Nov 15, 2012

How To VLAN Tag Your NIC in Ubuntu Linux

I am playing with a new Fortigate firewall at my company. I talked about it in the most recent episode of Tech Chop. Well it came in the mail today and I started to configure it. Unlike my current firewall, I can't assign particular VLANs to the individual physical ports. If I want to have multiple subnets on my network, which I do, I have to create virtual VLAN interfaces under the five physical "internal" ports.

This isn't a problem once I get it into place because my core switches handle VLAN tagging, and trunk ports. The problem is configuring it without a switch because by default your computer's NIC doesn't handle VLAN tagging.

In Windows, sometimes you can download a driver for your NIC to handle VLAN tagging, but not all NICs support it. For setting up this firewall though I was using an Ubuntu laptop. Setting up VLAN tagging in Ubuntu is actually pretty easy. Here's what you do:

  • Install VLAN package on your computer:
#sudo apt-get install vlan
  • Edit your /etc/network/interfaces file so it would contain the following:
# The loopback network interface
auto lo
iface lo inet loopback
# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.

# VLAN 1
auto vlan1
iface vlan1 inet dhcp
vlan_raw_device eth0
Once that is edited, save the file and reboot. When your Ubuntu computer comes back up, as long as it is plugged into a switch or a firewall interface configured for VLAN tagging it should work fine. Also, if you need to configure a static IP address on a particular VLAN here is an example of that:

# VLAN 2
auto vlan2
iface vlan2 inet static
mtu 1500
vlan_raw_device eth0

Notice that you can tag your VLAN any way you want. If your VLAN is tagged VLAN 104 on your switch, your interface will be vlan104 in Ubuntu. Makes sense right?

The only problem I had with this is that if I wanted to change the VLAN tagging to test connectivity on the other VLANs I was setting up I had to reboot for the changes to take affect. Simply restarting the network service didn't do the trick. If you know of a better way than rebooting, let me know in the comments.

Anyway, since I was able to tag my NIC with various VLANs, I was able to test connectivity on all the virtual interfaces on my new Fortinet without having to set up another switch!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam