VLAN’s

What is a VLAN?

VLAN is short for Virtual LAN (where LAN is short for Local Area Network). The virtual lan is pretty much what is sounds like – a virtual seperate network, but across the same physical network. Confused? Okay, think of it like separate conference rooms. Some computers are plugged into conference room A and can chat, some into conference B and can chat, but A and B can’t hear each other. Now do this in the same room, by saying A or B before everything you have to say. That’s a virtual lan. All the computers are on the same switch, but ignore the ones that aren’t talking with their same virtual lan “network id” number.

Why would you use a VLAN?

VLAN’s are useful to set up a separate network to isolate some computers from others, without actually having to have separate cabling and ethernet switches. Intelligent switches can do this on their own, without need for the computer or other gear to know itself what VLAN it’s on (this is called port-based VLAN, since it’s assigned by port of the switch). Another common use is to put specialized devices like VoIP Phones on a separate network for easier configuration, administration, security, or quality of service.

How to create a VLAN in network-scripts

First, make sure that the vconfig package is installed via the command yum install vconfig. In CentOS distributions it’s in the base, so it’s probably already there.

Next, go to the /etc/sysconfig/network-scripts directory and decide which eth# device you’re going to add a VLAN to. Note that the VLAN device will run alongside (in parallel to, at the same time) as the original eth# device, so there is no need to change your existing configuration.

So assuming we’re going to add a VLAN interface to eth0, and that the VLAN ID we want to use is 2 (it can be anything from 2 to 4096). We’re also going to assume that everything is static (if you want to use DHCP see the section on bridges for what you change). To get started easily, just copy the ifcfg-eth0 file to ifcfg-eth0.2 and edit it. Change the DEVICE entry to match the filename, add aVLAN=yes line, and modify the IPADDR, NETMASK, and GATEWAY entries as necessary to specify a different network. The GATEWAY entry is not necessary if it’s an isolated network without Internet access. If this Linux box is providing DHCP for the network, you’ll need to add a matching entry in /etc/dhcpd.conf.

That’s pretty much it. Reboot the machine or run service network restart to reload the network configuration. You should see the interface eth0.2 listed if you issue a ifconfig command. Remember that any other device must be configured with the same VLAN ID before it’s packets will arrive on this interface. Also, be aware that this only works on local LAN and through switches (it won’t go through an IP Router, or be carried through the Internet, since the VLAN codes are in the Ethernet packet header). Lastly, some intelligent switches may ignore or strip off all packets with VLAN codes other than what they expect to see, so if you have problems test with a “dumb” switch.