wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


en:optimization:vlan:start

VLAN with IPFire

If the hardware has two physical network ports (NIC) only, e.g. eth0 and eth1 for Green & Red, additional virtual LANs for Blue and Orange can be defined and made available. In addition to your IPfire you need a switch, capable of supporting VLANs. The switch has to be configured according the settings in IPfire.

Example Network Map

Interface IP Range physical virtual
Red PPPOEX-
Green 192.168.1.0/24X-
Blue 192.168.2.0/24-X
Orange 10.0.1.0/24-X
OpenVPN 10.0.2.0/24

Relevant Files

VLAN HW allocation

# /var/ipfire/ethernet/vlans

This configuration file allows the definition of VLANs for the ipfire networks green, red, orange and blue. You can assign a VLAN-ID (between 2 and 4094) and a MAC address to each VLAN. (ID 0,1 and 4095 are reserved)

The parent device (XXX_PARENT_DEV) can be a physical NIC such as eth0 or another interface like green in the following example.

BLUE_PARENT_DEV=green0
BLUE_VLAN_ID=300
BLUE_MAC_ADDRESS=00:22:B1:B1:B1:30
ORANGE_PARENT_DEV=green0
ORANGE_VLAN_ID=400
ORANGE_MAC_ADDRESS=00:22:B1:B1:B1:40

This example will create an untagged green network and tagged orange and blue networks on the physical NIC of the green network. If you need to have tagged packets only on the NIC port (some switches cannot handle tagged and untagged on the same port), you will need to use the physical NIC (e.g. eth0) as the PARENT_DEV.

VLAN network configuration

# /var/ipfire/ethernet/settings

In this file, we configure the appropriate network ranges for the respective interfaces. This will enable the 4 networks in the WUI, too.

CONFIG_TYPE=4
GREEN_DEV=green0
GREEN_MACADDR=00:22:B1:B1:B1:B1
GREEN_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
GREEN_DRIVER=e1000e
RED_DEV=red0
RED_MACADDR=00:22:A1:A1:A1:A1
RED_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
RED_DRIVER=e1000e
GREEN_ADDRESS=192.168.1.1
GREEN_NETMASK=255.255.255.0
GREEN_NETADDRESS=192.168.1.0
GREEN_BROADCAST=192.168.1.255
BLUE_DEV=blue0
BLUE_ADDRESS=192.168.2.1
BLUE_NETMASK=255.255.255.0
BLUE_NETADDRESS=192.168.2.0
BLUE_BROADCAST=192.168.2.225
BLUE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
BLUE_DRIVER=e1000e
ORANGE_DEV=orange0
ORANGE_ADDRESS=10.0.1.1
ORANGE_NETMASK=255.255.255.0
ORANGE_NETADDRESS=10.0.1.0
ORANGE_BROADCAST=10.0.1.225
ORANGE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network Connection"'
ORANGE_DRIVER=e1000e
RED_DHCP_HOSTNAME=ipfw
RED_DHCP_FORCE_MTU=
RED_ADDRESS=0.0.0.0
RED_NETMASK=0.0.0.0
RED_TYPE=PPPOE
RED_NETADDRESS=0.0.0.0
RED_BROADCAST=255.255.255.255
DNS1=192.168.1.1
DNS2=
DEFAULT_GATEWAY=192.168.1.1

VLAN system start

After rebooting the system, ifconfig should show you the resulting interfaces:

green0    Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:B1  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33068 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4427532 (4.2 Mb)  TX bytes:59602567 (56.8 Mb)
          Interrupt:16 Memory:d0120000-d0140000 
 
blue0     Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:30  
          inet addr:192.168.2.1  Bcast:192.168.2.225  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9047 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6817 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1523088 (1.4 Mb)  TX bytes:6122127 (5.8 Mb)
 
orange0   Link encap:Ethernet  HWaddr 00:22:B1:B1:B1:40 
          inet addr:10.0.1.1  Bcast:10.0.1.225  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:271586 errors:0 dropped:0 overruns:0 frame:0
          TX packets:271586 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14982933 (14.2 Mb)  TX bytes:14982933 (14.2 Mb)
 
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:XXX.XXX.XXX.XXX  P-t-P:XXX.XXX.XXX.XXX  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1492  Metric:1
          RX packets:45197 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30590 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:56567643 (53.9 Mb)  TX bytes:3016567 (2.8 Mb)
 
red0      Link encap:Ethernet  HWaddr 00:22:A1:A1:A1:A1  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48860 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:57977321 (55.2 Mb)  TX bytes:4046398 (3.8 Mb)
          Interrupt:17 Memory:d0020000-d0040000 
 
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.0.2.1  P-t-P:10.0.2.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Enable Blue for the network

Finally, you may want to configure the “new” networks that you created with the VLANs. For example the blue network (blue0) must be enabled for the access to DNS, SMTPs, HTTPs etc., also the appropriate clients must be allowed to access the net.

Here is the description for access to blue.

More information

Translations of this page?:
en/optimization/vlan/start.txt · Last modified: 2016/07/26 15:04 by Arne.F