Introduction
VLANs make it possible to separate large networks into smaller and manageable ones. The 802.1Q is a standard which is implemented by all vendors into their network equipment. Some switches have the ability to assign multiple VLANs to a single network port. With this feature, you can assign multiple VLANs to a single server. The switch can separate the packages because every Ethernet frame is tagged with the VLAN id.
Prerequisites
- The network switch your server is connected to must be set up for a successful procedure
- The switch should support VLAN tagging
Step 1 – Log in using SSH
You must be logged in via SSH as sudo or root user. Please view this article for instructions if you don’t know how to connect.
Step 2 – Disable NetworkManager
Within a server environment, we prefer to disable NetworkManager. These instructions won’t work if NetworkManager is enabled!
Check the status of NetworkManager.
sudo systemctl status NetworkManager
If NetworkManager is not running and you see this message Active: inactive (dead) you can proceed with step 3.
NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:NetworkManager(8)
If NetworkManager is active we have to disable it.
NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Fri, 08 Mar 2013 12:50:04 +0100; 3 days ago
Disable NetworkManager.
sudo systemctl stop NetworkManager sudo systemctl disable NetworkManager
Once the NetworkManager is disabled remove it.
sudo yum -y remove NetworkManager NetworkManager-libnm NetworkManager-team NetworkManager-tui NetworkManager-wifi
Step 3: Load kernel module
Check if kernel module 8021q is loaded.
sudo lsmod | grep 8021q
If it’s loaded you see an outcome similar to this
8021q 33208 0 garp 14384 1 8021q mrp 18542 1 8021q
If you do not get any output, it means that the module is not loaded. Load the kernel module.
sudo modprobe 8021q
To ensure that the kernel module 8021q is loaded during boot, we have to add the module into the modules configuration file.
sudo su -c 'echo "8021q" >> /etc/modules-load.d/modules.conf'
Step 4 – Find the active network interface
clear && echo $(ip -o -4 route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p')
Step 5 – Configure the network interface
In our example our network interface is eth0. Our article will use eth0 but you have to use the network interface name from step 4.
Edit the network configuration of eth0.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
Replace the configuration with the following 4 lines.
BOOTPROTO="none" DEVICE="eth0" ONBOOT="yes" TYPE="Ethernet"
Create a new configuration file for your VLAN. In our case, it’s VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.3047
Add the following lines.
DEVICE=eth0.3047 BOOTPROTO=none ONBOOT=yes IPADDR=78.41.207.45 PREFIX=24 NETWORK=78.41.207.0 VLAN=yes
Create the second VLAN 453.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.453
Add the following lines.
DEVICE=eth0.453 BOOTPROTO=none ONBOOT=yes IPADDR=89.207.131.20 PREFIX=24 NETWORK=89.207.131.0 VLAN=yes
Step 6 – Create network rules
Create the network rule configuration file for VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/rule-eth0.3047
Add the following line.
from 78.41.207.0/24 tab 1 priority 500
Create the network rule configuration file for VLAN 453.
sudo nano /etc/sysconfig/network-scripts/rule-eth0.453
Add the following line.
from 89.207.131.0/24 tab 2 priority 501
Step 7 – Create network routes
Create the route configuration file for VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/route-eth0.3047
Add the following line.
default via 78.41.207.1 dev eth0.3047 table 1
Create the route configuration file for VLAN 453.
sudo nano /etc/sysconfig/network-scripts/route-eth0.453
Add the following line.
default via 89.207.131.1 dev eth0.453 table 2
Step 8 – Configure sysctl
Enable packet forwarding on the server by creating the following file.
sudo nano /etc/sysctl.d/90-override.conf
Add the following line.
net.ipv4.ip_forward=1
Enable reverse path and arp filtering.
net.ipv4.conf.all.arp_filter=0 net.ipv4.conf.all.rp_filter=2
Apply the changes.
sudo sysctl -p /etc/sysctl.d/90-override.conf
Step 9 – Restart the server
sudo reboot
Step 10 – Check VLAN interface status
Run the following command.
cat /proc/net/vlan/config
If VLAN is not active you should see this.
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
If it’s active you should see this.
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth0.3047 | 3047 | eth0 eth0.453 | 453 | eth0
Step 11 – Test IP addresses
Ping from your workstation to check if the IPs are active.
ping 78.41.207.45
ping 89.207.131.20
Step 12 – Test IP address on Server
Check if the packets are using the right VLAN to leave the server.
Perform a ping from eth0.3047 to check if it is using the right VLAN to communicate with the destination IP address.
ping -I eth0.3047 8.8.8.8
Output
PING 8.8.8.8 (8.8.8.8) from 78.41.207.45 eth0.3047: 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=2.03 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=2.13 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=2.21 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=2.06 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3080ms rtt min/avg/max/mdev = 2.038/2.113/2.217/0.089 ms
Perform a ping from eth0.453.
ping -I eth0.453 8.8.8.8
Output
PING 8.8.8.8 (8.8.8.8) from 89.207.131.20 eth0.453: 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=123 time=2.26 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=123 time=2.37 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=123 time=2.44 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2756ms rtt min/avg/max/mdev = 2.266/2.360/2.444/0.073 ms
Conclusion
Congratulations, you have now configured a server which listens to two VLANs with two gateways. VLAN tagging is not limited to two VLANs, multiple VLANs are supported. You have to add each VLAN according to the network configuration of that VLAN.