VLAN Configuration in SLES 10
Novell Cool Solutions: Feature
By Tim Wood
Digg This -
Posted: 30 May 2007
I have to admit that I am still gathering steam when it comes to configuring Linux, coming mostly from a NetWare/Windows administration background. While I have administered UNIX systems in the past, it has only ever been at a pretty high level. I have been working my way through Linux over the past two or three years, as time allows, first with RedHat, then with SLES 9 and OES, and more recently with SLES 10.
All that to say that this may all be obvious to someone with more experience than I. However, as I have searched for information regarding setting up VLAN support in SLES, the information just is not present. And, unfortunately, the information I can find for Linux is general does not seem to work; it may seem to work, but the configuration does not persist through a reboot of the system. Of course it would be great if you could do all this in YAST, but if there is a way to do so I have not found it yet.
I do want to give credit to two references for helping me sort this out. First is a nixCraft article "Howto: Configure Linux Virtual Local Area Network (VLAN)" which helped point me in the right direction. Actually, this article seemed to be the answer at first; I had VLANs configured and working, right up to the point where I restarted the server. With a little more work I might have been able to come up with a solution that worked, so I will definitely credit the author; the article can be found here: http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html
Secondly, I would like to credit another article that I found sometime ago, which did work correctly for me, and from which I was able to successfully configure VLAN support on a server. Unfortunately, I have been unable to find the article again, so I cannot give credit where credit is due.
At any rate, the process is actually very simple; it just does not seem to be documented anywhere. This process worked for me; there are probably other ways to accomplish the same thing. I have only tested this on SLES 10; it may or may not work with SLES 9 and OES (although I expect it would). In my case, I was setting up a virtualization host for VMware Server running on SLES 10 for testing purposes, and needed to access several test vlans in order to replicate our production environment, in which we use multiple vlans to segregate networks for WAN traffic control and security. I will refer to the vlans as follows:
|vlan 600||Management vlan; access to this vlan is restricted, but devices on this VLAN have full access to production networks and the Internet|
|vlan 120||A test network for servers in one of two organizations we service; devices on this network have no access to production networks|
|vlan 125||Another test network for servers, for the other organization, with the same limitations|
The VMware host has a single network interface, which is configured a device eth0 on SLES, and removed the network configuration so there would be no untagged frames. I had also configured the switch port it attached to for vlan trunking (see the nixCraft article for information on how to do this).
All the configuration is performed in the /etc/sysconfig/network directory. You will need to be logged in as root in order to perform the configuration.
Using an editor, create an ifcfg-vlanxxx file for each of the vlans you want to configure, where xxx is the vlan ID. By way of example, I will configure the management interface:
# vi ifcfg-vlan600
The following screen shot shows the required fields:
The key items seem to include:
|ETHERDEVICE='eth0'||eth0 is the name of the physical network interface; this may change if you have multiple interfaces|
|IPADDR=||The IP address for the vlan interface|
|NETMASK=||The subnet mask for the vlan interface; in our case, we are using a private Class B network, segmented into various subnets.|
|NETWORK=||The IP network; this may not be necessary|
|BROADCAST=||The broadcast address for this network; this may also not be necessary|
|STARTMODE='onboot'||Tells the system to automatically start the interface on boot up|
|VLAN='YES'||Indicates that this is a VLAN interface|
Save your file and quit your editor, and you are essentially done. Create additional ifcfg-vlanxxx files for the additional interfaces. These should all activate when you reboot the system, but you can bring them up immediately using one of two methods:
- Bring up each interface individually using ifup; i.e.:
# ifup vlan600
- Restart your network configuration to recognize all changes; i.e.:
# rcnetwork restart
# /etc/init.d/network restart
After this, you should have all your vlan interfaces up and active. For VMware, you will probably want to run vmware-config.pl to reconfigure your networking configuration to create bridged or NAT networks to your vlan interfaces.
Note that, in my configuration, I have not configured gateways in any of the individual ifcfg-xxx files; instead, I have a single default route set in /etc/sysconfig/network/routes. In my case, the default route is on the management network, as this is the only interface that has access to the rest of the network. No routing is performed in my scenario; our core routers handle all the routing. Individual virtual machines are configured with appropriate gateways settings for whichever vlan they connect to.
Hope this helps you. All comments and corrections are welcome.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com