VLANs is a way to let multiple logical (virtual) networks share the same physical network. It is not the same as WLAN - Wireless LAN - and has nothing to do with it.

That's it!

This page is supposed to give a quick overview of VLANs, and give a few examples of using them on OpenSlug. If you want more complete information look at External links at the bottom.

What are VLANs?

VLANs is a way to let multiple logical (virtual) networks share the same physical network. It is not the same as WLAN - Wireless LAN - and has noting to do with it.

When using VLANs you can configure a switch, or multiple switches, to have tagged 'trunk' ports that carry multiple VLANs. With the correct software on Linux you can setup the VLANs as virtual interfaces.

All this requires using 802.1q vlan capable switches, and those are unfortunately quite expensive.

Why would you want VLANs?

For example routing between several networks, with a single network cable and interface.

If you want lots of Ethernet interfaces, and using lots of USB network adapters seems like a bad idea.

VLANs are often used on larger networks to separate different parts of the network to increase security and simplify management.

How?

You have to have VLANs setup on your switch, and make the slug port trunked. How to setup that is out of scope for this page. A small tip is setting the native vlan on the port (sometimes called PVID) to a VLAN you can access the slug on.

The required packages are available in the OpenSlug monotone repository. They are available in the unstable feed, and might reach stable sometime.

You need a kernel module called 8021q, available in the package kernel-image-8021q. You also need the userspace program vconfig to set up vlans, available in the package vlan.

So:
ipkg update && ipkg install vlan kernel-image-8021q

When you have them installed you need to setup the VLANs you want to use.

First modprobe the 8021q modules:

modprobe 8021q

Then use vconfig to setup your VLANs:

vconfig add eth0 10 # Public VLAN
Added VLAN with VID == 10 to IF -:eth0:-
vconfig add eth0 4 # Server VLAN
Added VLAN with VID == 4 to IF -:eth0:-
vconfig add eth0 60 # Test VLAN
Added VLAN with VID == 60 to IF -:eth0:-

Now you just have to set IP addresses on the created interfaces:

ifconfig eth0.10 192.168.8.1 netmask 255.255.248.0
ifconfig eth0.4 192.168.16.1 netmask 255.255.248.0
ifconfig eth0.60 192.168.1.1 netmask 255.255.255.0

Making it permanent

So far all we have done goes away on reboot (and that is a good thing when testing), so when we have something working we have to make it permanent.

This can of course be made in lots of ways, but this is what I recommend.

Create a file in /etc/init.d with the commands you need:

cat > /etc/init.d/vlan
#!/bin/sh
modprobe 8021q
vconfig add eth0 10
vconfig add eth0 4
vconfig add eth0 60
ifconfig eth0.10 192.168.8.1 netmask 255.255.248.0
ifconfig eth0.4 192.168.16.1 netmask 255.255.248.0
ifconfig eth0.60 192.168.1.1 netmask 255.255.255.0
^D (that is Ctrl+D)

Make the file executable by running:

chmod +x /etc/init.d/vlan

Now, to make that run after eth0 is up add the line "up /etc/init.d/vlan" in /etc/network/interfaces like this:

iface eth0 inet static
up /etc/init.d/vlan
pre-up ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
address 192.168.0.7
netmask 255.255.255.0
gateway 192.168.0.1

Thats is!

External links

Linux Journal - VLANs on Linux
http://www.linuxjournal.com/article/7268

Wikipedia - VLAN
http://en.wikipedia.org/wiki/VLAN

Wikipedia - 802.1q
http://en.wikipedia.org/wiki/802.1q

802.1Q VLAN implementation for Linux
http://www.candelatech.com/~greear/vlan.html