Introduction
VLANs make it possible to separate large networks into smaller and manageable ones. The 802.1Q is a standard which is implemented by all vendors into their network equipment. Some switches can assign multiple VLANs to a single network port. With this feature, you can assign multiple VLANs to a single server. The switch can separate the packages because every Ethernet frame is tagged with the VLAN id.
In this tutorial, we will create two VLANs. First, VLAN 3047 with example IP address 185.62.58.190 and second, VLAN 453 with example IP address 78.41.207.51.
Prerequisites
- The network switch your server is connected to must be set up for a successful procedure. Please contact Snel support for setting up the switch for your server.
- The switch should support VLAN tagging.
- You must be logged into your Snel Server running CentOS 8 as sudo or root user. Please view this article for instructions if you are having difficulties.
Step 1: Remove NetworkManager
Since we will be configuring the network by ourselves, let’s uninstall NetworkManager. In most cases, NetworkManager is already not installed in your server. Running the following command will remove the NetworkManager if it is installed.
sudo yum -y remove NetworkManager NetworkManager-libnm NetworkManager-team NetworkManager-tui NetworkManager-wifi
Step 2: Load kernel module
Check if the kernel module 8021q is loaded or not.
sudo lsmod | grep 8021q
If you do not get any output, it means that the module is not loaded. Load the kernel module.
sudo modprobe 8021q
Now, verify again if the module is loaded or not by running sudo lsmod | grep 8021q again. You should see the following output.
[snel_user@vps ~]$ sudo lsmod | grep 8021q 8021q 36864 0 garp 16384 1 8021q mrp 20480 1 8021q
To ensure that the kernel module 8021q is loaded during boot, we have to add the module into the modules configuration file.
sudo su -c 'echo "8021q" >> /etc/modules'
Step 3: Find the active network interface
Run the following command to get the active network interface.
clear && echo $(ip -o -4 route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p')
It should output the active interface on which your server is connected to the internet. In our example, let’s say we got output eth0. In this tutorial, we will now use eth0 as the primary network interface.
Step 4: Configure the network interface
Edit the network configuration of eth0.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
Replace the configuration with the following 4 lines.
BOOTPROTO="none" DEVICE="eth0" ONBOOT="yes" TYPE="Ethernet"
Create a new configuration file for your VLAN. Let’s call it VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.3047
Add the following lines.
DEVICE="eth0.3047" BOOTPROTO="none" ONBOOT="yes" IPADDR="185.62.58.190" PREFIX="24" NETWORK="185.62.58.1" VLAN="yes" DNS1="89.207.128.252" DNS2="89.207.130.252"
Note: Make sure to update the IP address according to what is assigned to your server. If you are unsure about what to put here, contact Snel support.
Create the second VLAN, let’s say 453.
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.453
Add the following lines.
DEVICE="eth0.453" BOOTPROTO="none" ONBOOT="yes" IPADDR="78.41.207.51" PREFIX="24" NETWORK="78.41.207.1" VLAN="yes" DNS1="89.207.128.252" DNS2="89.207.130.252"
Step 5: Create network rules
Create the network rule configuration file for VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/rule-eth0.3047
Add the following line.
from 185.62.58.0/24 tab 1 priority 500
Create the network rule configuration file for VLAN 453.
sudo nano /etc/sysconfig/network-scripts/rule-eth0.453
Add the following line.
from 78.41.207.0/24 tab 2 priority 501
Step 6: Create network routes
Create the route configuration file for VLAN 3047.
sudo nano /etc/sysconfig/network-scripts/route-eth0.3047
Add the following line.
default via 185.62.58.1 dev eth0.3047 table 1
Create the route configuration file for VLAN 453.
sudo nano /etc/sysconfig/network-scripts/route-eth0.453
Add the following line.
default via 78.41.207.1 dev eth0.453 table 2
Step 7: Configure sysctl
Enable packet forwarding on the server by creating the following file.
sudo nano /etc/sysctl.d/90-override.conf
Add the following line.
net.ipv4.ip_forward=1
Enable reverse path and arp filtering configuration into the same file.
net.ipv4.conf.all.arp_filter=0 net.ipv4.conf.all.rp_filter=2
Apply the changes by running the following command.
sudo sysctl -p /etc/sysctl.d/90-override.conf
Step 8: Restart the server
Restart the server by running the following command.
sudo reboot
Step 9: Check VLAN interface status
Run the following command to check the VLAN connectivity status.
cat /proc/net/vlan/config
If VLAN is not active you should see this.
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
If it’s active you should see this.
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth0.3047 | 3047 | eth0 eth0.453 | 453 | eth0
Step 10: Test IP addresses
Ping from your workstation to check if the IPs are active.
ping 185.62.58.190
and
ping 78.41.207.45
You should successfully receive the reply if the IP address are working fine.
Step 11: Test IP address on Server
Check if the packets are using the right VLAN to leave the server.
Perform a ping from eth0.3047 to check if it is using the right VLAN to communicate with the destination IP address.
ping -I eth0.3047 8.8.8.8
Output
PING 8.8.8.8 (8.8.8.8) from 185.62.58.190 eth0.3047: 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=2.03 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=2.13 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=2.21 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=2.06 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3080ms rtt min/avg/max/mdev = 2.038/2.113/2.217/0.089 ms
In the above output, we can see that the packet left from the interface with IP address 185.62.58.190.
Now, perform a ping from eth0.453.
ping -I eth0.453 8.8.8.8
Output.
PING 8.8.8.8 (8.8.8.8) from 78.41.207.45 eth0.453: 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=123 time=2.26 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=123 time=2.37 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=123 time=2.44 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=123 time=2.41 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2756ms rtt min/avg/max/mdev = 2.266/2.360/2.444/0.073 ms
In the above output, we can see that the packet left from the interface with IP address 78.41.207.45.
Conclusion
Congratulations, you have now configured a server which listens to two VLANs with two gateways. VLAN tagging is not limited to two VLANs, multiple VLANs are supported. You have to add each VLAN according to the network configuration of that VLAN.
Doesn't work. The VLAN is set up properly, but when the system reboots none of the Ethernet interfaces come back up, let alone the VLANs.
Is VLAN tagging supported on the switch where you are connected? Could you provide more information about your current setup
This is really bad – followed the instruction, and as what the other user is saying. there is no interfaces that came back online. it destroyed my VM..
What error message are you seeing on the network service?
This doesn't work for me either. VLAN tagging is supported on the switch and I have the port configured as a 802.11 trunk. This is on a Cisco layer 3 switch and the VSI is configured and up. I can ping other hosts on this VLAN from the switch but cannot ping the Linux server's IP address that's on this VLAN.
Are you able to use the Linux server with 1 VLAN (example: if-cfg-eth.3047)? I would start with 1 VLAN in trunking mode.