What is vlan?
VLANs allow you to create multiple separated networks with only a single switch.
In order to make a linux host capable of being present on multiple vlans (so that it can forward traffic to it) on a single interface, you will need the vlan support. All packets come in over a single interface, but they are delivered to “vlan-sub interfaces” where they can be firewalled, routed, or anything else.
In a vlan-capable network there are 2 types of connections : “access” connections and “trunk” connections.
- An access connection looks like a normal connection to an ethernet switch, only that switch will only forward your packets within the same vlan, so they will not be able to reach ports that are in a different vlan.
- “Trunk” ports can communicate with multiple vlans, but you need to send special packets that contain both the packet and an indication in what vlan they are to be forwarded. On these links you use the linux vlan support to create virtual interfaces that are in different vlans.
Let’s add three vlan interfaces based on eth0 and having the id 21, 31 and 41:
#vconfig add eth0 21 #vconfig add eth0 31 #vconfig add eth0 41
To see the new interfaces that was created:
#ifconfig eth0.21 #ifconfig eth0.31 #ifconfig eth0.41
To delete the vlan interfaces:
#vconfig rem eth0.21 #vconfig rem eth0.31 #vconfig rem eth0.41
An example to make the configuration persistent for eth0.21
# VLAN configuration for eth0 with ID - 21 #