1

I'm trying to understand how VLAN works and how to configure VLAN in a switch and Linux box attached to it.

Basically, I understood theoretically how a switch handles VLANs and trunking. Although, I'm confused in several aspects.

To make illustration easier, suppose I have following scenario:

  1. A router R with DHCP server running on eth0, with IP 1.1.1.1
  2. A switch S with ports A through D, 4 in total
  3. S:A is connected to R:eth0
  4. Three Users are connected to S:B-D, namely U1, U2, U3
  5. U1 belongs to VLAN1, IP: 2.2.2.2/24
  6. U2 belongs to VLAN2, IP: 3.3.3.3/24
  7. U3 belongs to both VLAN1 & 2, IP: 2.2.2.3/24 & 3.3.3.4/24
  8. Suppose router and all users are Debian-like system

The questions are:

  1. How do I configure the router that both VLANs can have access to it and can route packets to each other?
  2. How do I configure three Users? Especially for User3 since it belongs to both VLAN. (Should I simply assign multiple IP address to the same physical interface?)
  3. If all IPs are not static and should be assigned via DHCP, and I want VLAN1 be ranging from 2.2.2.2-10, and VLAN2 be 3.3.3.3-11, how should I configure the DHCP server running in the router?
  4. What's the difference among VLAN, virtual interface and multiple IP addr on single if?

I'd appreciate your answers or pointers to other materials.

Thanks in advance!

Improve this question

3 Answers 3

Reset to default
1

1. How do I configure the router that both VLANs can have access to it and can route packets to each other?

That depends on your particular router. The term that is generally used to describe this is "router on a stick". Without knowing the specific make/model of your router we can't tell you how to configure it.

2. How do I configure three Users? Especially for User3 since it belongs to both VLAN. (Should I simply assign multiple IP address to the same physical interface?)

You don't configure users for a VLAN. You configure the switch ports to be members of a particular VLAN. The switch doesn't know which user is which. It only knows which ports are members of which VLAN's. A switch port cannot be a member of more than one VLAN. A switch port may be a trunk port and may carry traffic for more than one VLAN, but it may not be a member of more than one VLAN. So for User3, you would configure the port that User3's computer is connected to as a trunk port in order to carry traffic for VLAN1 and VLAN2. User3's computer NIC would have to support VLAN tagging in order for this to work.

3. If all IPs are not static and should be assigned via DHCP, and I want VLAN1 be ranging from 2.2.2.2-10, and VLAN2 be 3.3.3.3-11, how should I configure the DHCP server running in the router?

You would create a DHCP scope for each VLAN's ip range. You would then normally need to configure a DHCP relay agent (DHCP helper or ip-helper) on your router, but shouldn't need to with a "router on a stick".

4. What's the difference among VLAN, virtual interface and multiple IP addr on single if?

Asking what the difference is is asking for a comparison between all three, but they're completely different things that perform different functions so you wouldn't compare them. What you want is a definition of each one and a use case example for each one. Google is a great place to start your research.

Improve this answer
0

A VLAN, as the name implies, is a Virtual network. It is identical in every respect to a separate physical network, except it is overlaid on top of another physical network.

VLANs have their own network interfaces, and they can be treated exactly the same as separate physical interfaces.

Configuring VLAN interfaces in Linux is quite simple. There's a good step-by-step guide on cyberciti.

In summary: create an alias interface (e.g., eth0.1) and "tag" it with the ID for your VLAN, and assign it the IP address for your VLAN. Do this for each VLAN the computer wants to talk to.

Once you have the VLAN interfaces configured, and things like the DHCP server listening on them and configured properly, it is then "just" a matter of setting up the routing.

As long as you have IP forwarding turned on, and your VLAN concentrator is your default router (both of which are probably true), then it should just work with no changes.

If you want to then move on and do more advanced routing, I can recommend quagga as a routing engine. It supports all the major routing protocols and is almost identical to working with Cisco routers, so skills would be largely transferable.

Improve this answer
0

so you basically have the following physical setup:

R -------(Port A)(VLANx)|  
                        |
U1 ------(Port B)(VLAN1)|
                        |-S
U2 ------(Port C)(VLAN2)|
                        |
U3 ----(Port D)(VLAN1&2)|

First of all, VLANs are Virtual Layer 2 networks (See them as separate Ethernet network) and you can interconnect them by various means, but it's still only Layer 2 (Ethernet)

It is a single Ethernet broadcast domain. What is originated in one VLAN stays in it (ARP, DHCP requests, etc) It is more easy to use/troubleshoot than multiple IP networks on the same LAN/VLAN, because IP traffic from one VLAN isn't found on the other

If you want various Layer 3 Networks (IP) to be able to talk to each other, it needs to be routed. This can be done by Routers and/or Layer 3 Switches (switches capable of routing) If your switch ISN'T a L3 switch, then you MUST route with the Router, using multiple interfaces (one per VLAN)

Second. If you want more than one VLAN on a single router/switch/server port, you must use Tagging (AKA 802.1Q), which will add a header to ethernet frames to identify which VLAN they are (and a few other things, like CoS Priority, etc).

Lastly, as per your setup, your router isn't part of a VLAN, which means that by default it should be VLAN 1 on the switch. this means you are having 1.1.1.0/24 & 2.2.2.0/24 on the same VLAN. Not necessarily bad but still not optimal

I'll assume that you do not have an L3 capable switch

R -(802.1Q)-------(Port A)(802.1Q)|  
                                  |
U1 ---------------(Port B)(VLAN20)|
                                  |-S
U2 ---------------(Port C)(VLAN30)|
                                  |
U3 -(802.1Q)------(Port D)(802.1Q)|

I've used VLAN 10/20/30/40... Always a good practice NOT to use VLAN 1 as it's normally the Default (unconfigured) VLAN in a switch.

With R having 802.1Q configured with one IP interface on each VLAN * VLAN 10 1.1.1.0/24 * VLAN 20 2.2.2.0/24 * VLAN 30 3.3.3.0/24 * VLAN 40 4.4.4.0/24, etc...

It also have DHCP server configured with multiple pools for any interfaces required (search google for "debian dhcp multiple subnets" for example, as it's not a one liner explanation

Switch ports A & D are configured with 802.1Q Tagging, Port A permitting all VLANS and port D permitting at least VLAN 30 & 40

U3 having 802.1Q Tagging configured

If you have an L3 capable switch, then you can the following:

R ----------------(Port A)(VLAN10)|  
                                  |
U1 ---------------(Port B)(VLAN20)|
                                  |-S
U2 ---------------(Port C)(VLAN30)|
                                  |
U3 -(802.1Q)------(Port D)(802.1Q)|

With R, U1 & U2 being configured normally, U3 (and the switch port facing it) having 802.1Q tagging configured, and the other interfaces (2.2.2.0/24, 3.3.3.0/24 & 4.4.4.0/24) on the switch.

Note that no other VLAN except VLAN10 would have DHCP enabled (DHCP requests do not cross routing boundaries, unless DHCP forwarding is configured on the routing device, and the server is configured to serve multiple subnets).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .