VLAN (802.1q) Tagging adds an Ethernet header extention to each packet containing the VLAN ID and priority. You must be connecting to a managed switch (hubs and unmanaged switches will no work) with the ports setup for "trunk" mode to make this work. Configuring switches is a topic for another post but briefly you can configure a port to pass tagged traffic for multiple VLANs (Google VLAN and Trunking for more information).
If NIC driver is VLAN capable tagged interfaces can be configured as follows:
In /etc/sysconfig/network-scripts:
# cp ifcfg-ethX ifcfg-ethX.Y \\where X equals the interface and Y equals the VLAN number
# vi ifcfg-ethX.Y
modify the IP information as appropriate for the new VLAN and add the following line to the end:
VLAN=yes
This same procedure can be used to create 802.1Q interfaces from bonded NICs as well.
example ifcfg-bond0.5 (interface bond0 on VLAN 5):
DEVICE=bond0.5
IPADDR=10.0.70.50
NETMASK=255.255.255.0
NETWORK=10.0.70.0
BROADCAST=10.0.70.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
VLAN=yes
I have found the combination of bonding and tagging to be especially useful in blade environments. Most blade servers come standard with 2 NICs that map to two separate switch modules (or pass thru) ports. I like to configure the servers for HA but also have a need to isolate my production traffic from my Netbackup traffic. This solution has served me well.
0 comments:
Post a Comment