How to configure 802.1Q VLAN Tagging on CentOS 7

Estimated reading time: 3 min

Introduction

Prerequisites

  • The network switch your server is connected to must be set up for a successful procedure
  • The switch should support VLAN tagging

Step 1 – Log in using SSH

You must be logged in via SSH as sudo or root user. Please see this article for instructions if you don’t know how to connect.

Step 2 – Disable NetworkManager

Within a server environment we prefer to disable NetworkManager. These instructions won’t work if NetworkManager is enabled!

Check the status of NetworkManager

sudo systemctl status NetworkManager

If NetworkManager is not running and shows Active: inactive (dead) you can go further to step 3

NetworkManager.service - Network Manager
  Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
  Active: inactive (dead)
    Docs: man:NetworkManager(8)

If NetworkManager is active we have to disable it

NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled)
   Active: active (running) since Fri, 08 Mar 2013 12:50:04 +0100; 3 days ago

Disable NetworkManager

sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager

Once the NetworkManager is disabled remove it

sudo yum -y remove NetworkManager NetworkManager-libnm NetworkManager-team NetworkManager-tui NetworkManager-wifi

Step 3: Load kernel module

Check if kernel module 8021q is loaded

sudo lsmod | grep 8021q

If it’s loaded you see similair to this

8021q                  33208  0
garp                   14384  1 8021q
mrp                    18542  1 8021q

If you do not get any output module is not loaded. Load the kernel module

sudo modprobe 8021q

To ensure that the kernel module 8021q  is loaded during boot we have to add the module into the modules configuration file

sudo su -c 'echo "8021q" >> /etc/modules'

Step 4 – find the active network interface

clear && echo $(ip -o -4 route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p')

Step 5 – Configure the network interface

In our example our network interface is eth0. Our article will use eth0 but you have to use the network interface name which you got in step 4.

Edit your network configuration of eth0

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

Replace the configration with the following 4 lines

BOOTPROTO="none"
DEVICE="eth0"
ONBOOT="yes"
TYPE="Ethernet"

Create the a new configuration file for your VLAN in our case it’s VLAN 3047

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.3047

Add the following lines

DEVICE=eth0.3047
BOOTPROTO=none
ONBOOT=yes
IPADDR=78.41.207.45
PREFIX=24
NETWORK=78.41.207.0
VLAN=yes

Create the second VLAN 453

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0.453

Add the following lines

DEVICE=eth0.453
BOOTPROTO=none
ONBOOT=yes
IPADDR=89.207.131.20
PREFIX=24
NETWORK=89.207.131.0
VLAN=yes

Step 6 – Create the network rules

Create the network rule configuration file for VLAN 3047

sudo nano /etc/sysconfig/network-scripts/rule-eth0.3047

Add the following line

from 78.41.207.0/24 tab 1 priority 500

Create the network rule configuration file for VLAN 453

sudo nano /etc/sysconfig/network-scripts/rule-eth0.453

Add the following line

from 89.207.131.0/24 tab 2 priority 501

Step 7 – Create the nework routes

Create the route configuration file for VLAN 3047

sudo nano /etc/sysconfig/network-scripts/route-eth0.3047

Add the following line

default via 78.41.207.1 dev eth0.3047 table 1

Create the route configuration file for VLAN 453

sudo nano /etc/sysconfig/network-scripts/route-eth0.453

Add the following line

default via 89.207.131.1 dev eth0.453 table 2

Step 8 – Configure sysctl

Enable packet forwarding on the server by creating the following file

sudo nano /etc/sysctl.d/90-override.conf

Add the following line

net.ipv4.ip_forward=1

Enable reverse path and arp filtering

net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.rp_filter=2

Apply the changes

sudo sysctl -p /etc/sysctl.d/90-override.conf

Step 9 – Restart the server

sudo reboot

Step 10 – Check VLAN interface status

Run the following command

cat /proc/net/vlan/config

If VLAN is not active you should see this

VLAN Dev name     | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

If it’s active you should see this

VLAN Dev name     | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.3047  	| 3047  | eth0
eth0.453   	| 453  | eth0

Step 11 – Test IP addresses

Ping from your workstation to check if the IPs are active

ping 78.41.207.45
ping 89.207.131.20

Step 12 – Test IP address on Server

Check if the packets are using the right VLAN to leave the server

Perform a ping from eth0.3047 to check if its using the right VLAN to communicate with the destination IP address

ping -I eth0.3047 8.8.8.8

Output

PING 8.8.8.8 (8.8.8.8) from 78.41.207.45 eth0.3047: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=2.03 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=2.13 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=2.21 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=2.06 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3080ms
rtt min/avg/max/mdev = 2.038/2.113/2.217/0.089 ms

Perform a ping from eth0.453

ping -I eth0.453 8.8.8.8

Output

PING 8.8.8.8 (8.8.8.8) from 89.207.131.20 eth0.453: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=123 time=2.26 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=123 time=2.37 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=123 time=2.44 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2756ms
rtt min/avg/max/mdev = 2.266/2.360/2.444/0.073 ms

Conclusion

Congratulations, you have now configured a server which listens to two VLANs with two gateways. VLAN tagging is not limited to two VLANs multiple VLANs are supported. You have to add each VLAN according to the network configuration of that VLAN.

 

Was this article helpful?
Dislike 0
Views: 28

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *