Linux Layer 2 VLAN Switch
Version vom 16. September 2024, 14:55 Uhr von Linkai.zhang (Diskussion | Beiträge) (→Konfiguration der Firewall)
Ziel
- Ein Layer 2 Switch soll die Netze für Admin und LAN trennen
- Die Firewall soll beide Netze routen
![Bearbeiten](javascript:editDrawio("1304654390", "linux-layer2-switch-01.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Konfiguration der Firewall
- Auf der Schnittstelle zum Switch werden zwei virtuelle Schnittellen mit den jeweiligen VLANs konfiguriert
- Die IP-Adressen der VLANs sollten die Gateways der jeweiligen Netzwerke sein
- vim /etc/network/interfaces
... auto enp0s8 iface enp0s8 inet manual auto enp0s8.1 iface enp0s8.1 inet static address 192.168.0.1/24 auto enp0s8.2 iface enp0s8.2 inet static address 192.168.168.1/24
Konfiguration des Switches
- vim /etc/network/interfaces
auto lo iface lo inet loopback # The primary network interface auto enp0s3 iface enp0s3 inet manual auto enp0s3.1 iface enp0s3.1 inet manual auto enp0s3.2 iface enp0s3.2 inet manual auto enp0s8 iface enp0s8 inet manual auto enp0s8.1 iface enp0s8.1 inet manual auto enp0s9 iface enp0s9 inet manual auto enp0s9.2 iface enp0s9.2 inet manual auto enp0s10.2 iface enp0s10.2 inet manual auto br0 iface br0 inet static address 172.16.100.2/24 gateway 172.16.100.1 bridge_vlan_aware yes bridge_ports all post-up bridge vlan delete dev enp0s9 vid 1 post-up bridge vlan delete dev enp0s10 vid 1 post-up bridge vlan delete dev enp0s3.2 vid 1 post-up bridge vlan delete dev enp0s9.2 vid 1 post-up bridge vlan delete dev enp0s10.2 vid 1 post-up bridge vlan add dev enp0s3 vid 1-2 untagged post-up bridge vlan add dev enp0s9 vid 2 pvid untagged post-up bridge vlan add dev enp0s10 vid 2 pvid untagged post-up bridge vlan add dev enp0s3.2 vid 2 pvid untagged post-up bridge vlan add dev enp0s9.2 vid 2 pvid untagged post-up bridge vlan add dev enp0s10.2 vid 2 pvid untagged
- reboot
- Die VLAN Konfiguration kann sollten dann so aussehen
- cat /proc/net/vlan/config
VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD enp0s3.1 | 1 | enp0s3 enp0s3.2 | 2 | enp0s3 enp0s8.1 | 1 | enp0s8 enp0s9.2 | 2 | enp0s9 enp0s10.2 | 2 | enp0s10
- bridge vlan
port vlan-id
enp0s3 1 Egress Untagged
2 Egress Untagged
enp0s8 1 PVID Egress Untagged
enp0s9 2 PVID Egress Untagged
enp0s10 2 PVID Egress Untagged
enp0s3.1 1 PVID Egress Untagged
enp0s3.2 2 PVID Egress Untagged
enp0s8.1 1 PVID Egress Untagged
enp0s9.2 2 PVID Egress Untagged
enp0s10.2 2 PVID Egress Untagged
br0 1 PVID Egress Untagged