Centos VLAN trunking – Prosinger.Net

Centos can accept and easily handle VLAN trunks just as same as doing Access mode.

Let’s suppose that you have a WAN interface in access mode (so to say, it’s a plain WAN interface for Internet access), and you need to reconfigure it to accept VLAN trunks. This is usually used to incorporate some remote locations into your LAN.

Let’s put up a scenario where you will have one VLAN trunk for the Internet connection and one more comming from a remote location that you need to incorporate into your LAN network. The ISP will give you the pvid-s of the VLANs that you have to accept. Let’s say that they are using Cisco routers and say you have to accept VLAN trunk 888 for Internet access with the same parameters that eth0 used in access mode, and VLAN 346 from the remote location. The clients on the remote location uses the same IP range as the LAN in the local, so we will need to bridge that location’s trunk with the LAN interface (eth1) in the routerbox (when you have a linux routerbox like this, you will also have one more eth for the LAN side. Let’s say it’s eth1). So the plan is:

1) reconfigure eth0 from access mode to trunk mode
2) bring up and configure the VLAN trunks
3) reconfigure eth1 to bridge in the remote VLAN comming from the trunk 346

BTW, Cisco uses VLAN-xxx for designating VLAN trunks (pvids), and linux translates it into, in our case eth0.xxx

Reconfigure eth0 from access to vlan trunk mode

Let’s do all this “manually”, without some GUI help. For a start, your networking scripts can be found in /etc/sysconfig/network-scripts. Let’s see how is eth0 configured now:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
IPADDR=191.202.121.62
NETMASK=255.255.255.252
HWADDR=00:0e:a6:8b:e4:1a
IPV6INIT=no
USERCTL=no

In this case, as in most scenrarios, it’s configured in access mode for Internet access. OK, so from now on, eth0’s job won’t be anymore to accept the Internet connection, but to accept the vlan trunks. So, it doesn’t need an IP address anymore (VLAN works on ethernet layer), and we need to tell it that it is accepting VLAN trunks now. Change this file as follows:

DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
HWADDR=00:0e:a6:8b:e4:1a
ONBOOT=yes

We set it up to work as the most ordinary Ethernet interface. Now let’s make a script that will bring up the VLAN trunk that will provide you internet access.

Setting up the VLAN trunks

The provider said that it’s VLAN 888 and that it’s IP parameters are the same as eth0 was in access mode. In this case, it’s name is not random, it has to be eth0.vlan_pvid, so:

vi /etc/sysconfig/network-scripts/ifup-eth0.888

VLAN=yes
DEVICE=eth0.888
BOOTPROTO=none
ONBOOT=yes
IPADDR=191.202.121.62
NETMASK=255.255.255.252
IPV6INIT=no
USERCTL=no

BTW, not that the IP addresses are made up and you will have to adjust them according to your case.

OK, so we told it that it will be called eth0.888 (again, you will have to adjust this according to the VLAN pvid given to you buy your ISP in your case!), given it the IP parametres (as the ISP told us that they are the same as eth0 was in WAN mode), and told the kernel that it’s a VLAN trunk.

Ok, this should be enough to reconfigure eth0 to accept VLAN trunk and to maintain Internet access. Note that if you have any entry in your firewall (iptables) with eth0 interface as WAN, you will need to correct them to eth0.888

The ISP said that the remote LAN is comming from the VLAN 346 trunk, so let’s set up that interface too:

vi /etc/sysconfig/network-scripts/ifcfg-eth0.346

VLAN=yes
DEVICE=eth0.346
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=no
USERCTL=no
BRIDGE=br1
TYPE=Ethernet

So, this will be the LAN from the remote location comming from the trunk 346. Notice that it belongs to a bridge br1 where we will also have to put eth1 now:

Reconfiguring eth1 to bridge in the remote VLAN comming from the trunk 346

Let’s take a look at eth1’s ifup script:

vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.1.1
NETMASK=255.255.255.0
HWADDR=f8:d1:11:00:1e:27
IPV6INIT=no
USERCTL=no

We can use the brctl to put it onto a bridge but let’s stick to a “manual” solution, change it to:

DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
HWADDR=f8:d1:11:00:1e:27
IPV6INIT=no
USERCTL=no
BRIDGE=br1

And finally, let’s bring up the br1:

vi /etc/sysconfig/network-scripts/ifcfg-br1

DEVICE=br1
BOOTPROTO=none
ONBOOT=yes
TYPE=Bridge
IPADDR=192.168.1.1
NETMASK=255.255.255.0
IPV6INIT=no
USERCTL=no

Again, you will have to adapt the IP parameters to your own need.

A simple network restart won’t do here because the arp table also needs to be restarted, so ro a system reboot now and voila!