Defcon:Blog Keklkakl blog blag

22Jun/120

Networking with VLANs on Debian Wheezy

This is a short note on using tagged VLANs on Debian Wheezy. Setting up and using VLANs on Wheezy is slightly changed from previous versions. The most notable difference is that vconfig is finally deprecated also for Debian, and that the “vlan-raw-device” stanza is gone from configuration.

In this short document, I assume that you know how to set up VLAN trunking and -tagging on the network-equipment that your Debian-box is connected to.

By default, support for VLAN tags is not compiled into the Linux kernel. But support is available through a kernel module. So, to get VLAN tags, load the module for 802.1q:

modprobe 8021q

To manually configure a tagged VLAN onto an interface, it is preferred to use “ip link”. Use “ip link” to create a subinterface for the desired VLAN id:

ip link add link eth1 name eth1.2 type vlan id 2

If you want, you can go ahead and be creative with the name of the sub-interface:

ip link add link eth1 name vlan2 type vlan id 2

Should you end up trying to add a VLAN subinterface for a VLAN that is already configured, you'll get a nice RTNETLINK error message from the kernel:

~# ip link add link eth1 name eth1.2 type vlan id 2
~# ip link add link eth1 name vlan2 type vlan id 2
RTNETLINK answers: File exists

You may want to remove the VLAN (sub)interface. Doing so is a simple ip link delete (depending on inteface-name):

ip link delete eth1.2
# or
ip link delete vlan2

Unfortunately for those of you who want the “vlanX” form of the interface name, it seems that form is no longer supported in /etc/network/interfaces. At least, I was unable to get it to work properly in my test without setting it up as a “manual” type interface, running the ip link commands on pre-up etc.. If the system you are working on is a server or router of some sort, doing esoteric manual configuration is discouraged.

Here is a quick example of a setup where eth1 is given an address on the Native VLAN, and additionally two more VLANS, with ID 2 and 34:

auto eth1
auto eth1.2
auto eth1.34
iface eth1 inet static
        address 192.168.1.2
        netmask 255.255.255.0

iface eth1.2 inet static
        address 192.168.2.2
        netmask 255.255.255.0

iface eth1.34 inet static
        address 192.168.34.2
        netmask 255.255.255.0

Back in ye'olden days, you had to install the “vlan” package, and add 8021q to /etc/modules. With Wheezy, those operations are no longer needed. It seems Wheezy now correctly uses the “ip” command from iproute2, and in my test the 8021q module is automagically loaded when subinterfaces are detected.

Should you need aliases, the good-old “ethX:Z” syntax is supported when using ifconfig:

ifconfig eth1.34:2 10.3.3.2 netmask 255.255.255.0

However, I've not been able to get Wheezy to accept a line like “iface eth1.34:1 inet static” in /etc/network/interfaces. Trying to add that, and then do “ifup eth1.34.1” simply gives me:

Error: argument "34:1" is wrong: id is invalid
Ignoring unknown interface eth1.3:1=eth1.34:1.

Seems to me the new if-up/down scripts try to use “34:1” as the VLAN ID, when it should use “34” as VLAN ID and “1” as an alias-interface.

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


Trackbacks are disabled.