VLAN on Linux CLI

  1. Turn off all "Network Manager" type processes and applications
    1. Comment out /etc/network/interfaces entries even
  2. Do all commands as the root user
  3. Monitoring changes
    1. In one terminal, run this command and watch it as you execute the commands below to see what is changing
      1. sudo watch -d 'ip addr;echo =====;ip link;echo =====;ip route'
  4. Add VLAN
    1. ip link add link eth0 name eth0.20 type vlan id 20
    2. ip link set dev eth0 up
    3. ip link set dev eth0.20 up
    4. ip addr add dev eth0.20
    5. ip route add default via
    6. For any other VLANs, change the "20" in the commands above to the desired VLAN, e.g.
      1. ip link add link eth0 name eth0.100 type vlan id 100
  5. Delete VLAN
    1. ip link delete eth0.20
  6. Abstract commands
    1. Create
      1. ip addr add IP/NETMASK dev INTERFACE.VID
      2. ip link set dev INTERFACE.VID up
      3. ip addr add dev eth0.100
      4. ip link set dev eth0.100 up
    2. Destroy
      1. ip link set dev INTERFACE.VID down
      2. ip link set dev eth0.100 down
      3. ip link delete INTERFACE.VID
      4. ip link delete eth0.100
  7. Notes
    1. Network addr does not have to match the VLAN name
    2. VLAN name is arbitrary, you can call it "joe" if you'd like
    3. http://www.linuxjournal.com/article/7268
      1. "Trunks using the 802.1q protocol work by adding a 4-byte VLAN identifier to each frame"
      2. "When a switch receives a tagged unicast frame, it looks up the outgoing port using both the destination MAC address and the VLAN identifier"
      3. "When a broadcast frame is received, it is flooded out to all active ports participating in that VLAN"


Popular posts from this blog

Debugging pfsense firewall rules clearly and easily

Direct ssh to a server via proxy using putty/plink on Windows

telnet vs netcat