Virtual Interfaces and VLANs in Fedora20

Setting up VLAN interfaces in Fedora20

VLAN is an acronym for Virtual Local Area Network. Several VLANs can co-exist on a single physical switch, which are configured via Linux software and not through hardware interface (you still need to configure actual hardware switch too).

Hardware Device Requirements
• To be able to use VLANs you will need a switch that support the IEEE 802.1q standard on an Ethernet network.
• You will also need a NIC (Network Interface Card) that works with Linux and support 802.1q standard.

Setting Up 802.1q VLAN Tagging

This is based on Fedora documentation, specifically F17-System Administrators Guide http://docs.fedoraproject.org/en-US/Fedora/17/html/System_Administrators_Guide/s2-networkscripts-interfaces_802.1q-vlan-tagging.html .
• First, ensure that the 8021q kernel module is loaded with the following command:
# lsmod | grep 8021q
# modprobe 8021q
is the command to load it if no output results from the grep command above.
• Configure the physical interface by editing the /etc/sysconfig/network-scripts/ifcfg-enp0s25 file, where enp0s25 is the name of the physical interface. The configuration file for the physical interface should look as follows:
DEVICE=enp0s25

TYPE=Ethernet

BOOTPROTO=none

ONBOOT=yes

• Copy the configuration file of the physical interface to a VLAN interface configuration file by appending a .(period) character and the VLAN ID number to the VLAN interface filename:
∘ # cp /etc/sysconfig/network-scripts/ifcfg-enp0s25{,.5}
creates a new file for our VLAN interface, the ID number of which is 5 within the system-wide network directory mentioned above.
• Edit the VLAN interface configuration file so that it matches the following example:
DEVICE=enp0s25.5

BOOTPROTO=static

ONBOOT=yes
IPADDR=192.168.1.1

NETMASK=255.255.255.0

USERCTL=no

NETWORK=192.168.1.0

VLAN=yes

• Restart the networking service
∘ # systemctl restart NetworkManager.service


If the network router is acting as the DHCP server (sharing a single IP address from the ISP), restarting the networking service as mentioned above might display some messages from the router with a different IP address if it's not configured to provide a static address to the interface.

Method 2: Using the vconfig Command

The vconfig program allows you to create and remove vlan-devices on a vlan-enabled kernel. VLAN-devices are virtual ethernet devices which represent the virtual LANs on the physical LAN. To add a virtual interface with ID number 5, for example, execute:
# vconfig add enp0s25 5

# ifconfig enp0s25.5
will show the newly-created VLAN interface along with its configured parameters.
• The ifconfig command can also be used to directly assign an IP address to the VLAN interface:
∘ # ifconfig enp0s25.5 192.168.1.100 255.255.255.0 broadcast 192.168.1.255 up
• To get more detailed information about the interface execute:
∘ # cat /proc/net/vlan/enp0s25


Method 3: ip command for VLANs

∘ # ip link add link enp0s25 name enp0s25.5 type vlan id 5

∘ # ip link

∘ # ip -d link show enp0s25.5
• Once again, as with ifconfig above, assign an IP address to the VLAN interface:
∘ # ip addr add 192.168.1.200/24 brd 192.168.1.255 dev enp0s25.5

∘ # ip link set dev enp0s25.5 up
• The enp0s25 interface will handle the traffic for both, the VLAN's address as well as its own; however, the VLAN's traffic will be tagged with a VLAN ID tag 5. Only VLAN-aware devices can accept the traffic using VLAN tagging.
• To remove the VLAN tagging from the IP packets, use the following commands:
∘ # ip link set dev enp0s25.5 down

∘ # ip link delete enp0s25.5

Popular posts from this blog

Centos 7 pulseaudio

Image
Centos 7 doesn't come with an option for `awesome-wm` installation.  Therefore, the only way to make use of this light-weight tiling manager one has to enable Fedora 19 repo or build the package from source.  For the Fedora 19 repo approach, see: https://gist.github.com/ILMostro/1909a50e1858d0ee7e10 To use without GDM, GNOME's display manager, and without gnome services, one has to be aware of certain shortcomings that the gnome-services provide by default.  One such shortcoming is the lack of built-in Sound and Volume management.  Never fret, though, as there is a solution; namely, the PulseAudio-focused tools pavucontrol and pavumeter .  These packages are available from the " nux-desktop " repository available at at http://li.nux.ro/repos.html . nux-desktop My unofficial, as-is, not for profit RPM repositories for EL (RHEL, CentOS, ScientificLinux etc): These repos may or may not be up to date or behave the way you expect them to; use them at yo
Read more

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib. The code was originally based on pam_cracklib module, and the module is backwards compatible with its options. The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf . The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5) minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9) dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the
Read more

RHEL 7 and CentOS 7 syslog Rate Limit

https://access.redhat.com/solutions/1417483 In RHEL 7 there is rate-limiting both in systemd-journald and in rsyslog's imjournal module Lower Ratelimit Interval Lower the interval for rate-limiting and increase the burst level in order to minimize the possibility of losing log messages when the threshold is reached for the specified number of messages logged within the specified interval. Rate-limiting is specific to each process, so there's usually no reason to change this. It is also inadvisable to disable this feature entirely! grep -i rate /etc/systemd/journald.conf #RateLimitInterval=30s #RateLimitBurst=1000 RateLimitInterval=10s RateLimitBurst=3000 grep -i rate /etc/rsyslog.conf #$imjournalRatelimitInterval 600 <--default $imjournalRatelimitInterval 300 $imjournalRatelimitBurst 30000 journal corruption journalctl --verify journalctl --force
Read more