Linux 101 : A short introduction to Vlans
Linux, routers and switches:
With a simple addressing scheme, we could connect two networks for example, by using two interfaces on the Linux router machine - we would also need a switch in that case -
We could achieve the same by giving a unique Linux router's interface two IP addresses, using aliases for the eth0 interface, eth0:0 and eth0:1 for example.
Using the above system may cause issues, like systems getting assigned the same IP address by the dhcp server causing collisions within the network.
One elegant approach is to use Vlan IDs to separate traffic between the virtual networks.
Vlan IDs are managed on the switch. Vlans split the switch into smaller separate "mini-switches".
Vlans are configured on the switch, computers are not aware of them.
Machines on each Vlan get a set of IP addresses.
Computers on the Vlan ID=0, could get "10.20.5.0/24" addresses, and computers on the VlanID=1, could get "10.20.6.0/24" addresses, for example.
The eth0 interface on the Linux router is divided into two virtual interfaces:
- eth0.0 "10.20.5.1" with a Vlan ID=0.
- eth0.1 "10.20.6.1" with a Vlan ID=1.
Each Vlan is represented by group of ports on the switch.
We create the virtual interfaces on our Linux router and assign each one to a Vlan, using the below commands:
A Vlan capable switch integrates support for the 802.1Q protocol.
A Vlan capable switch has also Trunk ports, that will receive and send Vlan traffic to the appropriate ports based on the Vlan ID.
Vlan ID are local to switches. The switches add Vlan ID to packets to allow them to travel between between switches and routers.
Different switches and routers can identify packets based on their Vlan ID.