Ziel
- Ein Layer 2 Switch soll die Netze für Admin und LAN trennen
- Die Firewall soll beide Netze routen
Konfiguration der Firewall
Konfiguration des Switches
- vim /etc/network/interfaces
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s3
iface enp0s3 inet manual
auto enp0s3.1
iface enp0s3.1 inet manual
auto enp0s3.2
iface enp0s3.2 inet manual
auto enp0s8
iface enp0s8 inet manual
auto enp0s8.1
iface enp0s8.1 inet manual
auto enp0s9
iface enp0s9 inet manual
auto enp0s9.2
iface enp0s9.2 inet manual
auto enp0s10.2
iface enp0s10.2 inet manual
auto br0
iface br0 inet static
address 172.16.100.2/24
gateway 172.16.100.1
bridge_vlan_aware yes
bridge_ports all
post-up bridge vlan delete dev enp0s9 vid 1
post-up bridge vlan delete dev enp0s10 vid 1
post-up bridge vlan delete dev enp0s3.2 vid 1
post-up bridge vlan delete dev enp0s9.2 vid 1
post-up bridge vlan delete dev enp0s10.2 vid 1
post-up bridge vlan add dev enp0s3 vid 1-2 untagged
post-up bridge vlan add dev enp0s9 vid 2 pvid untagged
post-up bridge vlan add dev enp0s10 vid 2 pvid untagged
post-up bridge vlan add dev enp0s3.2 vid 2 pvid untagged
post-up bridge vlan add dev enp0s9.2 vid 2 pvid untagged
post-up bridge vlan add dev enp0s10.2 vid 2 pvid untagged
- reboot
- Die VLAN Konfiguration kann sollten dann so aussehen
- cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
enp0s3.1 | 1 | enp0s3
enp0s3.2 | 2 | enp0s3
enp0s8.1 | 1 | enp0s8
enp0s9.2 | 2 | enp0s9
enp0s10.2 | 2 | enp0s10
port vlan-id
enp0s3 1 Egress Untagged
2 Egress Untagged
enp0s8 1 PVID Egress Untagged
enp0s9 2 PVID Egress Untagged
enp0s10 2 PVID Egress Untagged
enp0s3.1 1 PVID Egress Untagged
enp0s3.2 2 PVID Egress Untagged
enp0s8.1 1 PVID Egress Untagged
enp0s9.2 2 PVID Egress Untagged
enp0s10.2 2 PVID Egress Untagged
br0 1 PVID Egress Untagged
![Bearbeiten](javascript:editDrawio("1352921975", "linux-layer2-switch-01.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}