Popular Posts
| Sun x4 PCI-Express Quad Gigabit Ethernet UTP Adapter User’s Guide |
Linux To enable VLAN tagging, you need two things: the vlan rpm (e.g., vlan-1.8-23) and the 8021q kernel module. Once installed, the vconfig command can be used to create VLAN interfaces on an existing physical device. For more info, see the vconfig(8) man page.
| C H A P T E R 7 |
| Configuring VLANs |
This chapter describes how to configure VLANs.
This chapter contains the following sections:
| Note - If you change any of the VLAN configuration parameters, you must reboot the system before the changes take effect. If you make changes and do not reboot, you might experience configuration problems. |
VLAN Overview
With multiple VLANs on an adapter, a server with a single adapter can have a logical presence on multiple IP subnets. By default, 128 VLANs can be defined for each VLAN-aware adapter on your server. However, this number can be increased by changing the system parameters.
If your network does not require multiple VLANs, you can use the default configuration, in which case no further configuration is necessary.
VLANs enable you to split your physical LAN into logical subparts, providing an essential tool for increasing the efficiency and flexibility of your network.
VLANs are commonly used to separate groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among each logical segment. Each defined VLAN behaves as its own separate network, with its traffic and broadcasts isolated from the others, increasing the bandwidth efficiency within each logical group.
Although VLANs are commonly used to create individual broadcast domains or separate IP subnets, it can be useful for a server to have a presence on more than one VLAN simultaneously. Several Sun products support multiple VLANs on a per-port or per-interface basis, allowing very flexible network configurations.
FIGURE 7-1 shows an example network that uses VLANs.
FIGURE 7-1 Example of Servers Supporting Multiple VLANs With Tagging Adapters
The example network has the following features:
The physical LAN network consists of a switch, two servers, and five clients. The LAN is logically organized into three different VLANs, each representing a different IP subnet.
- VLAN 1 is an IP subnet consisting of the Main Server, Client 3, and Client 5. This represents an engineering group.
- VLAN 2 includes the Main Server, Clients 1 and 2 by means of a shared media segment, and Client 5. This is a software development group.
- VLAN 3 includes the Main Server, the Accounting Server, and Client 4. This is an accounting group.
The Main Server is a high-use server that needs to be accessed from all VLANs and IP subnets. The server has a Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter installed. All three IP subnets are accessed by means of the single physical adapter interface. The server is attached to one of the switch’s Gigabit Ethernet ports, which is configured for VLANs 1, 2, and 3. Both the adapter and the connected switch port have tagging turned on. Because of the tagging VLAN capabilities of both devices, the sever is able to communicate on all three IP subnets in this network, but continues to maintain broadcast separation between all of those subnets. The following list describes the components of this network:
- The Accounting Server is available to only VLAN 3. The Accounting Server is isolated from all traffic on VLANs 1 and 2. The switch port connected to the server has tagging turned off.
- Clients 1 and 2 are attached to a shared media hub that is then connected to the switch. Clients 1 and 2 belong only to VLAN 2, and are logically in the same IP subnet as the Main Server and Client 5. The switch port connected to this segment has tagging turned off.
- Client 3 is a member of VLAN 1, and can communicate only with the Main Server and Client 5. Tagging is not enabled on Client 3’s switch port.
- Client 4 is a member of VLAN 3, and can communicate only with the servers. Tagging is not enabled on Client 4’s switch port.
- Client 5 is a member of both VLANs 1 and 2, and has a Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter installed. Client 5 is connected to switch port 10. Both the adapter and the switch port are configured for VLANs 1 and 2, and have tagging enabled.
VLAN tagging is only required to be enabled on switch ports that create trunk links to other VLAN-aware Ethernet switches, or on ports connected to tag-capable end-stations, such as servers or workstations with VLAN-aware adapters.
Configuring VLANs
VLANs can be created according to various criteria, but each VLAN must be assigned a VLAN tag or VLAN ID (VID). The VID is a 12-bit identifier between 1 and 4094 that identifies a unique VLAN. For each network interface (e1000g0, e1000g1, e1000g2, and so on), 4094 possible VLAN IDs can be selected for each port.
Tagging an Ethernet frame requires the addition of a tag header to the frame. The header is inserted immediately following the destination MAC address and the source MAC address. The tag header consists of two bytes of Ethernet Tag Protocol identifier (TPID, 0x8100) and two bytes of tag control information (TCI). FIGURE 7-2 shows the Ethernet tag header format.
FIGURE 7-2 Ethernet Tag Header Format
By default a single VLAN is configured for every port, which groups all ports into the same broadcast domain, just as if there were no VLANs at all. This means that VLAN tagging for the switch port is turned off.
| Note - If you configure a VLAN virtual device for an adapter, all traffic sent or received by that adapter must be in VLAN-tagged format. |
To Configure Static VLANs in the Oracle Solaris x86 Environment |
1. Create one hostname.e1000gnumber file for each VLAN that will be configured for each adapter on the server.
Use the following naming format, which includes both the VID and the physical point of attachment (PPA):
VLAN logical PPA = 1000 * VID + Device PPA
123000 = 1000*123 + 0
So the VLAN interface will be e1000g123000.
This format limits the maximum number of PPAs (instances) you can configure to 1000 in the /etc/path_to_inst file.
For example, on a server with the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter having an instance of 0, belonging to a member of two VLANs, with VID 123 and 224, you would use e1000123000 and e1000g224000, respectively, as the two VLAN PPAs.
2. Use the ifconfig(1M) to configure a VLAN virtual device, for example:
The output of ifconfig -a on a system having VLAN devices e1000g123000 and e1000g224000:
3. On the switch, set VLAN tagging and set VLAN ports to coincide with the VLANs you have set up on the server.
Using the examples in Step 2, you would set up VLAN ports 123 and 224 on the switch.
Refer to the documentation that came with your switch for specific instructions for setting VLAN tagging and ports.
To Configure VLANs in a Linux Environment |
1. Ensure that the e1000g module is loaded:
2. Plumb the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter interface:
Gba roms. Download Pokemon - Emerald Version ROM for Gameboy Advance(GBA) and Play Pokemon - Emerald Version Video Game on your PC, Mac, Android or iOS device! Pokemon - Emerald Version ROM Download for Gameboy Advance (GBA) console. Play Pokemon - Emerald Version (USA) ROM on an emulator or online for free. Works on PC/Windows, Mac, and mobile devices.
where xxx.xxx.xx.xxx = the IP address of the interface.
3. Add the VLAN instance (VID).
For example:
where eth6 is the interface and 5 is the VID.
| Note - In Linux system, you can use any single digit as the VID. |
4. Configure the e1000 VLAN (eth2 in this example):
where xxx.xxx.xx.xxx = the IP address of the interface.
To Configure VLANs in a Microsoft Windows 2003 Environment |
1. Click on Control Panel.
2. Click on Network Connection.
3. Click on the folder icon from the sub-manuel bar.
4. Right click on the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter port, then select Properties.
5. Click on Configure.
6. Click on VLAN, then click on New.
7. Enter the VLAN with ID, for example Vlan10
8. Click on Internet Protocol(TCP/IP).
9. Click on Use the following IP address.
10. Enter the IP address.
11. Click on Subnet Mask and 255.255.255.0 will show up.
12. Click on OK.
13. Repeat Step 3 through Step 10 until all the network ports are VLAN configured.
| Note - Ensure that the firewall is turned off, or VLAN will not work. |
Configuring Bonding for Multiple Interfaces
To Configure Bonding for Multiple e1000 Interfaces |
1. Use the modprobe command to configure the mode:
where:
- max_bonds is the number of bond interfaces to be created.
- mode specifies the bonding policy. (This example uses balance-rr.)
2. Use the ifconfig command to create the bond:
where:
- bond0 is the bonding device.
3. Configure the bond0 interface.
In this example, bond0 is the master of two slaves:.
Refer to Linux documentation for more information.
To Remove Bonding: |
Use the rmmod command to remove bonding:
| Sun x4 PCI-Express Quad Gigabit Ethernet UTP Adapter User’s Guide | 819-7573-13 |
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Document your code
Every project on GitHub comes with a version-controlled wiki to give your documentation the high level of care it deserves. It’s easy to create well-maintained, Markdown or rich text documentation alongside your code.
Sign up for free See pricing for teams and enterprisesConcept
- Ethernet Bridge
- the Software L2 switch analogous to a physical Ethernet Switch that forwards L2 packets back and forth, which can be used to connect multiple Ethernet Interfaces (either physical or virtual, e.g. eth0, eth1, eth0.2) on a single machine while sharing a single IP subnet
- essentially involves combining an Ethernet Interface with one or more virtual TAP interfaces and bridging them together under the umbrella of a single Bridge Interface
- Ethernet Interface: network traffic flows on the interface
- VLAN: a virtual LAN, as specified by the IEEE 802.1q standard, is a method for segregating network traffic within a bridged LAN infrastructure
Reference Sites
- IBM\'s KVM Guests networking howto and important things for security
- preventing some attacks such as MAC address spoofing: using ebtables
- Ethernet bridging with KVM guests can be risky: here
Prerequisites
Linux Bridge Configuration
- DHCP configuration
- Static configuration
Linux LAN Configuration
- after setting up Bridge and LAN configurations, service network restart or /etc/init.d/network restart
Linux Bridge Status
VLAN
- is a virtual LAN grouping some computers from actual LAN without using any switch or router
- only needs software, and can also be created using hardware
Creating VLAN
- make VLAN device (id=2) in parallel to, at the same time as the original eth0 device
- make VLAN device (id=2) in parallel to, at the same time as the original eth0 device on Bridge br0
Prerequisites
- Ensure that each guest OS has an IP address or FQDN
- Ensure that the host and guest OSes are connected to a VLAN-capable network switch and infrastructure
- Identify the VLAN IDs for assigning to each guest
- Explicitly configure the external network infrastructure to allow traffic from those VLANs to the KVM host:
- Configure the network switch connected to the KVM host
- Qualify the physical port on the host as a trunk (carries multiple VLANs) and a tagged (accepts tagged frames) port
- Allow traffic to necessary VLAN IDs
- Create the virtual bridge in the KVM host. Avoid mixing different VLANs in a single bridge
- Create a file named ifcfg- in the /etc/sysconfig/network-scripts/ path to create a permanent bridge configuration, where is the bridge name. The following example specifies a br_v19 bridge with a file named /etc/sysconfig/network-scripts/ifcfg-br_v19:
- If there are multiple guests participating in the same VLAN ID (even if they use separate bridges), disable Netfilter processing in bridging devices by appending the following lines to the /etc/sysctl.conf file:
- Reload the kernel parameters with the sysctl command:
- Configure one or more subinterfaces from the main, physical network interface (trunk). The following example configures the subinterface eth0.19 that is assigned to VLAN ID 19. The bridge strips the VLAN tags from ingress traffic and assign tags to egress packets. Stripping the VLAN tags is optional.
- Start interface:
- With the bridge interface running, adjust each guest configuration, assigning interfaces to their respective bridge or VLAN as follows:
- Restart the modified guests for changes to take effect
- Assign a separate IP address to the guest OS for its network connection to work
Linux WLAN Configuration
- Wireless LAN configuration scripts (basic network service)
for CentOS 7: refer to:[https://www.howtoforge.com/vnc-server-installation-on-centos-7]
Clone this wiki locally
| Sun x4 PCI-Express Quad Gigabit Ethernet UTP Adapter User’s Guide |
Linux To enable VLAN tagging, you need two things: the vlan rpm (e.g., vlan-1.8-23) and the 8021q kernel module. Once installed, the vconfig command can be used to create VLAN interfaces on an existing physical device. For more info, see the vconfig(8) man page.
| C H A P T E R 7 |
| Configuring VLANs |
This chapter describes how to configure VLANs.
This chapter contains the following sections:
| Note - If you change any of the VLAN configuration parameters, you must reboot the system before the changes take effect. If you make changes and do not reboot, you might experience configuration problems. |
VLAN Overview
With multiple VLANs on an adapter, a server with a single adapter can have a logical presence on multiple IP subnets. By default, 128 VLANs can be defined for each VLAN-aware adapter on your server. However, this number can be increased by changing the system parameters.
If your network does not require multiple VLANs, you can use the default configuration, in which case no further configuration is necessary.
VLANs enable you to split your physical LAN into logical subparts, providing an essential tool for increasing the efficiency and flexibility of your network.
VLANs are commonly used to separate groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among each logical segment. Each defined VLAN behaves as its own separate network, with its traffic and broadcasts isolated from the others, increasing the bandwidth efficiency within each logical group.
Although VLANs are commonly used to create individual broadcast domains or separate IP subnets, it can be useful for a server to have a presence on more than one VLAN simultaneously. Several Sun products support multiple VLANs on a per-port or per-interface basis, allowing very flexible network configurations.
FIGURE 7-1 shows an example network that uses VLANs.
FIGURE 7-1 Example of Servers Supporting Multiple VLANs With Tagging Adapters
The example network has the following features:
The physical LAN network consists of a switch, two servers, and five clients. The LAN is logically organized into three different VLANs, each representing a different IP subnet.
- VLAN 1 is an IP subnet consisting of the Main Server, Client 3, and Client 5. This represents an engineering group.
- VLAN 2 includes the Main Server, Clients 1 and 2 by means of a shared media segment, and Client 5. This is a software development group.
- VLAN 3 includes the Main Server, the Accounting Server, and Client 4. This is an accounting group.
The Main Server is a high-use server that needs to be accessed from all VLANs and IP subnets. The server has a Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter installed. All three IP subnets are accessed by means of the single physical adapter interface. The server is attached to one of the switch’s Gigabit Ethernet ports, which is configured for VLANs 1, 2, and 3. Both the adapter and the connected switch port have tagging turned on. Because of the tagging VLAN capabilities of both devices, the sever is able to communicate on all three IP subnets in this network, but continues to maintain broadcast separation between all of those subnets. The following list describes the components of this network:
- The Accounting Server is available to only VLAN 3. The Accounting Server is isolated from all traffic on VLANs 1 and 2. The switch port connected to the server has tagging turned off.
- Clients 1 and 2 are attached to a shared media hub that is then connected to the switch. Clients 1 and 2 belong only to VLAN 2, and are logically in the same IP subnet as the Main Server and Client 5. The switch port connected to this segment has tagging turned off.
- Client 3 is a member of VLAN 1, and can communicate only with the Main Server and Client 5. Tagging is not enabled on Client 3’s switch port.
- Client 4 is a member of VLAN 3, and can communicate only with the servers. Tagging is not enabled on Client 4’s switch port.
- Client 5 is a member of both VLANs 1 and 2, and has a Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter installed. Client 5 is connected to switch port 10. Both the adapter and the switch port are configured for VLANs 1 and 2, and have tagging enabled.
VLAN tagging is only required to be enabled on switch ports that create trunk links to other VLAN-aware Ethernet switches, or on ports connected to tag-capable end-stations, such as servers or workstations with VLAN-aware adapters.
Configuring VLANs
VLANs can be created according to various criteria, but each VLAN must be assigned a VLAN tag or VLAN ID (VID). The VID is a 12-bit identifier between 1 and 4094 that identifies a unique VLAN. For each network interface (e1000g0, e1000g1, e1000g2, and so on), 4094 possible VLAN IDs can be selected for each port.
Tagging an Ethernet frame requires the addition of a tag header to the frame. The header is inserted immediately following the destination MAC address and the source MAC address. The tag header consists of two bytes of Ethernet Tag Protocol identifier (TPID, 0x8100) and two bytes of tag control information (TCI). FIGURE 7-2 shows the Ethernet tag header format.
FIGURE 7-2 Ethernet Tag Header Format
By default a single VLAN is configured for every port, which groups all ports into the same broadcast domain, just as if there were no VLANs at all. This means that VLAN tagging for the switch port is turned off.
| Note - If you configure a VLAN virtual device for an adapter, all traffic sent or received by that adapter must be in VLAN-tagged format. |
To Configure Static VLANs in the Oracle Solaris x86 Environment |
1. Create one hostname.e1000gnumber file for each VLAN that will be configured for each adapter on the server.
Use the following naming format, which includes both the VID and the physical point of attachment (PPA):
VLAN logical PPA = 1000 * VID + Device PPA
123000 = 1000*123 + 0
So the VLAN interface will be e1000g123000.
This format limits the maximum number of PPAs (instances) you can configure to 1000 in the /etc/path_to_inst file.
For example, on a server with the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter having an instance of 0, belonging to a member of two VLANs, with VID 123 and 224, you would use e1000123000 and e1000g224000, respectively, as the two VLAN PPAs.
2. Use the ifconfig(1M) to configure a VLAN virtual device, for example:
The output of ifconfig -a on a system having VLAN devices e1000g123000 and e1000g224000:
3. On the switch, set VLAN tagging and set VLAN ports to coincide with the VLANs you have set up on the server.
Using the examples in Step 2, you would set up VLAN ports 123 and 224 on the switch.
Refer to the documentation that came with your switch for specific instructions for setting VLAN tagging and ports.
To Configure VLANs in a Linux Environment |
1. Ensure that the e1000g module is loaded:
2. Plumb the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter interface:
Gba roms. Download Pokemon - Emerald Version ROM for Gameboy Advance(GBA) and Play Pokemon - Emerald Version Video Game on your PC, Mac, Android or iOS device! Pokemon - Emerald Version ROM Download for Gameboy Advance (GBA) console. Play Pokemon - Emerald Version (USA) ROM on an emulator or online for free. Works on PC/Windows, Mac, and mobile devices.
where xxx.xxx.xx.xxx = the IP address of the interface.
3. Add the VLAN instance (VID).
For example:
where eth6 is the interface and 5 is the VID.
| Note - In Linux system, you can use any single digit as the VID. |
4. Configure the e1000 VLAN (eth2 in this example):
where xxx.xxx.xx.xxx = the IP address of the interface.
To Configure VLANs in a Microsoft Windows 2003 Environment |
1. Click on Control Panel.
2. Click on Network Connection.
3. Click on the folder icon from the sub-manuel bar.
4. Right click on the Sun x4 PCI-Express Quad Gigabit Ethernet UTP Low Profile adapter port, then select Properties.
5. Click on Configure.
6. Click on VLAN, then click on New.
7. Enter the VLAN with ID, for example Vlan10
8. Click on Internet Protocol(TCP/IP).
9. Click on Use the following IP address.
10. Enter the IP address.
11. Click on Subnet Mask and 255.255.255.0 will show up.
12. Click on OK.
13. Repeat Step 3 through Step 10 until all the network ports are VLAN configured.
| Note - Ensure that the firewall is turned off, or VLAN will not work. |
Configuring Bonding for Multiple Interfaces
To Configure Bonding for Multiple e1000 Interfaces |
1. Use the modprobe command to configure the mode:
where:
- max_bonds is the number of bond interfaces to be created.
- mode specifies the bonding policy. (This example uses balance-rr.)
2. Use the ifconfig command to create the bond:
where:
- bond0 is the bonding device.
3. Configure the bond0 interface.
In this example, bond0 is the master of two slaves:.
Refer to Linux documentation for more information.
To Remove Bonding: |
Use the rmmod command to remove bonding:
| Sun x4 PCI-Express Quad Gigabit Ethernet UTP Adapter User’s Guide | 819-7573-13 |
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Document your code
Every project on GitHub comes with a version-controlled wiki to give your documentation the high level of care it deserves. It’s easy to create well-maintained, Markdown or rich text documentation alongside your code.
Sign up for free See pricing for teams and enterprisesConcept
- Ethernet Bridge
- the Software L2 switch analogous to a physical Ethernet Switch that forwards L2 packets back and forth, which can be used to connect multiple Ethernet Interfaces (either physical or virtual, e.g. eth0, eth1, eth0.2) on a single machine while sharing a single IP subnet
- essentially involves combining an Ethernet Interface with one or more virtual TAP interfaces and bridging them together under the umbrella of a single Bridge Interface
- Ethernet Interface: network traffic flows on the interface
- VLAN: a virtual LAN, as specified by the IEEE 802.1q standard, is a method for segregating network traffic within a bridged LAN infrastructure
Reference Sites
- IBM\'s KVM Guests networking howto and important things for security
- preventing some attacks such as MAC address spoofing: using ebtables
- Ethernet bridging with KVM guests can be risky: here
Prerequisites
Linux Bridge Configuration
- DHCP configuration
- Static configuration
Linux LAN Configuration
- after setting up Bridge and LAN configurations, service network restart or /etc/init.d/network restart
Linux Bridge Status
VLAN
- is a virtual LAN grouping some computers from actual LAN without using any switch or router
- only needs software, and can also be created using hardware
Creating VLAN
- make VLAN device (id=2) in parallel to, at the same time as the original eth0 device
- make VLAN device (id=2) in parallel to, at the same time as the original eth0 device on Bridge br0
Prerequisites
- Ensure that each guest OS has an IP address or FQDN
- Ensure that the host and guest OSes are connected to a VLAN-capable network switch and infrastructure
- Identify the VLAN IDs for assigning to each guest
- Explicitly configure the external network infrastructure to allow traffic from those VLANs to the KVM host:
- Configure the network switch connected to the KVM host
- Qualify the physical port on the host as a trunk (carries multiple VLANs) and a tagged (accepts tagged frames) port
- Allow traffic to necessary VLAN IDs
- Create the virtual bridge in the KVM host. Avoid mixing different VLANs in a single bridge
- Create a file named ifcfg- in the /etc/sysconfig/network-scripts/ path to create a permanent bridge configuration, where is the bridge name. The following example specifies a br_v19 bridge with a file named /etc/sysconfig/network-scripts/ifcfg-br_v19:
- If there are multiple guests participating in the same VLAN ID (even if they use separate bridges), disable Netfilter processing in bridging devices by appending the following lines to the /etc/sysctl.conf file:
- Reload the kernel parameters with the sysctl command:
- Configure one or more subinterfaces from the main, physical network interface (trunk). The following example configures the subinterface eth0.19 that is assigned to VLAN ID 19. The bridge strips the VLAN tags from ingress traffic and assign tags to egress packets. Stripping the VLAN tags is optional.
- Start interface:
- With the bridge interface running, adjust each guest configuration, assigning interfaces to their respective bridge or VLAN as follows:
- Restart the modified guests for changes to take effect
- Assign a separate IP address to the guest OS for its network connection to work
Linux WLAN Configuration
- Wireless LAN configuration scripts (basic network service)
for CentOS 7: refer to:[https://www.howtoforge.com/vnc-server-installation-on-centos-7]