Table of Contents
In our day-to-day life, we have seen LAN and WAN network architectures mostly because we have to deal with only one IP address on one interface. We either connect our system with LAN cable or with Wifi.
In this article, we will discuss the VLAN and how to create the VLAN on the Ubuntu server but let’s first understand what is VLAN and why we use VLAN.
What is VLAN
Virtual Local Area Network (VLAN) is a logical concept of breaking large broadcast domains into smaller domains. The VLAN protocol is based on IEEE 802.1Q. VLAN can be considered as a subnet. Two different subnets cannot communicate with each other without a bridge or router.
Why we use VLANs
There are many advantages of using VLAN in our network architecture mentioned the following:
- Logically devide the broadcas domain which reduces the size of the domains.
- Add additional layer of security.
- Make device management easier.
- QoS or other netowrk policies are easy to implement.
- Also make network scalable
VLAN installation.
To use VLAN in Ubuntu, install the VLAN package first. Now make sure that the Linux kernel driver (module) called 8021q is loaded. Use the following command to install VLAN:
sudo apt install vlan
If the module is not loaded after installation you can use the following command to load 8021q module.
modprobe --first-time 8021q
Verify that module is loaded by using the following command:
modinfo 8021q
The output of the above command in my setup
root@ubuntu:~# modinfo 8021q filename: /lib/modules/5.11.0-36-generic/kernel/net/8021q/8021q.ko version: 1.8 license: GPL alias: rtnl-link-vlan srcversion: 4DC720ECF732ECC695B9099 depends: mrp,garp retpoline: Y intree: Y name: 8021q vermagic: 5.11.0-36-generic SMP mod_unload modversions sig_id: PKCS#7 signer: Build time autogenerated kernel key sig_key: 5F:F6:6F:23:86:35:AB:B9:29:CC:24:05:2D:F8:3F:30:B4:4E:49:3D sig_hashalgo: sha512 signature: 44:B6:6A:63:55:DF:57:DE:BB:98:54:5C:A6:77:A3:73:4C:DE:22:10: 64:47:2F:68:54:69:F7:E2:F2:2A:B7:60:EC:C8:9C:60:23:6E:C2:80: 6D:53:12:9D:EE:B6:4B:71:09:67:81:B4:55:9B:A2:A9:FE:7D:CC:41: 4B:5C:34:70:B5:35:CD:FD:14:C5:D7:02:63:A5:29:B8:23:B3:B9:D8: BE:4C:76:8A:B9:38:92:8F:BD:5D:3D:8C:87:92:A0:F5:15:C0:DD:99: 46:0D:9C:FE:4B:33:0D:7C:6F:B6:8F:2F:C6:C6:29:A7:20:75:36:0A: DA:E6:50:E1:28:74:CF:C3:F7:9F:37:DE:96:CD:54:0C:9F:A4:6A:7F: 05:15:FE:57:E4:61:EE:8E:52:9C:13:2F:FF:03:60:A2:CB:47:49:31: A7:31:CC:F3:5C:EF:FA:61:BA:21:C7:E4:F3:B9:89:53:2E:DE:73:A8: A7:63:09:6E:1F:11:BA:D6:06:0A:04:0F:5A:DF:12:D0:17:01:97:F0: 25:04:BC:EA:81:EE:B3:77:EE:87:55:19:0B:F1:58:19:F4:38:49:29: D5:4F:14:A9:8D:40:4C:8B:ED:52:FE:65:B7:7E:CB:01:54:23:66:DC: 81:7B:47:F6:97:31:FB:36:B4:91:C8:00:98:77:E6:C6:85:E9:AB:A5: 75:8D:02:A9:EB:BC:97:C2:8A:75:63:2F:82:BE:EB:21:C2:DE:2D:7D: D2:2C:7F:26:E7:0B:BF:4A:80:D9:47:0D:EA:77:DA:BA:90:77:B9:AE: 64:2B:E9:3A:51:4F:50:88:94:AA:33:F2:00:02:83:BF:45:51:46:B0: D7:CA:6C:EB:47:47:CE:67:B5:AC:26:E6:CB:18:34:7B:38:64:59:C0: 25:67:66:B7:C0:EA:40:42:00:0D:6A:1B:49:88:8E:D3:13:04:EF:BE: 9A:11:E4:C2:4A:92:A8:BC:F9:4F:0C:53:14:55:7B:DA:30:74:FC:4B: 37:8A:0B:87:13:95:55:97:C9:60:FE:24:25:DF:E0:16:84:88:BA:0F: 9C:4E:1E:46:E4:E2:4E:DF:11:1D:81:90:68:D6:CE:BF:D9:26:E5:54: AF:C3:60:6B:92:48:71:AC:69:6D:5F:E7:F2:21:57:D0:4F:0A:5E:2C: 9F:F8:DC:7B:75:DE:C0:F6:B5:91:8F:6A:A8:B1:41:8D:41:27:CD:20: E9:2C:37:33:CD:E0:CE:92:19:D0:5E:69:E1:1B:25:29:E0:F7:CB:6B: A8:91:CA:4E:47:97:B7:58:CE:63:24:F0:2E:D7:31:9A:F2:BF:50:FD: 86:0B:75:78:0A:E9:62:1A:37:9F:70:2E root@ubuntu:~#
VLAN configuration to assign
We want to assign the following IP address to the VLAN interface.
IPaddress:192.168.100.2Subnet Mask:255.255.255.0Default gateway:192.168.100.1- VLAN ID : 100
- Device: enp1s0.100
Configure VLAN with IP command
We will first create the VLAN interface enp1s0.100. Then we will add the IP address to the interface. The following commands will be used.
sudo ip link add link enp1s0 name enp1s0.100 type vlan id 100
Use ip a command to check does above command has added the VLAN interface, the output has mentioned below:
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.201/24 brd 192.168.122.255 scope global enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe22:b28b/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::8fee:28dc:d3f2:578a/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: enp1s0.100@enp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
root@ubuntu:~#
Below mentioned command will add IP address to the VLAN interface.
sudo ip addr add 192.168.100.2/24 dev enp1s0.100
Verify
Use the ip a command to list all interfaces in the machine.
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.201/24 brd 192.168.122.255 scope global enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe22:b28b/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::8fee:28dc:d3f2:578a/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: enp1s0.100@enp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 scope global enp1s0.100
valid_lft forever preferred_lft forever
root@ubuntu:~#
This configuration is not permanent for permanent configuration use Netplan.
Configure VLAN with Netplan
Netplan related Configuration files can be found in the /etc/netplan directory. /etc/netpan directory has multiple YAML files. In our ubuntu 20.04 server the yaml file which is responsible for network configuration is named as 01-network-manager-all.yaml
The network configuration file’s name can be different in some setups this file is named as 01-netcfg.yaml and in some setup it is called 50-cloud-init.yaml
To assign a static IP address on the network interface, open the 01-network-manager-all.yaml configuration file. Configuration file look like shown in below mention snapshot
network:
ethernets:
enp1s0:
dhcp4: false
addresses:
- 192.168.122.201/24
gateway4: 192.168.122.1
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
vlans:
enp1s0.100:
id: 100
link: enp1s0
addresses: [192.168.100.2/24]
Once done, save the file and apply the changes by running the following command:
sudo netplan apply
Configure Vlan with ifconfig
In the netplan configuration, I have faced issues like Error in network definition: unknown key
The issue occurs due to bad spacing sometimes and it is quite irritating. Therefore, I prefer to configure it through ifconfig.
We can use ifconfig commands to add a new interface and to manage or play with other network configurations. However, for ifconfig command, we need to install the net-tool package in ubuntu. You can use the following command to install the package.
ubuntu@ubuntu-exp:~$ sudo apt install net-tools
Then add the following entries in /etc/network/interfaces file and save the file.
auto enp1s0.100 iface enp1s0.100 inet static address 192.168.100.2 netmask 255.255.255.0 vlan-raw-device enp1s0.100
Then run the following command to up the interface.
ifconfig enp1s0.100 up
Verify
Use the ip a command to list all interfaces in the machine.
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.201/24 brd 192.168.122.255 scope global enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe22:b28b/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::8fee:28dc:d3f2:578a/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: enp1s0.100@enp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:22:b2:8b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 scope global enp1s0.100
valid_lft forever preferred_lft forever
root@ubuntu:~#
Summary
In this article, we learned about the VLAN and how to configure the VLAN in Ubuntu 20.04. We discussed three different strategies to configure the VLAN in Ubuntu.
If you face any issues don’t hesitate to comment.
I really enjoy this template you have got going on in your site. What is the name of the design by the way? I was thinking of using this style for the blog I am going to put together for my class project.
I’ve the same problem sometimes, but I usually just force myself via it and revise later. Great luck!
Thanks for finally talking about > How to configure VLAN
network in Ubuntu – With examples bp77 login
Can the IP inside VLAN be pinged from a node which is connected to same router (the router to which host machine is connected)?
Basically, ping Node_V1 from Node_2?
|———->Router—– —–|
Node_1 Node_2
has VLAN_1
has Node_V1
Sorry, your question is not clear to me, Node_2 has IPs from which VLAN?
Assuming two scenarios to the question:
1. Node_1 has IP from VLAN_1 and Node_2 has IP from the same VLAN i.e. VLAN_1. In this scenario, they can ping each other.
2. Node_1 has IP from VLAN_1 and Node_2 has IP from a different VLAN. In this scenario they can or can’t ping each other it depends on the router’s setting, is the router allowing the routing, it’s a common case where an organization requires communicating two different VLANs
How to check vlan header in tcpdump command