Virtual Interfaces and VLANs in Fedora20

Setting up VLAN interfaces in Fedora20

VLAN is an acronym for Virtual Local Area Network. Several VLANs can co-exist on a single physical switch, which are configured via Linux software and not through hardware interface (you still need to configure actual hardware switch too).

Hardware Device Requirements
• To be able to use VLANs you will need a switch that support the IEEE 802.1q standard on an Ethernet network.
• You will also need a NIC (Network Interface Card) that works with Linux and support 802.1q standard.

Setting Up 802.1q VLAN Tagging

This is based on Fedora documentation, specifically F17-System Administrators Guide http://docs.fedoraproject.org/en-US/Fedora/17/html/System_Administrators_Guide/s2-networkscripts-interfaces_802.1q-vlan-tagging.html .
• First, ensure that the 8021q kernel module is loaded with the following command:
# lsmod | grep 8021q
# modprobe 8021q
is the command to load it if no output results from the grep command above.
• Configure the physical interface by editing the /etc/sysconfig/network-scripts/ifcfg-enp0s25 file, where enp0s25 is the name of the physical interface. The configuration file for the physical interface should look as follows:
DEVICE=enp0s25

TYPE=Ethernet

BOOTPROTO=none

ONBOOT=yes

• Copy the configuration file of the physical interface to a VLAN interface configuration file by appending a .(period) character and the VLAN ID number to the VLAN interface filename:
∘ # cp /etc/sysconfig/network-scripts/ifcfg-enp0s25{,.5}
creates a new file for our VLAN interface, the ID number of which is 5 within the system-wide network directory mentioned above.
• Edit the VLAN interface configuration file so that it matches the following example:
DEVICE=enp0s25.5

BOOTPROTO=static

ONBOOT=yes
IPADDR=192.168.1.1

NETMASK=255.255.255.0

USERCTL=no

NETWORK=192.168.1.0

VLAN=yes

• Restart the networking service
∘ # systemctl restart NetworkManager.service


If the network router is acting as the DHCP server (sharing a single IP address from the ISP), restarting the networking service as mentioned above might display some messages from the router with a different IP address if it's not configured to provide a static address to the interface.

Method 2: Using the vconfig Command

The vconfig program allows you to create and remove vlan-devices on a vlan-enabled kernel. VLAN-devices are virtual ethernet devices which represent the virtual LANs on the physical LAN. To add a virtual interface with ID number 5, for example, execute:
# vconfig add enp0s25 5

# ifconfig enp0s25.5
will show the newly-created VLAN interface along with its configured parameters.
• The ifconfig command can also be used to directly assign an IP address to the VLAN interface:
∘ # ifconfig enp0s25.5 192.168.1.100 255.255.255.0 broadcast 192.168.1.255 up
• To get more detailed information about the interface execute:
∘ # cat /proc/net/vlan/enp0s25


Method 3: ip command for VLANs

∘ # ip link add link enp0s25 name enp0s25.5 type vlan id 5

∘ # ip link

∘ # ip -d link show enp0s25.5
• Once again, as with ifconfig above, assign an IP address to the VLAN interface:
∘ # ip addr add 192.168.1.200/24 brd 192.168.1.255 dev enp0s25.5

∘ # ip link set dev enp0s25.5 up
• The enp0s25 interface will handle the traffic for both, the VLAN's address as well as its own; however, the VLAN's traffic will be tagged with a VLAN ID tag 5. Only VLAN-aware devices can accept the traffic using VLAN tagging.
• To remove the VLAN tagging from the IP packets, use the following commands:
∘ # ip link set dev enp0s25.5 down

∘ # ip link delete enp0s25.5

Popular posts from this blog

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib.
The code was originally based on pam_cracklib module, and the module is backwards compatible with its options.

The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf. The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5)

minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9)

dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password. (default 1)

ucredit T…
Read more

Centos 7 pulseaudio

Image
Centos 7 doesn't come with an option for `awesome-wm` installation.  Therefore, the only way to make use of this light-weight tiling manager one has to enable Fedora 19 repo or build the package from source.  For the Fedora 19 repo approach, see:

https://gist.github.com/ILMostro/1909a50e1858d0ee7e10

To use without GDM, GNOME's display manager, and without gnome services, one has to be aware of certain shortcomings that the gnome-services provide by default.  One such shortcoming is the lack of built-in Sound and Volume management.  Never fret, though, as there is a solution; namely, the PulseAudio-focused tools pavucontrol and pavumeter.  These packages are available from the "nux-desktop" repository available at at http://li.nux.ro/repos.html .
nux-desktop My unofficial, as-is, not for profit RPM repositories for EL (RHEL, CentOS, ScientificLinux etc): These repos may or may not be up to date or behave the way you expect them to; use them at your OWN RISK!

Some of…
Read more

Password Aging and Authentication in RHEL7

As I posted in a previous note, the password policy in RHEL 7, and most other linux distributions, is handled by the dynamically-configurable PAM (Pluggable Authentication Modules) system. However, there are a number of other tools implemented in securing the RHEL system. One such tool is the shadow password suite. The shadow suite creates an additional layer of abstraction for the system's login passwords, by removing the account passwords from the /etc/passwd file to a separate file /etc/shadow;while maintaining the unobstructed use of the rest of the accounts system. The Linux Documentation Project explains it: the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.
According t…
Read more