A VLAN is a type of local area network that does not have its own dedicated physical infrastructure but instead uses another local area network to carry its traffic. The traffic is encapsulated so that a number of logically separate VLANs can be carried by the same physical LAN. With VLANs, you can create multiple distinct broadcast domains that are mutually isolated. With VLANs, network switches (not routers) create the broadcast domain.

 

Each VLAN is identified by a VID (VLAN Identifier) in the range 1 to 4094 inclusive. Switch ports are assigned to a VLAN ID, and all ports assigned to a single VLAN are in a single broadcast domain. The VID is stored in an extra 4-byte header that is added to the packet called the Tag. Adding a Tag to a packet is called tagging.

 

Configuring VLAN tagging using nmcli

 

1. You can use the nmcli connection command to create a VLAN connection. Include the “add type vlan” arguments and any additional information to create a VLAN connection. For example:

# nmcli con add type vlan con-name vlan-ens37.100 ifname ens37.100 dev ens37 id 100 ip4 192.168.100.1/24
Connection 'vlan-ens37.100' (66950580-5ee1-40f7-8ce3-b9819fdfc492) successfully added.

 

The example defines the following attributes of the VLAN connection:

 

con-name vlan-ens37.100: Specifies the name of the new VLAN connection

ifname ens37.100: Specifies the interface to bind the connection to

dev ens37: Specifies the physical (parent) device this VLAN is on

id 100: Specifies the VLAN ID

ip4 192.168.100.1/24: Specifies IPv4 address to assign to the interface

 

2. The nmcli con command shows the new VLAN connection.

# nmcli connection 
NAME                UUID                                  TYPE            DEVICE    
vlan-ens37.100      66950580-5ee1-40f7-8ce3-b9819fdfc492  vlan            ens37.100

 

3. This command creates the ifcfg-vlan-ens37.100 file. Following is the contents of this file:

# cat /etc/sysconfig/network-scripts/ifcfg-vlan-ens37.100
VLAN=yes
TYPE=Vlan
DEVICE=ens37.100
PHYSDEV=ens37
VLAN_ID=100
REORDER_HDR=yes
GVRP=no
MVRP=no
BOOTPROTO=none
IPADDR=192.168.100.1
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=vlan-ens37.100
UUID=66950580-5ee1-40f7-8ce3-b9819fdfc492
ONBOOT=yes

 

4. You can use the ip addr command to view the protocol address information for the network devices. The following shows the VLAN interface, ens37.100:

# ip add show
1: lo: [LOOPBACK,UP,LOWER_UP] mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens37.100@ens37: [BROADCAST,MULTICAST,UP,LOWER_UP] mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:0c:29:54:f7:34 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global ens37.100
       valid_lft forever preferred_lft forever
    inet6 fe80::473b:5fc1:87d:89c3/64 scope link 
       valid_lft forever preferred_lft forever

 

5. The nmcli device command shows the ens37.100 device.

# nmcli device 
DEVICE     TYPE      STATE      CONNECTION          
ens37.100  vlan      connected  vlan-ens37.100

 

6. The nmcli connection command shows the vlan-ens37.100 connection.

# nmcli connection 
NAME                UUID                                  TYPE            DEVICE    
vlan-ens37.100      66950580-5ee1-40f7-8ce3-b9819fdfc492  vlan            ens37.100

 

Viewing VLAN Information

 

Each network interface contains a directory in the /sys/class/net directory. For example:

# ls /sys/class/net
ens33  ens36  ens37  ens37.100  lo

 

In this example, a VLAN interface exists named ens37.100 and a directory of the same name exists that contains configuration information for that interface. For example:

# ls /sys/class/net/ens37.100
addr_assign_type  broadcast        dev_id    duplex             ifalias  link_mode    netdev_group  power   statistics    type
address           carrier          dev_port  flags              ifindex  lower_ens37  operstate     queues  subsystem     uevent
addr_len          carrier_changes  dormant   gro_flush_timeout  iflink   mtu          phys_port_id  speed   tx_queue_len

 

There are also files in the /proc/net/vlan directory that describe the VLAN interface. For example:

# ls /proc/net/vlan
config  ens37.100

 

You can use the tcpdump utility to see tagged and untagged packets to ensure traffic is showing up on the expected interfaces. The -e option specifies the Ethernet header that includes 802.1Q tags. Use the -i option to specify the interface. For example:

# tcpdump –e –i ens37

 

Ця відповідь Вам допомогла? 0 Користувачі, які знайшли це корисним (0 Голосів)