[c-nsp] Question - VLAN tagging Catalyst 6500 to Linux Host

Walter Keen walter.keen at RainierConnect.net
Mon Apr 5 13:24:52 EDT 2010 

  Bonded interfaces aside (I haven't done it with bonded interfaces, so 
I'm not sure)

You'll want to use the vconfig command in linux to create your vlan 
sub-interfaces.  Different distributions package it under different 
names.  I think it's vlan under debian.

Basic syntax will be something like vconfig add <device> <vlan>

Then you can use that interface as <device>.<vlan-id>  (ie: eth0.4002, 
is eth0, vlan 4002)


$ vconfig
Expecting argc to be 3-5, inclusive.  Was: 1

Usage: add             [interface-name] [vlan_id]
        rem             [vlan-name]
        set_flag        [interface-name] [flag-num]       [0 | 1]
        set_egress_map  [vlan-name]      [skb_priority]   [vlan_qos]
        set_ingress_map [vlan-name]      [skb_priority]   [vlan_qos]
        set_name_type   [name-type]

* The [interface-name] is the name of the ethernet card that hosts
   the VLAN you are talking about.
* The vlan_id is the identifier (0-4095) of the VLAN you are operating on.
* skb_priority is the priority in the socket buffer (sk_buff).
* vlan_qos is the 3 bit priority in the VLAN header
* name-type:  VLAN_PLUS_VID (vlan0005), VLAN_PLUS_VID_NO_PAD (vlan5),
               DEV_PLUS_VID (eth0.0005), DEV_PLUS_VID_NO_PAD (eth0.5)
* bind-type:  PER_DEVICE  # Allows vlan 5 on eth0 and eth1 to be unique.
               PER_KERNEL  # Forces vlan 5 to be unique across all devices.
* FLAGS:  1 REORDER_HDR  When this is set, the VLAN device will move the
             ethernet header around to make it look exactly like a real
             ethernet device.  This may help programs such as DHCPd which
             read the raw ethernet packet and make assumptions about the
             location of bytes.  If you don't need it, don't turn it on, 
because
             there will be at least a small performance degradation.  
Default
             is OFF.



On 04/05/2010 09:10 AM, Security Team wrote:
> I haven't ever tried to make this work before so this is a new application.
>
> I want to use VLAN tagging so that I can create VLANs with numbers like 999,
> 1000, 1001 and send those VLANs (in different non-overlapping subnets) all
> to a Linux machine over a bonded LACP link.
>
> Here's a config snippet I am constructing, do any of you gurus see any
> problems with this general approach?
>
> I create 3 GigE interfaces wrapped into a single bonded interface
> Port-channel32--LACP group id 32 (I'll call it bond0 on the Linux host).
>
> My VLAN tagged subnets will be
>
> VLAN 999    192.168.101.0/24
> VLAN 1000   192.168.102.0/24
> VLAN 1001   192.168.103.0/24
>
> And the Linux Host will be at 10.1.1.2/24 in VLAN 309
>
> Thanks for anyt criticism of my approach, tagged VLANs are new to me I've
> always just done routed L3 ones.
>
> I know that the LACP bonding works to the Linux bond0 interface, I think the
> weak part here is the VLAN tagging I am using in the Catalyst.
>
> Regards,
> CJ
>
>
> interface Vlan309
>   description Linux Host
>   ip address 10.1.1.1 255.255.255.0
> !
> interface Port-channel32
>   desc LACP bonded 3 GigE interfaces
>   switchport
>   switchport access vlan 309
>   switchport trunk encapsulation dot1q
>   switchport trunk allowed vlan 309,999,1000,1001
> !
> interface GigabitEthernet4/30
>   description GigE 1
>   load-interval 30
>   speed 1000
>   duplex full
>   switchport
>   switchport access vlan 309
>   switchport trunk allowed vlan 309,999,1000,1001
>   channel-group 32 mode active
>   channel-protocol lacp
> !
> interface GigabitEthernet4/32
>   description GigE 2
>   load-interval 30
>   speed 1000
>   duplex full
>   switchport
>   switchport access vlan 309
>   switchport trunk allowed vlan 309,999,1000,1001
>   channel-group 32 mode active
>   channel-protocol lacp
> !
> interface GigabitEthernet5/32
>   description GigE 3
>   load-interval 30
>   speed 1000
>   duplex full
>   switchport
>   switchport access vlan 309
>   switchport trunk allowed vlan 309,999,1000,1001
>   channel-group 32 mode active
>   channel-protocol lacp
> !
> interface Vlan999
>   description tagged vlan
>   ip address 192.168.101.1 255.255.255.0
> !
> interface Vlan1000
>   description tagged vlan
>   ip address 192.168.102.1 255.255.255.0
> !
> interface Vlan1001
>   description tagged vlan
>   ip address 192.168.103.1 255.255.255.0
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list