Content
Code (6)
Comments (1)Virtual Local Area Networks (VLAN or virtual LAN) allow multiple logical local area networks (LAN) to exist within a single physical LAN. In other words, the LANs are defined in software rather than hardware.
VLAN Trunking
VLAN trunking allows connected devices to share a common link to transport data for separate VLANs. Essentially we are statistically multiplexing VLANs across a common link. This approach has two benefits. It reduces the number of ports required to connect devices together to support multiple common VLANs, and bandwidth not used by one VLAN is available for another to use. It makes sense that this common link needs to be of high capacity or it would create a bottleneck. Thus, VLAN trunking technology is only available at speeds greater than 100 Mbps. |
 VLAN Trunk |
Using the same link for multiple VLANs means we need some way of identifying where the VLAN data comes from so that the other end of the trunk link can forward the frame appropriately within the correct VLAN. This is done by getting the transmitting switch at one end of the trunk link tagging the frame before it is sent across the link. The switch at the other end removes the tag before forwarding it further.
Linux and VLANs
Linux has long been able to connect to VLAN trunks with a kernel patch, and the functionality was integrated into the mainstream kernel in 2.4.14. Kernel 2.6 also supports VLAN trunking.
In order to use 802.1q trunking, simply set the CONFIG_VLAN_8021Q option when configuring your kernel. Depending on what Ethernet card you have, you may need to patch the driver to make VLANs work correctly. This process is discussed in greater detail later in the article.
MTU Issues
As mentioned earlier, 802.1q works by tagging each frame with a 4-byte VLAN identifier. However, some Ethernet drivers assume the maximum frame size is 1,500 bytes. The addition of the 4-byte tag does not leave as much room for data. Thus, although small packets are sent and received correctly, large packets fail. The solution is either to drop the MTU of the VLAN device or to correct the assumptions of the driver.
Patches are available on the Linux VLAN Web site for a variety of cards (see Resources). Several drivers work correctly out of the box (or tar.gz, as the case may be), including the e100 driver for Intel-based cards.
Linux Configuration
Configuring VLANs under Linux is a process similar to configuring regular Ethernet interfaces. The main difference is you first must attach each VLAN to a physical device. This is accomplished with the vconfig utility. If the trunk device itself is configured, it is treated as native. For example, these commands define VLANs 2-3 on device eth1:
 2 | modprobe 8021q |
| 0 | vconfig set_name_type VLAN_PLUS_VID |
| 0 | vconfig add eth1 2 |
| 0 | vconfig add eth1 3 |
| 0 | ifconfig vlan0002 192.168.35.254 netmask 255.255.255.0 up |
| 0 | ifconfig vlan0003 192.168.34.254 netmask 255.255.255.0 up |
| Comments | ||
| 1 | modprobe 8021q | [2] |
| 2 | vconfig set_name_type VLAN_PLUS_VID | [0] |
| 3 | vconfig add eth1 2 | [0] |
| 4 | vconfig add eth1 3 | [0] |
| 5 | ifconfig vlan0002 192.168.35.254 netmask 255.255.255.0 up | [0] |
| 6 | ifconfig vlan0003 192.168.34.254 netmask 255.255.255.0 up | [0] |
|