Centos can accept and easily handle VLAN trunks just as same as doing Access mode.
Let’s suppose that you have a WAN interface in access mode (so to say, it’s a plain WAN interface for Internet access), and you need to reconfigure it to accept VLAN trunks. This is usually used to incorporate some remote locations into your LAN.
Let’s put up a scenario where you will have one VLAN trunk for the Internet connection and one more comming from a remote location that you need to incorporate into your LAN network. The ISP will give you the pvid-s of the VLANs that you have to accept. Let’s say that they are using Cisco routers and say you have to accept VLAN trunk 888 for Internet access with the same parameters that eth0 used in access mode, and VLAN 346 from the remote location. The clients on the remote location uses the same IP range as the LAN in the local, so we will need to bridge that location’s trunk with the LAN interface (eth1) in the routerbox (when you have a linux routerbox like this, you will also have one more eth for the LAN side. Let’s say it’s eth1). So the plan is:
1) reconfigure eth0 from access mode to trunk mode
2) bring up and configure the VLAN trunks
3) reconfigure eth1 to bridge in the remote VLAN comming from the trunk 346
BTW, Cisco uses VLAN-xxx for designating VLAN trunks (pvids), and linux translates it into, in our case eth0.xxx
Reconfigure eth0 from access to vlan trunk mode
Let’s do all this “manually”, without some GUI help. For a start, your networking scripts can be found in /etc/sysconfig/network-scripts. Let’s see how is eth0 configured now:
DEVICE=eth0 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet IPADDR=184.108.40.206 NETMASK=255.255.255.252 HWADDR=00:0e:a6:8b:e4:1a IPV6INIT=no USERCTL=no
In this case, as in most scenrarios, it’s configured in access mode for Internet access. OK, so from now on, eth0’s job won’t be anymore to accept the Internet connection, but to accept the vlan trunks. So, it doesn’t need an IP address anymore (VLAN works on ethernet layer), and we need to tell it that it is accepting VLAN trunks now. Change this file as follows:
DEVICE=eth0 TYPE=Ethernet BOOTPROTO=none HWADDR=00:0e:a6:8b:e4:1a ONBOOT=yes
We set it up to work as the most ordinary Ethernet interface. Now let’s make a script that will bring up the VLAN trunk that will provide you internet access.
Setting up the VLAN trunks
The provider said that it’s VLAN 888 and that it’s IP parameters are the same as eth0 was in access mode. In this case, it’s name is not random, it has to be eth0.vlan_pvid, so:
VLAN=yes DEVICE=eth0.888 BOOTPROTO=none ONBOOT=yes IPADDR=220.127.116.11 NETMASK=255.255.255.252 IPV6INIT=no USERCTL=no
BTW, not that the IP addresses are made up and you will have to adjust them according to your case.
OK, so we told it that it will be called eth0.888 (again, you will have to adjust this according to the VLAN pvid given to you buy your ISP in your case!), given it the IP parametres (as the ISP told us that they are the same as eth0 was in WAN mode), and told the kernel that it’s a VLAN trunk.
Ok, this should be enough to reconfigure eth0 to accept VLAN trunk and to maintain Internet access. Note that if you have any entry in your firewall (iptables) with eth0 interface as WAN, you will need to correct them to eth0.888
The ISP said that the remote LAN is comming from the VLAN 346 trunk, so let’s set up that interface too:
VLAN=yes DEVICE=eth0.346 BOOTPROTO=none ONBOOT=yes IPV6INIT=no USERCTL=no BRIDGE=br1 TYPE=Ethernet
So, this will be the LAN from the remote location comming from the trunk 346. Notice that it belongs to a bridge br1 where we will also have to put eth1 now:
Reconfiguring eth1 to bridge in the remote VLAN comming from the trunk 346
Let’s take a look at eth1’s ifup script:
DEVICE=eth1 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet IPADDR=192.168.1.1 NETMASK=255.255.255.0 HWADDR=f8:d1:11:00:1e:27 IPV6INIT=no USERCTL=no
We can use the brctl to put it onto a bridge but let’s stick to a “manual” solution, change it to:
DEVICE=eth1 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet HWADDR=f8:d1:11:00:1e:27 IPV6INIT=no USERCTL=no BRIDGE=br1
And finally, let’s bring up the br1:
DEVICE=br1 BOOTPROTO=none ONBOOT=yes TYPE=Bridge IPADDR=192.168.1.1 NETMASK=255.255.255.0 IPV6INIT=no USERCTL=no
Again, you will have to adapt the IP parameters to your own need.
A simple network restart won’t do here because the arp table also needs to be restarted, so ro a system reboot now and voila!