ISO 27001 certified | 9.8/10 reviews | Monthly terminable

Snel.com

Your Friendly Hosting Provider

Snel.com
Clientarea
Home
Home

How to configure 802.1Q VLAN Tagging in CentOS 8

Estimated reading time: 3 min

Introduction

VLANs make it possible to separate large networks into smaller and manageable ones. The 802.1Q is a standard which is implemented by all vendors into their network equipment. Some switches can assign multiple VLANs to a single network port. With this feature, you can assign multiple VLANs to a single server. The switch can separate the packages because every Ethernet frame is tagged with the VLAN id.

In this tutorial, we will create two VLANs. First, VLAN 3047 with example IP address 185.62.58.190 and second, VLAN 453 with example IP address 78.41.207.51.

Prerequisites

  • The network switch your server is connected to must be set up for a successful procedure. Please contact Snel support for setting up the switch for your server.
  • The switch should support VLAN tagging.
  • You must be logged into your Snel Server running CentOS 8 as sudo or root user. Please view this article for instructions if you are having difficulties.

Step 1: Remove NetworkManager

Since we will be configuring the network by ourselves, let’s uninstall NetworkManager. In most cases, NetworkManager is already not installed in your server. Running the following command will remove the NetworkManager if it is installed. 

sudo yum -y remove NetworkManager NetworkManager-libnm NetworkManager-team NetworkManager-tui NetworkManager-wifi

Step 2: Load kernel module

Check if the kernel module 8021q is loaded or not.

sudo lsmod | grep 8021q

If you do not get any output, it means that the module is not loaded. Load the kernel module.

sudo modprobe 8021q

Now, verify again if the module is loaded or not by running sudo lsmod | grep 8021q again. You should see the following output.

[snel_user@vps ~]$ sudo lsmod | grep 8021q
8021q                  36864  0
garp                   16384  1 8021q
mrp                    20480  1 8021q

To ensure that the kernel module 8021q is loaded during boot, we have to add the module into the modules configuration file.

sudo su -c 'echo "8021q" >> /etc/modules'

Step 3: Find the active network interface

Run the following command to get the active network interface.

clear && echo $(ip -o -4 route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p')

It should output the active interface on which your server is connected to the internet. In our example, let’s say we got output eth0. In this tutorial, we will now use eth0 as the primary network interface.

Step 4: Configure the network interface

Edit the network configuration of eth0.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

Replace the configuration with the following 4 lines.

BOOTPROTO="none"
DEVICE="eth0"
ONBOOT="yes"
TYPE="Ethernet"

Create a new configuration file for your VLAN. Let’s call it VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.3047

Add the following lines.

DEVICE="eth0.3047"
BOOTPROTO="none"
ONBOOT="yes"
IPADDR="185.62.58.190"
PREFIX="24"
NETWORK="185.62.58.1"
VLAN="yes"
DNS1="89.207.128.252"
DNS2="89.207.130.252"

Note: Make sure to update the IP address according to what is assigned to your server. If you are unsure about what to put here, contact Snel support.

Create the second VLAN, let’s say 453.

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.453

Add the following lines.

DEVICE="eth0.453"
BOOTPROTO="none"
ONBOOT="yes"
IPADDR="78.41.207.51"
PREFIX="24"
NETWORK="78.41.207.1"
VLAN="yes"
DNS1="89.207.128.252"
DNS2="89.207.130.252"

Step 5: Create network rules

Create the network rule configuration file for VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/rule-eth0.3047

Add the following line.

from 185.62.58.0/24 tab 1 priority 500

Create the network rule configuration file for VLAN 453.

sudo nano /etc/sysconfig/network-scripts/rule-eth0.453

Add the following line.

from 78.41.207.0/24 tab 2 priority 501

Step 6: Create network routes

Create the route configuration file for VLAN 3047.

sudo nano /etc/sysconfig/network-scripts/route-eth0.3047

Add the following line.

default via 185.62.58.1 dev eth0.3047 table 1

Create the route configuration file for VLAN 453.

sudo nano /etc/sysconfig/network-scripts/route-eth0.453

Add the following line.

default via 78.41.207.1 dev eth0.453 table 2

Step 7: Configure sysctl

Enable packet forwarding on the server by creating the following file.

sudo nano /etc/sysctl.d/90-override.conf

Add the following line.

net.ipv4.ip_forward=1

Enable reverse path and arp filtering configuration into the same file.

net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.rp_filter=2

Apply the changes by running the following command.

sudo sysctl -p /etc/sysctl.d/90-override.conf

Step 8: Restart the server

Restart the server by running the following command.

sudo reboot

Step 9: Check VLAN interface status

Run the following command to check the VLAN connectivity status.

cat /proc/net/vlan/config

If VLAN is not active you should see this.

VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

If it’s active you should see this.

VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.3047 | 3047 | eth0
eth0.453 | 453 | eth0

Step 10: Test IP addresses

Ping from your workstation to check if the IPs are active.

ping 185.62.58.190

and

ping 78.41.207.45

You should successfully receive the reply if the IP address are working fine.

Step 11: Test IP address on Server

Check if the packets are using the right VLAN to leave the server.

Perform a ping from eth0.3047 to check if it is using the right VLAN to communicate with the destination IP address.

ping -I eth0.3047  8.8.8.8

Output

PING 8.8.8.8  (8.8.8.8) from 185.62.58.190 eth0.3047: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=2.03 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=2.13 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=2.21 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=2.06 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3080ms
rtt min/avg/max/mdev = 2.038/2.113/2.217/0.089 ms

In the above output, we can see that the packet left from the interface with IP address 185.62.58.190.

Now, perform a ping from eth0.453.

ping -I eth0.453  8.8.8.8

Output.

PING 8.8.8.8  (8.8.8.8) from 78.41.207.45 eth0.453: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=123 time=2.26 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=123 time=2.37 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=123 time=2.44 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=123 time=2.41 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2756ms
rtt min/avg/max/mdev = 2.266/2.360/2.444/0.073 ms

In the above output, we can see that the packet left from the interface with IP address 78.41.207.45.

Conclusion

Congratulations, you have now configured a server which listens to two VLANs with two gateways. VLAN tagging is not limited to two VLANs, multiple VLANs are supported. You have to add each VLAN according to the network configuration of that VLAN.

Was this article helpful?
Dislike 2
Views: 23447

Reader Interactions

Comments

  1. Stephen Satchell says

    Doesn't work. The VLAN is set up properly, but when the system reboots none of the Ethernet interfaces come back up, let alone the VLANs.

    Reply

  3. Jeff W says

    This doesn't work for me either. VLAN tagging is supported on the switch and I have the port configured as a 802.11 trunk. This is on a Cisco layer 3 switch and the VSI is configured and up. I can ping other hosts on this VLAN from the switch but cannot ping the Linux server's IP address that's on this VLAN.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

ISO 27001 Certified
9.8/10 Reviews
Contact us
+31 88 3 088 099

Snel Status

Copyright © 2024 Snel.com B.V. All Rights Reserved.