I am working on insert vlan tags for some client macs on outgoing packets via native vlan. I have tried nh_hooks IN, OUT and Forward but didnt get any success.
What i want is either i can add tag to packet from client to native vlan and then send it via same vlan or is it possible that i can forward native vlan packet from some client based on MAC to tagged vlan interface?
Any suggestion in netlink code or kernel level code? or is it possible to do that via ebtables based on MAC?
VLAN tagging in Linux is accomplished by using subinterfaces, e.g. ip link add link eth0 name eth0.8 type vlan id 8 adds tagged VID 8 to eth0, creating the eth0.8 subinterface.
The native VLAN is the one that's not tagged on a trunk/port, so its VLAN ID elsewhere depends on whether and how the trunk endpoints (switches) tag the frames when forwarding.
On a VLAN trunk, the VID in the tag is the VLAN the frame is running in.
PC1 ---[SW1] ----[SW2] -----[SW3] ----PC3
[sw2] ---> PC2.
[sw2 also connect to PC2.
Assume SW2 is non-IEEE 802.1q switches that does not support VLAN. SW1, SW3 do support. All PC are in VLAN 10.
What the SW1/SW3 on the trunk port will send VLAN 10 packet as untagged packet so that PC2 can understand it. When SW1/SW3 receive any frame, it will classified it as VLAN 10.
The default native VLAN is VLAN 1.
1st mistake in question: native VLAN frame/packets are send and received untagged. (no 4 bytes VLAN header).
If I understand it correctly, To forward a native VLAN untagged to a tagged VLAN will be to configure SW1 native vlan to be VLAN 10 and SW3 native VLAN to Vlan 30. PC3 is in VLAN 30. The vlan 10 will get translated to VLAN 30.
So the vlan 10 in PC1 is the same as untagged frame in PC2 and vlan 30 in PC3.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm having issues with a cisco SG550X-24 switch.
The switch is showing 100U as an administrative VLAN but not an operation VLAN. I'm unsure why this is, and plugging into this port doesn't work. The switch functions normally and other ports work fine.
Screenshot of config page attached:
cisco vlan config
1 and 19 are configured exactly and same, port 19 works fine with 100U but port 1 doesn't.
Any ideas? Is there a setting I'm missing that disables the port or VLAN?
Thanks
config-file-header
CB-BR-Radon233
v2.5.5.47 / RTESLA2.5.5_930_364_286
CLI v1.0
file SSD indicator encrypted
#
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
port jumbo-frame
vlan database
vlan 2,69,100,201
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
link-flap prevention disable
no boot host auto-config
no boot host auto-update
bonjour interface range vlan 1
hostname IMS-CB-BR-Radon233
no passwords complexity enable
username root password encrypted 777f99c04f34de13899c397960ac60d7548cfeb4 privilege 15
username cisco password encrypted ffd1c8e37222f7a9f61aec3e1179e951695fdeba privilege 15
ip ssh server
snmp-server location CB-BR-Radon233
snmp-server contact
clock timezone J 0 minutes 0
!
interface vlan 1
ip address 192.168.1.233 255.255.255.0
no ip address dhcp
!
interface vlan 2
name Phone
!
interface vlan 69
name Dirty
!
interface vlan 100
name Admin
ip address 192.168.100.233 255.255.255.0
!
interface vlan 201
name Mocap
!
interface GigabitEthernet1/0/1
no switchport
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet1/0/3
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/4
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/7
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/11
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan 1
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!
interface GigabitEthernet1/0/12
channel-group 1 mode auto
!
interface GigabitEthernet1/0/13
switchport mode trunk
switchport access vlan 100
switchport trunk allowed vlan none
!
interface GigabitEthernet1/0/19
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet1/0/24
channel-group 1 mode auto
!
interface TenGigabitEthernet1/0/1
channel-group 2 mode auto
!
interface TenGigabitEthernet1/0/2
channel-group 2 mode auto
!
interface TenGigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
switchport trunk allowed vlan 1-2,69,100,201
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface Port-Channel1
description EthTrunk
spanning-tree link-type point-to-point
switchport mode trunk
switchport general allowed vlan add 2,69,100,201 tagged
switchport general allowed vlan add 1 untagged
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface Port-Channel2
description X1Trunk
switchport mode trunk
!
exit
assuming you're using the same device and the same ethernet-cable when connecting to port 1 and port 19, correct?
would you mind to SSH into the switch and collect a "show run" for port 1 and 19?
...ok, with the config provided:
this is weird, port 1 is configured as routed port but the vlan-settings are still there.
my first try would be:
(in the ssh shell)
conf t
interface GigabitEthernet1/0/1
switchport
end
that should fix the vlan-membership.
a good practice for end-user-facing interfaces would be to add:
conf t
interface GigabitEthernet1/0/1
spanning-tree portfast
spanning-tree bpduguard enable
end
I have an application, which send periodically TCP/IP packets from a master to a slave with Time Sensitive Networking, which is implemented inside tc-taprio in Linux. Every manual tells me that I need to create a new virtual Network Interface with some VLAN ID. But actually I
Is there a way to create a virtual Interface with a VLAN ID set to 0? Or not to set a VLAN ID at all?
English wikipedia describes the VLAN ID 0 with: VLAN not set.
VLAN IDs 0x000 and 0xfff (0 and 4095) are reserved and cannot be used. Many implementations use VLID 0 for 'untagged'.
Hints about working with VLAN? I have to write a client-server program, where the client will send a packet through eth0 and the server will receive the packet on VLAN, and to send it to a concerned VLAN client should parse on which command line VLAN will receive it?
Usually there is nothing to do in the application to work with a VLAN. The VLAN is realized using a virtual network interface with its own IP address. From the perspective of the application this is not different from a real network interface with own IP address. The OS will take care about routing and encapsulation of packets and there is nothing to do from the application itself.
I have a TCP based server application on Linux that uses AF_INET socket. I would like to tag all outgoing frames with a specific Vlan ID say 10. I tried the following:
creating a virtual interface eth0.10 and assigned it an IP address 192.168.0.1. I used the IP address to bind the socket using bind().
Binding the socket to the interface eth0.10 using setsockopt().
Even after trying the above ways, I was unable to see any vlan tagged tagged frames or frames with ethtype 0x8100 on wireshark.
Kindly suggest on how to tag packets without using raw sockets.
We have one linux machine (Fedora).In our network we have multiple vlan's (Say VLAN-A, VLAN-B, VLAN-C). By default through dhcp out machine is getting ip from VLAN - A.
Now for some testing We need to configure ip of VLAN-C. But when we are assigning static IP of VLAN-C in machine, it not able to ping/connect other machines of VLAN-C
Is there any way in linux client to assign IP of VLAN-C.
The vconfig program allows you to create and remove vlan-devices on a vlan enabled kernel. Vlan-devices are virtual ethernet devices which represents the virtual lans on the physical lan.Please note that this is yet another method of configuring VLAN. If you are happy with above method no need to read below.
Add VLAN ID 5 with follwing command for eth0:
vconfig add eth0 5
The vconfig add command creates a vlan-device on eth0 which result into eth0.5 interface. You can use normal ifconfig command to see device information:
ifconfig eth0.5
Use ifconfig to assign IP address to vlan interfere :
ifconfig eth0.5 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 up
Get detailed information about VLAN interface:
cat /proc/net/vlan/eth0.5
If you wish to delete VLAN interface delete command:
ifconfig eth0.5 down
vconfig rem eth0.5