linux machine to the switch.
2. Remove the IP Address information on the eth0 interface
# ifconfig eth0 0.0.0.0
# ifconfig eth0 up
3. Configure 2 VLANs on the eth0 interface using vconfig as follows (100,200 are the VLAN id's). If the 8021q.o module is not loaded, the vconfig command (when invoked first time) will automatically load the module.
# vconfig add eth0 100
# vconfig add eth0 200
4. Configure IP on the VLAN interfaces
# ifconfig eth0.100 xxx.xxx.xxx.xxx netmask 255.255.252.0 up
# ifconfig eth0.200 yyy.yyy.yyy.yyy netmask 255.255.255.0 up
5. Preserve the vlan configuration across reboots by adding it to configuration files. Create the appropriate ifcfg files for eth0, eth0.100 and eth0.200 in /etc/sysconfig/network-scripts/
# cd /etc/sysconfig/network-scripts/
Contents of ifcfg-eth0 DEVICE=eth0
ONBOOT=no
TYPE=Ethernet
Contents of ifcfg-eth0.100 DEVICE=eth0.100
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.252.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Contents of ifcfg-eth0.200 DEVICE=eth0.200
IPADDR=yyy.yyy.yyy.yyy
NETMASK=255.255.0.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Update /etc/sysconfig/network file to make the GATEWAYDEV use the public vlan interface.
Contents of /etc/sysconfig/network NETWORKING=yes
HOSTNAME=un1xf00
GATEWAY=xxx.xxx.xxx.1
DOMAINNAME=dev.un1xf00.com
GATEWAYDEV=eth0.100
6. The VLAN configuration on the server can be verified in the file /proc/net/vlan/config. Sample contents are shown below.
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.100 | 100 | eth0
eth0.200 | 200 | eth0
2. Remove the IP Address information on the eth0 interface
# ifconfig eth0 0.0.0.0
# ifconfig eth0 up
3. Configure 2 VLANs on the eth0 interface using vconfig as follows (100,200 are the VLAN id's). If the 8021q.o module is not loaded, the vconfig command (when invoked first time) will automatically load the module.
# vconfig add eth0 100
# vconfig add eth0 200
4. Configure IP on the VLAN interfaces
# ifconfig eth0.100 xxx.xxx.xxx.xxx netmask 255.255.252.0 up
# ifconfig eth0.200 yyy.yyy.yyy.yyy netmask 255.255.255.0 up
5. Preserve the vlan configuration across reboots by adding it to configuration files. Create the appropriate ifcfg files for eth0, eth0.100 and eth0.200 in /etc/sysconfig/network-scripts/
# cd /etc/sysconfig/network-scripts/
Contents of ifcfg-eth0 DEVICE=eth0
ONBOOT=no
TYPE=Ethernet
Contents of ifcfg-eth0.100 DEVICE=eth0.100
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.252.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Contents of ifcfg-eth0.200 DEVICE=eth0.200
IPADDR=yyy.yyy.yyy.yyy
NETMASK=255.255.0.0
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
Update /etc/sysconfig/network file to make the GATEWAYDEV use the public vlan interface.
Contents of /etc/sysconfig/network NETWORKING=yes
HOSTNAME=un1xf00
GATEWAY=xxx.xxx.xxx.1
DOMAINNAME=dev.un1xf00.com
GATEWAYDEV=eth0.100
6. The VLAN configuration on the server can be verified in the file /proc/net/vlan/config. Sample contents are shown below.
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.100 | 100 | eth0
eth0.200 | 200 | eth0
No comments:
Post a Comment