VLAN on Linux

VLAN is a logical LAN, it means you should have different Virtual LANs on a single "Real" LAN. Local Area Network is very very popular nowadays since the 90's and since that time these networks have grown to the point their management became a headache.

The solution: "Virtual LANs" defined on network switches. The standard for VLAN was defined by IEEE like many other standards. Of course there are other vlan standards stablished by Cisco but 802.1Q from IEEE is the most common. The major of swtiches manufactures have been supported this standard since some years ago and probably if you bye a new one, it must have 802.1Q support if it has management feature.

With different VLANs your network could be dived for example between departments using one single switch. The advantages to have the network divided are: data and broadcast packages from a different VLAN can't go to another, increasing the Ehernet protocol efficiency. Since both VLANs can't see ethernet packets from the other virtual lan, to communicate these vlans with each other you should have a router with one of its network interfaces using both VLAN tags ID to see the packets and stablish a route to each other. 802.1Q uses a 4 bytes into the header of the Ethernet frame and 12 bit from these bytes to identify a specific VLAN.

In certain situations, you could need a single server network interface or even a desktop interface to work using VLAN, for example, to make a router using Linux ! This is the cheapest way to go VLAN

To have Linux working with it you must have kernel support and vlan tools. Most of recent linux distributions have support in the kernel and also have the packages available. Ubuntu 9.10 and later have it. If you have a different distribuition, please check for kernel version

First get the kernel version your system are using
sudo uname -a

If you got a version 2.6.29 or upper, your system support vlan.

That is the kernel version I was using in the time I was writing this tutorial. 2.6.31-22-generic-pae SMP

Let's install vlan now the vlan package.

On Ubuntu or Debian type:

sudo apt-get install vlan

If you're using Fedora, Centos or RHEL, type using root account:

yum install vlan

Setting up VLANs

now you have vlan package installed, it's time to create some vlans.
With vlan support into linux kernel you don't need vconfig anymore. This command is deprecated. If you see any tutorial using it, it's old and should be avoided.

To do this tutorial as a whole you must have two computers connected to each other by cable or a network switch with VLAN tag support and then set it up some ports to work using a specific vlan id (tag).
These experiments could be done using Ubuntu live CD on the two computers but you could set up windows in one of the machines since some NICs have 802.1Q support and have an option usually in the advanced configuration from the card.

Our Scenario:
VLAN  tag 10
VLAN tag  12

A laptop using Via Rhino II Fast Ethernet Card  called computer1
A desktop computer using Intel Pro/100 VE Network card  ( it has auto sense then you don't need a crossover cable to connect each other, just a simple utp cable), this will be called computer2

With both computer connected to each other let's create the first vlan.

Computer1's console

sudo   ip link add link eth0 name eth0.10 type vlan id 10
sudo ip link add link eth0 name eth0.12 type vlan id 12


Now, define IP addresses for the two devices created:
sudo ipconfig eth0.10 192.168.10.1 netmask 255.255.255.0 up
sudo ipconfig eth0.12 192.168.12.1 netmask 255.255.255.0 up


Now, at the Computer2


sudo ip link add link eth0 name eth0.10 type vlan id 10
sudo ip link add link eth0 name eth0.12 type vlan id 12 

sudo ipconfig eth0.10 192.168.10.2 netmask 255.255.255.0 up
sudo ipconfig eth0.12 192.168.12.2 netmask 255.255.255.0 up


Now we should have communication between the two computers. You could send some ICMP packets from one to the other


Computer1 console:


# ping 192.168.10.2


# ping 192.168.12.2


If everything is correct, you must see ping packets echoing.


Well, there are so many ways to do the same. Linux has many commands. In another port I'll show what you can do more with VLANs.