Adding 802.1Q Trunking to Debian GNU/Linux

Here's a quick guide to setting up 802.1Q trunking for VLANs on a Debian GNU/Linux box connected to one or more Cisco Catalyst switches, which could then be used as a cheap router replacement.


Configuration on the Debian box:

Add 8021q to /etc/modules so 802.1Q support is enabled at startup. To install it immediately:

# modprobe 8021q

Use vconfig to add the VLANs to the interface you'll be using (if vconfig is missing, run apt-get install vlan):

# vconfig add eth0 2

(In the above, eth0 is the physical interface and 2 is the ID of the VLAN)

Give the interface an IP. Choose an address in the range you've set aside for that particular VLAN. In this example, VLAN 2 is using 192.168.2.0/24.

# ifconfig eth0.2 192.168.2.201 netmask 255.255.255.0


 

To have this happen on startup, do the following:
Edit /etc/network/interfaces to assign permanent settings to your new interface(s) – the virtual interface takes its name from the interface to which it is attached plus the VLAN ID: for example, setting up VLAN 2 via interface eth0 results in an interface called eth0.2.

auto eth0.2
iface eth0.2 inet static
address 192.168.2.201
netmask 255.255.255.0
vlan_raw_device eth0

Whichever method is used, check the VLAN interface has come up correctly:

# ifconfig eth0.2
eth0.2 Link encap:Ethernet HWaddr 00:c0:9f:9a:45:dc
inet addr:192.168.2.202 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe9a:45dc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:278 errors:0 dropped:0 overruns:0 frame:0
TX packets:293 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29924 (29.2 KiB) TX bytes:34873 (34.0 KiB)

It's also important to make sure the trunking interface (eth0 in the above) has no IP assigned (or at least not one in any of the VLANs you've configured). To clear any address currently assigned, enter:

# ifconfig eth0 0.0.0.0



Configuration on the switch (C3500XL in this case):

First up, create at least one VLAN apart from the default VLAN1:
(NB: The process for creating VLANs differs depending on the model of switch used)
#vlan database
(vlan)#vlan 2
(vlan)#vlan 2 name testing

Set the switch to be a VTP server and name the VTP domain:

(vlan)#vtp server
(vlan)#vtp domain testing

Then, enable trunking on a port (24 in this example) and give all VLANs access to it:

(config)# interface fa0/24
(config)# switchport trunk encapsulation dot1q
(config)# switchport mode trunk
(config)# switchport trunk access vlan all

Check the port's configuration (important sections in bold):

#sh int fa0/24 switchport

Name: Fa0/24
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,2
Pruning VLANs Enabled: 2-1001

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none



Add some ports to the VLAN (repeat the below for each port, or use (for example) int range fa0/7 – 10 if supported by your switch:

(config)# int fa0/7
(config-int)# switchport access vlan 2


Check that the ports have been assigned correctly:

switch1#sh vl br
VLAN Name             Status    Ports
---- ---------------- --------- ---------------------------
1    default          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                Fa0/5, Fa0/8, Fa0/9, Fa0/12,
                                Fa0/13, Fa0/14, Fa0/15, Fa0/16,
                                Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                Fa0/21, Fa0/22, Fa0/23, Gi0/1,
                                Gi0/2
2    testing          active    Fa0/6, Fa0/7, Fa0/10, Fa0/11


Connect the trunking port to the PC and hook up another device to one of the VLAN 2 ports.

On the switch, check the status of the interfaces (cropped; only relevant interfaces shown):

switch1#sh int status

Port    Name  Status       Vlan     Duplex Speed   Type
------- ----- ------------ -------- ------ ------- ----

Fa0/6         notconnect   2          Auto    Auto 100BaseTX/FX
Fa0/7         connected    2        A-Full   A-100 100BaseTX/FX
Fa0/10        notconnect   2          Auto    Auto 100BaseTX/FX
Fa0/11        notconnect   2          Auto    Auto 100BaseTX/FX
Fa0/24        connected    trunk    A-Full   A-100 100BaseTX/FX




They should be now able to ping each other, as below:

From the Client PC (connected to port 7):
# ping 192.168.2.202
PING 192.168.2.202 (192.168.2.202) 56(84) bytes of data.
64 bytes from 192.168.2.202: icmp_req=1 ttl=64 time=0.244 ms
64 bytes from 192.168.2.202: icmp_req=2 ttl=64 time=0.264 ms
64 bytes from 192.168.2.202: icmp_req=3 ttl=64 time=0.251 ms
64 bytes from 192.168.2.202: icmp_req=4 ttl=64 time=0.238 ms
64 bytes from 192.168.2.202: icmp_req=5 ttl=64 time=0.244 ms


From the Trunking PC (connected to port 24):
# ping 192.168.2.50
PING 192.168.2.50 (192.168.2.50) 56(84) bytes of data.
64 bytes from 192.168.2.50: icmp_seq=1 ttl=64 time=0.153 ms
64 bytes from 192.168.2.50: icmp_seq=2 ttl=64 time=0.196 ms
64 bytes from 192.168.2.50: icmp_seq=3 ttl=64 time=0.192 ms
 

Comments

Post a Comment

Popular posts from this blog

Change the ComputerName value in Unattend.xml using PowerShell

A quick and dirty PowerShell script to update the value of ComputerName in Unattend.xml before imaging. This particular value is located at: <unattend>  <settings pass="generalize">   <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">     <computername> Which is a bit of a mouthful, but we can be lazy and just pull the value from the nth component node (in my case it's 3, or the 4th component node). PowerShell uses dots to describe the hierarchical path, which looks a lot neater than the above: $xml.unattend.settings.component[3].computername To repeat, the value of .component[n] will change depending on the structure of the file. The value of the
Read more

Testing out Link Aggregation

Image
I picked up a TP-Link managed switch last week as something of a compromise between affordability and features - as it turns out though, it does just about everything I could ask for, just without the extra expense from buying something that has HP or Cisco written on the side. I grabbed the TL-SG3216, a fanless L2 managed switch with 16x1Gigabit ports as it ticked all the boxes: Silent (fanless) Managed Link Aggregation/802.3ad (LACP) 802.1Q (VLAN) STP As a bonus, the CLI interface (via console cable or ssh) is very similar to Cisco's IOS, so I don't have to learn an entirely new syntax to configure it. Before I replace my existing switch, I spent a bit of time testing out its features. First up, I setup a spare Raspberry Pi with a second ethernet interface (via a USB dongle) to test out link aggregation. First up, the configuration on the Pi (Raspbian): Install ifenslave to allow for the creation of bonded network interfaces # apt-get install ifenslav
Read more