Note: The following comes from my understanding of this blog comes from Gangster: FromScratch
https://www.cnblogs.com/justart/p/7944256.html
Hard to find a good article, thank you very much
Estimate is the reason I was led to pre-empt a way of understanding the Cisco switch vlan on Linux (although I had to play a sharp McNair equipment)
My test environment is two computers
GE60 (Kali) using two virtual KVM virtual machines (archlinux)
GE62 (archlinux) using two virtual KVM virtual machines (archlinux)
Network management software with NetworkManager and iptables
A 5 unmanaged switcher (seemingly not support auto-flip, which led me again do cross the line went, cable getting shorter ...)
To a computer, for example (because two computers configuration process, as the amount may not be named the same does not matter)
First, I have a physical network adapter interface name is eth0
I take it with me when switcher own computer then have access to the Internet ah virtual NIC and then to the top
1, new virtual network adapter (bridge)
nmcli con add type bridge con-name br0 ifname br0
2, new switch with an Ethernet interface to do, and just put new virtual card tied to here with the physical interface card interface eth0
nmcli con add type bridge-slave con-name switcher ifname eth0 master br0
I switch connected to a router, switch this seemingly does not support auto-flip, I eth0 with direct line to the router can also be eligible for a share of IP, but also because maybe the same mac address
IP is acquired is then the same can not access for a cross-like lines (seemingly the disabled ipv4.method arranged on it ...)
I want to Tucao: Telecom Optical cat to the network cable is rubbish (you also Unicom) after actually plug connection speed 10M / s thought this was a problem with crystal head hinged open look is simply a three-line color and I can not tell at all not wrapped orange white green white brown white blue color are my Taobao to buy a network adapter so that stores two wires to send me back to the store I send a line over five thick lines that double-stranded longer if the swing is no problem to do
In fact, this virtual machine can be directly connected to the router via br0 up there but there is no division vlan so continue
Follow the order of NetworkManager is actually the first draw and then draw v lan
3, new two virtual network adapter (bridge) to the virtual machine (I think this is both vlan switch)
Referring to his blog is with the bridge and vlan vconfig and brctl created, and then after I restart all wood with. . .
So in accordance with the result of creating brctl so that we can create a deposit down with NetworkManager
nmcli con add type bridge con-name brvlan10 ifname brvlan10 ipv4.method disabled ipv6.method link-local
nmcli con add type bridge con-name brvlan20 ifname brvlan20 ipv4.method disabled ipv6.method link-local
I do not know why ipv6 To create this mess brctl result is that I wrote it so
4, new vlan and allocated to a virtual NIC with vlan10 just created and vlan20
con-name write ye will do; dev I chose my physical NIC; id followed by vlan-id; tied in the back with the master on which the card;
nmcli con add type vlan con-name eth0.10 dev eth0 id 10 master brvlan10
nmcli con add type vlan con-name eth0.20 dev eth0 id 20 master brvlan20
There will be two new devices eth0.10 eth0.20 then I remembered the virtual interface and get that done after the single-arm routing router
I feel this is equivalent to a two-step
int f0/0.1
encapsulation dot1Q 10
This feeling always wanted up with ip ah want no shut it emmm ...
5, have started to see not
nmcli con show
NetworkManager biggest advantage is that you can see the activity status of the current connection by the color
Green indicates that the connection has been established
Yellow said it is acquiring address
White connection has been lost
Before ipv4.method not set to disabled then connect the yellow one will plainly not at all up together
Here only see four brvlan10 brvlan20 eth0.10 eth0.20 others do not control. . .
I still talk about the amount
docker0 and docker_gwbridge is time to install the former docker created its own Internet use is a container which is a docker with a cluster of clusters but I did not bother to control
switcher is a virtual switch, when the switch is to use the card, the computer will use the Internet out of the virtual br0, ip should be equipped on br0
vroute0 and vroute1 are my two out of the virtual card, to the virtual machine, the former is nat out, which is the local network
Kvm not create a network because it would change my firewall policy, each boot will be restored once (which makes now a habit, start to restore the firewall policy)
vnet0 and vnet1 virtual machine interface
Another computer is the same configuration
A total of four virtual machines
GE60 on arch70 (brvlan10: 192.168.0.2) arch71 (brvlan20: 192.168.0.3)
GE62上 arch66(brvlan10:192.168.0.4) arch67(brvlan20:192.168.0.5)
The network does not have a gateway
Experimental results
arch70 is interconnected and arch66
arch71 is interconnected and arch67
arch70 unreasonable and arch71
arch66 unreasonable and arch67
If you set up a firewall to note the brvlan10 and put through brvlan20
This is the configuration of iptables
Note that the filter table nat table do not control the amount of nat table inside seemingly no forward chain. . .
-A FORWARD -i brvlan10 -j ACCEPT
-A FORWARD -o brvlan10 -j ACCEPT
-A FORWARD -i brvlan20 -j ACCEPT
-A FORWARD -o brvlan20 -j ACCEPT
KVM virtual machine looks like is to open the card added to the bridge in the
brctl addif brvlan10 vnet0
brctl addif brvlan20 vnet1
This feels like
int f0/1
switchport access vlan 10