How to configure 802.1Q VLAN Tagging on Centos 7

por | 28 enero, 2022

Introduction

VLANs make it possible to separate large networks into smaller and manageable ones. The 802.1Q is a standard which is implemented by all vendors into their network equipment. Some switches have the ability to assign multiple VLANs to a single network port. With this feature, you can assign multiple VLANs to a single server. The switch can separate the packages because every Ethernet frame is tagged with the VLAN id.

Prerequisites

  • The network switch your server is connected to must be set up for a successful procedure
  • The switch should support VLAN tagging

Step 1 – Log in using SSH

You must be logged in via SSH as sudo or root user. Please view this article for instructions if you don’t know how to connect.

Step 2 – Disable NetworkManager

Within a server environment, we prefer to disable NetworkManager. These instructions won’t work if NetworkManager is enabled!

Check the status of NetworkManager.

sudo systemctl status NetworkManager

If NetworkManager is not running and you see this message Active: inactive (dead) you can proceed with step 3.

NetworkManager.service - Network Manager
  Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
  Active: inactive (dead)
    Docs: man:NetworkManager(8)

If NetworkManager is active we have to disable it.

NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled)
   Active: active (running) since Fri, 08 Mar 2013 12:50:04 +0100; 3 days ago

Disable NetworkManager.

sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager

Once the NetworkManager is disabled remove it.

sudo yum -y remove NetworkManager NetworkManager-libnm NetworkManager-team NetworkManager-tui NetworkManager-wifi

Step 3: Load kernel module

Check if kernel module 8021q is loaded.

sudo lsmod | grep 8021q

If it’s loaded you see an outcome similar to this

8021q                  33208  0
garp                   14384  1 8021q
mrp                    18542  1 8021q

If you do not get any output, it means that the module is not loaded. Load the kernel module.

sudo modprobe 8021q

To ensure that the kernel module 8021q  is loaded during boot, we have to add the module into the modules configuration file.

sudo su -c 'echo "8021q" >> /etc/modules-load.d/modules.conf'

Step 4 – Find the active network interface

clear && echo $(ip -o -4 route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p')

Step 5 – Configure the network interface

In our example our network interface is eth0. Our article will use eth0 but you have to use the network interface name from step 4.

Edit the network configuration of eth0.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

Replace the configuration with the following 4 lines.

BOOTPROTO="none"
DEVICE="eth0"
ONBOOT="yes"
TYPE="Ethernet"

Create a new configuration file for your VLAN. In our case, it’s VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.3047

Add the following lines.

DEVICE=eth0.3047
BOOTPROTO=none
ONBOOT=yes
IPADDR=78.41.207.45
PREFIX=24
NETWORK=78.41.207.0
VLAN=yes

Create the second VLAN 453.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.453

Add the following lines.

DEVICE=eth0.453
BOOTPROTO=none
ONBOOT=yes
IPADDR=89.207.131.20
PREFIX=24
NETWORK=89.207.131.0
VLAN=yes

Step 6 – Create network rules

Create the network rule configuration file for VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/rule-eth0.3047

Add the following line.

from 78.41.207.0/24 tab 1 priority 500

Create the network rule configuration file for VLAN 453.

sudo nano /etc/sysconfig/network-scripts/rule-eth0.453

Add the following line.

from 89.207.131.0/24 tab 2 priority 501

Step 7 – Create network routes

Create the route configuration file for VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/route-eth0.3047

Add the following line.

default via 78.41.207.1 dev eth0.3047 table 1

Create the route configuration file for VLAN 453.

sudo nano /etc/sysconfig/network-scripts/route-eth0.453

Add the following line.

default via 89.207.131.1 dev eth0.453 table 2

Step 8 – Configure sysctl

Enable packet forwarding on the server by creating the following file.

sudo nano /etc/sysctl.d/90-override.conf

Add the following line.

net.ipv4.ip_forward=1

Enable reverse path and arp filtering.

net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.rp_filter=2

Apply the changes.

sudo sysctl -p /etc/sysctl.d/90-override.conf

Step 9 – Restart the server

sudo reboot

Step 10 – Check VLAN interface status

Run the following command.

cat /proc/net/vlan/config

If VLAN is not active you should see this.

VLAN Dev name     | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

If it’s active you should see this.

VLAN Dev name     | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.3047  	| 3047  | eth0
eth0.453   	| 453  | eth0

Step 11 – Test IP addresses

Ping from your workstation to check if the IPs are active.

ping 78.41.207.45
ping 89.207.131.20

Step 12 – Test IP address on Server

Check if the packets are using the right VLAN to leave the server.

Perform a ping from eth0.3047 to check if it is using the right VLAN to communicate with the destination IP address.

ping -I eth0.3047 8.8.8.8

Output

PING 8.8.8.8 (8.8.8.8) from 78.41.207.45 eth0.3047: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=2.03 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=2.13 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=2.21 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=2.06 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3080ms
rtt min/avg/max/mdev = 2.038/2.113/2.217/0.089 ms

Perform a ping from eth0.453.

ping -I eth0.453 8.8.8.8

Output

PING 8.8.8.8 (8.8.8.8) from 89.207.131.20 eth0.453: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=123 time=2.26 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=123 time=2.37 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=123 time=2.44 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2756ms
rtt min/avg/max/mdev = 2.266/2.360/2.444/0.073 ms

Conclusion

Congratulations, you have now configured a server which listens to two VLANs with two gateways. VLAN tagging is not limited to two VLANs, multiple VLANs are supported. You have to add each VLAN according to the network configuration of that VLAN.