Configuring VLANs on Fedora Core
Interactive VLAN configuration is done with the
vconfig program. The
basic usage is '
vconfig add eth0 6'; this makes a new Ethernet device
eth0.6 (by default;
vconfig can change this, but you probably
don't want to). '
vconfig rem eth0.6' will then remove the VLAN.
A configured VLAN is up enough so that you can receive traffic on it. If
all you're interested in is doing things like bridging virtual machines
onto the VLAN's network, you don't need to do anything more at the host
level; otherwise, you're going to need to give the VLAN interface an
IP address somehow. I don't recommend using DHCP, because as far as I
know there's no way to tell the Fedora DHCP clients to not helpfully
/etc/resolv.conf for the new network.
(Really what one wants is a 'shut up and get me an IP address, JUST an IP address, no routes, no nothing' option for some DHCP client. But this is kind of an obscure thing, so I can understand why it's not there.)
For permanent configuration, you can create ifcfg scripts in
/etc/sysconfig/network-scripts. The minimum contents are:
DEVICE=eth0.6 VLAN=yes ONBOOT=yes
(You can say '
ONBOOT=no' if you really want to; I suppose '
whatever' is marginally less typing than doing the
VLAN=yes' bit is the important magic. With this, Fedora cracks
open the device name to conclude that this is VLAN ID 6 on eth0, and
sets it up appropriately (yet another reason not to try to change
vconfig's VLAN name format). Fedora is perfectly willing to bring up
VLANs that have no assigned IP address, and this is how I have mine set
up. I name my VLAN ifcfg files things like '
ifcfg-vlan6', but I believe
this name format is not required.
There's an alternate format for the VLAN ID and base device information:
DEVICE=vlan6 PHYSDEV=eth0 VLAN=yes ONBOOT=yes
(For VLAN ID 6 on eth0 again.)
As far as I can see, you still get a device called '
eth0.6' out of
this, not one called '
tcpdump understands VLANs and so can be used to dump the
eth0 so you can see what VLANs are actually reaching your
machine. However, just to confuse you, it will not print the VLAN
ID information unless you ask it for link-level headers with
(Although it will happily receive and dump the packets, which can be
really confusing; you need to remember to ask for '
not vlan and ...'
if you want to see just the untagged base traffic on your link.)
Because VLAN devices are regular Ethernet devices, you can use
tcpdump on them to see just traffic for that particular VLAN.
This traffic is naturally already detagged.
(This is the kind of entry I write so that I have all of this information in one place the next time I need it.)