This is some basic stuff, when setting a Linux box for networking. Sometimes, there is the need to isolate specific traffic from your router to be seen only by your second NIC, sometimes you just don’t want your NIC to stay in the default VLAN because of frequent network loops killing your PC, you don’t want to give another hundred dollars for 2-port demarcation device or you are small ISP and your backbone provider has appointed a range of VLANs for you and your points of interest around the city, so you have to get the tagged traffic on a Slackware Linux box and untag it for your customers. I’ve often used bridging of VLAN tagged traffic over a test PC in my work as a QA.
Reasons can be found enough for a small novel.
So in few words, when you need your network interface to accept tagged traffic, untag it and then send it to your kernel, that’s how it’s done:
bash-4.1# lsmod | grep 802 bash-4.1# modprobe 8021q bash-4.1# lsmod | grep 802 8021q 18128 0 bash-4.1# vconfig add eth3 200 Added VLAN with VID == 200 to IF -:eth3:- bash-4.1# ifconfig eth3.200 10.0.0.1/16 up bash-4.1# ping 10.0.155.50 -I eth3.200 PING 10.0.155.50 (10.0.155.50) 56(84) bytes of data. 64 bytes from 10.0.155.50: icmp_req=1 ttl=63 time=0.286 ms 64 bytes from 10.0.155.50: icmp_req=2 ttl=63 time=0.286 ms 64 bytes from 10.0.155.50: icmp_req=3 ttl=63 time=0.275 ms 64 bytes from 10.0.155.50: icmp_req=4 ttl=63 time=0.281 ms ^C --- 10.0.155.50 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.275/0.282/0.286/0.004 ms bash-4.1#
802.1q is the name of the protocol, the Kernel module is called 8021q. If the module is already loaded, the modprobe line can be omitted. If you want the module loaded at startup, you can add it in /etc/rc.local or /etc/rc.d/rc.modules (your preference). The first will load the module when everything else is already set. The VLAN configuration will be set regardless the module is loaded AFTER the ifconfig and vconfig have done their jobs.
The vconfig line adds the actual VLAN to Ethernet card 3 (change, according to your setup) and the ifconfig is setting IP address and mask (change to your setup or omit), and is enabling the Ethernet card. Finaly, you get one eth3 and one eth3.200:
bash-4.1# ifconfig eth3 eth3 Link encap:Ethernet HWaddr 00:0E:2E:72:96:F7 inet addr:10.0.0.2 Bcast:10.0.255.255 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:19 Base address:0xdc00 bash-4.1# ifconfig eth3.200 eth3.200 Link encap:Ethernet HWaddr 00:0E:2E:72:96:F7 inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) bash-4.1#
On the same Ethernet card, more VLANs can be enabled by adding them the same way. (no need to load the Kernel module every time, in case you don’t know that) If you need the VLAN removed from your NIC, do the reverse:
bash-4.1# ifconfig eth3.200 down bash-4.1# vconfig rem eth3.200 Removed VLAN -:eth3.200:-
For some reason, there is no decent configuration example for how to make Slackware enable VLAN on specific NIC in boot process. I’ve made a short script and attached it to rc.local. It executes when everything else is already set, but I did not need it earlier in the first place:
#!/bin/bash echo "Setting vlans ..." modprobe 8021q vconfig add eth3 200 ifconfig eth3.200 10.0.0.5/16 up echo "... done"
5 Responses to “How to configure VLAN with Slackware Linux?”
Sorry, the comment form is closed at this time.
[…] https://www.m0rd0r.eu/?p=378 LikeBe the first to like this post. […]
Thanks, I found your guide very helpful for me, but I have a strange problem on my Slackware 13.37.
I tried to configure vlan on a fresh install of Slackware 13.37, with kernel 2.6 and 3.2 as well.
Slackware runs on Intel 686 PC, the ethernet card eth0 (TPLINK TG-3269 10/100/1000Base-T) is connected to an ethernet switch (Tp-Link JetStream TL-SG3424), vlans are properly configured on the switch and the switch port is set as TRUNK (it accept vlans 1,10,11,21)
On the slackware box I entered the following commands:
modprobe 8021q # Loaded correctly, can see with lsmod | grep 8021q
vconfig add eth0 1
vconfig add eth0 10
vconfig add eth0 11
vconfig add eth0 21
ifconfig -a # It shows correctly eth0 and eth0.X vlan devices
Without this, if I try to assign the ip address to eth0.X devices I get “SIOCSIFFLAGS: Network is down” error:
ifconfig eth0 up
ifconfig eth0.1 192.168.0.2 up # 192.168.0.0/24 is the router's network, 192.168.0.1 is my ADSL router
ifconfig eth0.10 192.168.10.1 up
ifconfig eth0.11 192.168.11.1 up
ifconfig eth0.21 192.168.21.1 up
route add default gw 192.168.0.1
No errors are displayed, interfaces comes up,
from slackware ‘ping 192.168.0.1’ works, ‘ping http://www.google.com‘ works (it can go on internet),
my laptop with ip 192.168.21.2 (vlan 21) connected to an access port of the switch can connect
to 192.168.21.1 (ping, ssh and so), the routing table seams ok :
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.10
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.11
192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.21
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0.1
BUT
– forwarding is not working (I do echo 1 > /proc/sys/net/ipv4/ip_forward ) but the laptop 192.168.21.2 cannot go on internet or connect to the router web interface (192.168.0.1 : using ip addresses I can exclude dns problems);
– THIS IS STRANGE: typing ‘ifconfig’ on the slackware box the virtual interfaces are displayed twice, for example:
eth0.10 Link encap:Ethernet HWaddr 00:0F:20:CF:8B:42
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2472694671 errors:0 dropped:0 overruns:0 frame:0
TX packets:44641779 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1761467179 (1679.8 Mb) TX bytes:2870928587 (2737.9 Mb)
Interrupt:28
eth0.10 Link encap:Ethernet HWaddr 00:0F:20:CF:8B:42
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
The second occurrence of each vlan device is same as the first except for one thing,
the 2nd doesn’t display RX/TX/collision statistics.
eth0.11 and eth0.1 are displayed twice as well, eth0.21 only once.
These “duplications” occurs during the assigning of ip addresses with ifconfig.
Until I’ve assigned ip to eth0.1 and eth0.10, “ifconfig -a” display is ok,
after I assign ip for the eth0.11, “ifconfig -a” displayes devices twice.
Nothing wrong appear on dmesg, syslog, /var/log/messages and so.
Can you/someone help me?
Thank’ssssss
Really strange. Can be a bug in the way the driver tags and untags the packets in TPLink card.
2 Things need to be checked:
Do a traceroute from the laptop to the outside world. Either by URL or IP address if the DNS is behind the problem area and can’t resolve.
Capture the packets on your Slackware’s network cards and have a good look at them before they enter the CPU and after (e.g. Take the tcpdump make a sniff from the packets coming from your laptop in a file and explore the packets in Wireshark.)
The packets need to be tagged in their corresponding VLAN when they come from the laptop and you need to strip the VLAN tag before they go to the default gateway.
VLAN tagged frames will probably get dropped in the next hop after the default gateway.
Can you show me the result from iptables-save ?
It works!!!
Thanks a lot for your answer, I was so stupid, that I laughed ten minutes ;-))
I run tcpdump on eth0.21 (traffic from/to my laptop), on another console tcpdump on eth0.1 (capturing traffic from/to router), with ip_forward=1 I can see that each packet from laptop to the router was correctly forwarded by the eth0.1, then the problem was outside the slackware box (switch? router?), than the illumination!
I forgot to set any nat/masquerade rule on the slackware box, then my router (192.168.0.1) cannot send any response packet to 192.168.21.2! I set in the routing table of the router, “192.168.0.2” (slackware box) as GW for the 192.168.21.0 network and everything began to work properly!
The solution was very simple but I was misled by the strange output of ifconfig.
iptables-save is empty because I’ve not set any iptables rule.
Good! Now I’ve only to find an answer for this:
Only eth0.21 doesn’t appear twice:
eth0 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10266347 errors:0 dropped:0 overruns:0 frame:0
TX packets:5792069 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1395341596 (1330.7 Mb) TX bytes:1337040030 (1275.1 Mb)
Interrupt:22 Base address:0x6400
eth0.10 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:207 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:52556 (51.3 Kb)
eth0.1 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37174 errors:0 dropped:0 overruns:0 frame:0
TX packets:8634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7948195 (7.5 Mb) TX bytes:856906 (836.8 Kb)
eth0.11 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:59962 (58.5 Kb)
eth0.1 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0.10 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0.11 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0.21 Link encap:Ethernet HWaddr B0:48:7A:80:C1:DA
inet addr:192.168.21.1 Bcast:192.168.21.255 Mask:255.255.255.0
inet6 addr: fe80::b248:7aff:fe80:c1da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12180 errors:0 dropped:0 overruns:0 frame:0
TX packets:5250 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:687929 (671.8 Kb) TX bytes:6249585 (5.9 Mb)
Thanks for your help
Stefano.
Oh … No NAT = no NET 🙂
First time I’ve needed NAT – I copied the masquerade script from PPPoE package and just altered It. Since then – I only add this script in /etc/rc.local and alter it a bit so it suits the current machine I am doing.
Since it is the first thing I do when I configure customer’s machine for Linux router, I did not think for the possibility, that you skipped it 🙂
Don’t have a clue about the doubled interfaces in ifconfig though. Maybe a kernel issue.