Teach you how to divide VLAN on Linux
Linux should be learned 4 days ago
Source: This is how Linux should be learned
Address: https://www.linuxprobe.com/linux-add-vlan.html
In some scenarios, we want to allocate multiple ips from different VLANs on the same network card on the Linux server (CentOS / RHEL). This can be achieved by enabling VLAN tagged interfaces, but to achieve this, you must first ensure that multiple VLANs are added to the switch.
Suppose we have a Linux server with two Ethernet cards (ens33 and ens38), the first network card (ens33) is used for data traffic, and the second network card (ens38) is used for control/management traffic. For data flow, multiple vlans will be used (multiple ips from different vlans will be allocated on the data flow network card).
Assuming that the port connected from the switch to the server's data traffic network card is configured as a trunk, multiple VLANs are mapped to it. The following is the vlan mapped to the data traffic network card:
-
VLAN ID (200),172.168.10.0/24
-
VLAN ID (300),172.168.20.0/24
To use VLAN tag interface on CentOS 7 /RHEL 7 /CentOS 8 /RHEL 8 system, the kernel module 8021q must be loaded.
Use the following command to load the kernel module "8021q"
# 先列出模块,发现没有8021q模块。
[root@localhost ~]# lsmod | grep -i 8021q
# 加载模块
[root@localhost ~]# modprobe --first-time 8021q
[root@localhost ~]# lsmod | grep -i 8021q
8021q 33080 0
garp 14384 1 8021q
mrp 18542 1 8021q
Use the modinfocommand to list 8021q information:
[root@localhost ~]# modinfo 8021q
Now use the ip command to create vlan 200 and vlan 300 to ens33 network cards:
# 创建vlan 200和vlan 300
[root@localhost ~]# ip link add link ens33 name ens33.200 type vlan id 200
[root@localhost ~]# ip link add link ens33 name ens33.300 type vlan id 300
It is found that the link status of ens33.200 and ens33.300 is DOWN, enable them below.
# 启用vlan 200 和vlan 300
[root@localhost ~]# ip link set ens33.200 up
[root@localhost ~]# ip link set ens33.300 up
The following are two VLAN assignment ip addresses:
[root@localhost ~]# ip address add 172.168.10.51/24 dev ens33.200
[root@localhost ~]# ip address add 172.168.20.51/24 dev ens33.300
You can see that ens33.200 and ens33.300 have been configured with IP addresses.
But the VLAN and address added using ip address above will not take effect permanently. It disappeared after restarting the system. We need to save these configurations in the configuration file.
First modify the configuration file of ifcfg-ens33, and then create the ifcfg-ens33.200 and ifcfg-ens33.300 configuration files:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
DEVICE=ens33
ONBOOT=yes
Next, create a configuration file for vlan 200 and name it ifcfg-ens33.200
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33.200
DEVICE=ens33.200
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.168.10.51
PREFIX=24
NETWORK=172.168.10.0
VLAN=yes
Next, create a configuration file for vlan 300 and name it ifcfg-ens33.300
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33.300
DEVICE=ens33.300
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.168.20.51
PREFIX=24
NETWORK=172.168.20.0
VLAN=yes
After editing the configuration file, restart the network service.
[root@localhost ~]# systemctl restart network
You can see that the vlan200,300 information has not disappeared.