Configure vlans

  • Thread starter Thread starter Tomas
  • Start date Start date
T

Tomas

Guest
Hello ,

First of all , thank you for the great product.
I have a question regarding vlans.

I am using :
/etc/network/interfaces:

# network interface settings
auto lo
iface lo inet loopback

#wan nic
auto eth0
iface eth0 inet static
address x.x.x.186
netmask 255.255.255.252
gateway x.x.x.185
broadcast x.x.x.187
network x.x.x.184

# local subnet nic
auto eth1
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.21.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0


Local subnet 192.168.1.0/24 uses windows computers, i want to configure vlans( example: vlan1 windows server ip 192.168.2.1/24, vlan2 192.168.3.1, others vlan3 servers ip 192.168.100.0/24)
each VLAN can to ping another VLAN ( example:
192.168.1.0/24 ping to subnet 192.168.100.0/24 and etc.)
How to do it?
how need configured /etc/network/interfaces?
How add ip route?
thank for answer.
 
What you think about this config:

/etc/network/interfaces:

# network interface settings
auto lo
iface lo inet loopback

#wan nic
auto eth0
iface eth0 inet static
address x.x.x.186
netmask 255.255.255.252
gateway x.x.x.185
broadcast x.x.x.187
network x.x.x.184

# local subnet ( here I am using on office (every windows machine set on computer this:
ip 192.168.21.20
netmask 255.255.255.0
gateway 192.168.21.1
all works machines fine)

auto eth1
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.21.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

#now i am reconfiguring all vlans

auto eth1.1 iface eth1.1 inet static address 0.0.0.0 netmask 0.0.0.0 auto eth1.2 iface eth1.2 inet static address 0.0.0.0 netmask 0.0.0.0 auto eth1.3 iface eth1.3 inet static address 0.0.0.0 netmask 0.0.0.0 auto vmbr1 iface vmbr1 inet static address 192.168.2.1 netmask 255.255.255.0 bridge_ports eth1.1 bridge_stp off bridge_fd 0 auto vmbr2 iface vmbr2 inet static address 192.168.3.1 netmask 255.255.255.0 bridge_ports eth.1.2 bridge_stp off bridge_fd 0

auto vmbr3 iface vmbr3 inet static address 192.168.100.1 netmask 255.255.255.0 bridge_ports eth.1.3 bridge_stp off bridge_fd 0

What you think about this?I will can ping from 192.168.1.0/24 to 192.168.100.0/24 and etc.???
 
What you think about this config:

/etc/network/interfaces:

# network interface settings
auto lo
iface lo inet loopback

#wan nic
auto eth0
iface eth0 inet static
address x.x.x.186
netmask 255.255.255.252
gateway x.x.x.185
broadcast x.x.x.187
network x.x.x.184

# local subnet ( here I am using on office (every windows machine set on computer this:
ip 192.168.21.20
netmask 255.255.255.0
gateway 192.168.21.1
all works machines fine)

auto eth1
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.21.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

#now i am reconfiguring all vlans

auto eth1.1
iface eth1.1 inet static
address 0.0.0.0
netmask 0.0.0.0

auto eth1.2
iface eth1.2 inet static
address 0.0.0.0
netmask 0.0.0.0

auto eth1.3
iface eth1.3 inet static
address 0.0.0.0
netmask 0.0.0.0

auto vmbr1
iface vmbr1 inet static
address 192.168.2.1
netmask 255.255.255.0
bridge_ports eth1.1
bridge_stp off
bridge_fd 0

auto vmbr2
iface vmbr2 inet static
address 192.168.3.1
netmask 255.255.255.0
bridge_ports eth.1.2
bridge_stp off
bridge_fd 0

auto vmbr3
iface vmbr3 inet static
address 192.168.100.1
netmask 255.255.255.0
bridge_ports eth.1.3
bridge_stp off
bridge_fd 0

What you think about this?I will can ping from 192.168.1.0/24 to 192.168.100.0/24 and etc.???
 
Hi,
you use tagged and untagged traffic on the same NIC?! (vmbr0 use eth1 - the others eth1.x)
Some people have trouble with such an configuration. Better to use only tagged, or only untagged traffic.

Udo
 
If i will use tagged, that I should to set interfaces:

What you think about this config:

/etc/network/interfaces:

# network interface settings
auto lo
iface lo inet loopback

#wan nic
auto eth0
iface eth0 inet static
address x.x.x.186
netmask 255.255.255.252
gateway x.x.x.185
broadcast x.x.x.187
network x.x.x.184

# local subnet ( here I am using on office (every windows machine set on computer this:
ip 192.168.21.20
netmask 255.255.255.0
gateway 192.168.21.1
all works machines fine)

auto eth1
iface eth1 inet manual

auto vmbr4
iface vmbr0 inet static
address 192.168.21.1
netmask 255.255.255.0
bridge_ports eth1.4
bridge_stp off
bridge_fd 0

#now i am reconfiguring all vlans

auto eth1.4
iface eth1.4 inet static
address 0.0.0.0
netmask 0.0.0.0


auto eth1.1
iface eth1.1 inet static
address 0.0.0.0
netmask 0.0.0.0

auto eth1.2
iface eth1.2 inet static
address 0.0.0.0
netmask 0.0.0.0

auto eth1.3
iface eth1.3 inet static
address 0.0.0.0
netmask 0.0.0.0

auto vmbr1
iface vmbr1 inet static
address 192.168.2.1
netmask 255.255.255.0
bridge_ports eth1.1
bridge_stp off
bridge_fd 0

auto vmbr2
iface vmbr2 inet static
address 192.168.3.1
netmask 255.255.255.0
bridge_ports eth.1.2
bridge_stp off
bridge_fd 0

auto vmbr3
iface vmbr3 inet static
address 192.168.100.1
netmask 255.255.255.0
bridge_ports eth.1.3
bridge_stp off
bridge_fd 0


vmbr0 change to vmbr0
vmbr4 will be local subnet. Will it works? Will I can to ping from vlan1 ( vmbr1) ping to ohters vlan2(3,4) and etc?
 
Hi,
for routing between the networks you need an router. The pve-host isn't normaly an router (you don't need normaly on the bridges an ip-address, except on vmbr0).
You can use an HW-Router or an software-router (also an virtutal one is possible). Of course you can also switch the routing on the pve-host on but i'm a friend of a dedicated firewall-distro (i use normaly devil-linux for such things).

Udo
 
Understan. I can not be used pve-host as router, but

auto lo
iface lo inet loopback

#wan nic
auto eth0
iface eth0 inet static
address x.x.x.186
netmask 255.255.255.252
gateway x.x.x.185
broadcast x.x.x.187
network x.x.x.184

# local subnet ( here I am using on office (every windows machine set on computer this:
ip 192.168.21.20
netmask 255.255.255.0
gateway 192.168.21.1
all works machines fine)

auto eth1
iface eth1 inet manual

auto vmbr4
iface vmbr0 inet static
address 192.168.21.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

I used iptables rules (nat postrouting and other iptables) and I can ping from 21.0/24 to example www.google.ltm it is work fine). Maybe pve-host need be used ip route tables rules? What you think about it? Maybe will can ping vlan1 to other vlans...
 
You must log in or register to reply here.
Top Bottom