RHEL7配置vlan的几种方法
daneon
关注2018.09.15阅 10160rhel7中根据是否启用了NetworkManager服务,有2种配置vlan的方法,外加使用ip命令,一共是3种方法:
1 如果启用了NetworkManager:方法1:使用nmtui图形化工具来配置;方法2:使用nmcli命令行来配置:nmcli connection add type vlan ifname eth0.10 con-name myvlan id 10 dev eth0 ip4 192.168.1.10/24 gw4 192.168.1.1
2 如果没有启用NetworkManager:直接修改网卡的配置文件
3 使用ip命令来配置vlan:ip link add link eth0 name eth0.8 type vlan id 8;ip -d link show eth0.8;删除vlan接口ip link delete eth0.8
本项目中由于安全加固关闭了NetworkManager服务,因此采用第2种方式来配置vlan
注意:
1 要创建vlan,需要在上级接口中创建一个接口,使vlan接口为数据包添加vlan标记,对返回的包取消标记
2 如果绑定接口的配置文件中有fail_over_mac=follow,那该绑定接口不支持配置vlan接口
3 配置vlan的接口需要上联交换机进行配置vlan或者trunk
4 如果使用ip命令来配置vlan,当reboot后,配置会丢失;直接修改配置文件的方法在reboot后不会丢失配置
需求:
在p5p1端口上配置vlan 300,指定到36个地址的静态路由(这里不举例,和rhel6中配置一样,也是在/etc/sysconfig/static-route中配置)
在p5p2端口上配置vlan 400,默认网关在该接口上
以下为配置步骤
step1:加载模块
modprobe --first-time 8021q
modinfo 8021q
注意:配置好了vlan,重启后系统也会自动加载8021q模块
step2:配置vlan接口
先配置上级接口p5p1和p5p2 ##p5p2和p5p1配置一样,这里就不贴了
more ifcfg-p5p1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=p5p1
#UUID=5ef13abe-d107-4672-bcb2-6415e8ca07d6
DEVICE=p5p1
ONBOOT=yes
#IPADDR=XXXXXX
#NETMASK=XXXXXX
必须要注释掉IP和netmask,这两个需要配置在vlan端口上
之后配置vlan接口
vim ifcfg-p5p1.300 ##p5p1是上级接口,vlan id为300
DEVICE=p5p1.300
BOOTPROTO=none
ONBOOT=yes
IPADDR=XXXXXX
NETMASK=XXXXXX
VLAN=yes
vim ifcfg-p5p2.400 ##p5p2是上级接口,vlan id为400.我这里是两个物理网口,每个物理网口配置一个vlan
DEVICE=p5p2.400
BOOTPROTO=none
ONBOOT=yes
IPADDR=XXXXXX
NETMASK=XXXXXX
GATEWAY=XXXXXX
VLAN=yes
step3:重启网络服务
systemctl restart network
注意:
物理设备或者vlan接口配置BOOTPROTO=static或者是none都可以,详见https://access.redhat.com/solutions/39674
如果在一个物理接口上需要配置多个vlan,只需要在添加ifcfg-p5p1.500即可
step4:查看vlan配置信息
ip a
6: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b696:91ff:fe1d:6d84/64 scope link
valid_lft forever preferred_lft forever
7: p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b696:91ff:fe1d:6d86/64 scope link
valid_lft forever preferred_lft forever
12: p5p1.300@p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff
inet XXXXXX brd XXXXXX scope global p5p1.300
valid_lft forever preferred_lft forever
inet6 fe80::b696:91ff:fe1d:6d84/64 scope link
valid_lft forever preferred_lft forever
13: p5p2.400@p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff
inet XXXXXX brd XXXXXX scope global p5p2.400
valid_lft forever preferred_lft forever
inet6 fe80::b696:91ff:fe1d:6d86/64 scope link
valid_lft forever preferred_lft forever
cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
p5p1.300 | 300 | p5p1
p5p2.400 | 400 | p5p2
cat /proc/net/vlan/p5p1.300
p5p1.300 VID: 300 REORDER_HDR: 1 dev->priv_flags: 1
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0
total frames transmitted 25
total bytes transmitted 3802
Device: p5p1
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
cat /proc/net/vlan/p5p2.400
p5p2.400 VID: 400 REORDER_HDR: 1 dev->priv_flags: 1
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0
total frames transmitted 25
total bytes transmitted 3814
Device: p5p2
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
#################################
如果启用了NetworkManager服务,还可以使用如下命令查看vlan信息
[root@test ~]# nmcli con show
NAME UUID TYPE DEVICE
team0 slave 1 b643da79-127d-4b91-b68b-73376640543d 802-3-ethernet eth1
team0.10 92c61b73-bddb-4fa3-9dda-549618a51dc9 vlan --
team0 slave 0 780454b4-9b00-4cc4-901d-4c657dfe6d84 802-3-ethernet eth0
vlan10 c1711904-5ddc-4efe-930a-11061141970e vlan vlan10
VLAN connection team0.1001 9f26912d-7690-463a-ad8d-367e7bb38955 vlan team0.1001
Team connection team0 ebc808b8-f81e-4838-8fbd-0b28a2a81ad5 team team0
VLAN connection team0.10 b50bc16b-952d-4572-abb0-10f262c61f0d vlan --
也可以查看nmcli -p con show vlan12
rhel7中根据是否启用了NetworkManager服务,有2种配置vlan的方法,外加使用ip命令,一共是3种方法:
1 如果启用了NetworkManager:方法1:使用nmtui图形化工具来配置;方法2:使用nmcli命令行来配置:nmcli connection add type vlan ifname eth0.10 con-name myvlan id 10 dev eth0 ip4 192.168.1.10/24 gw4 192.168.1.1
2 如果没有启用NetworkManager:直接修改网卡的配置文件
3 使用ip命令来配置vlan:ip link add link eth0 name eth0.8 type vlan id 8;ip -d link show eth0.8;删除vlan接口ip link delete eth0.8
本项目中由于安全加固关闭了NetworkManager服务,因此采用第2种方式来配置vlan
注意:
1 要创建vlan,需要在上级接口中创建一个接口,使vlan接口为数据包添加vlan标记,对返回的包取消标记
2 如果绑定接口的配置文件中有fail_over_mac=follow,那该绑定接口不支持配置vlan接口
3 配置vlan的接口需要上联交换机进行配置vlan或者trunk
4 如果使用ip命令来配置vlan,当reboot后,配置会丢失;直接修改配置文件的方法在reboot后不会丢失配置
需求:
在p5p1端口上配置vlan 300,指定到36个地址的静态路由(这里不举例,和rhel6中配置一样,也是在/etc/sysconfig/static-route中配置)
在p5p2端口上配置vlan 400,默认网关在该接口上
以下为配置步骤
step1:加载模块
modprobe --first-time 8021q
modinfo 8021q
注意:配置好了vlan,重启后系统也会自动加载8021q模块
step2:配置vlan接口
先配置上级接口p5p1和p5p2 ##p5p2和p5p1配置一样,这里就不贴了
more ifcfg-p5p1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=p5p1
#UUID=5ef13abe-d107-4672-bcb2-6415e8ca07d6
DEVICE=p5p1
ONBOOT=yes
#IPADDR=XXXXXX
#NETMASK=XXXXXX
必须要注释掉IP和netmask,这两个需要配置在vlan端口上
之后配置vlan接口
vim ifcfg-p5p1.300 ##p5p1是上级接口,vlan id为300
DEVICE=p5p1.300
BOOTPROTO=none
ONBOOT=yes
IPADDR=XXXXXX
NETMASK=XXXXXX
VLAN=yes
vim ifcfg-p5p2.400 ##p5p2是上级接口,vlan id为400.我这里是两个物理网口,每个物理网口配置一个vlan
DEVICE=p5p2.400
BOOTPROTO=none
ONBOOT=yes
IPADDR=XXXXXX
NETMASK=XXXXXX
GATEWAY=XXXXXX
VLAN=yes
step3:重启网络服务
systemctl restart network
注意:
物理设备或者vlan接口配置BOOTPROTO=static或者是none都可以,详见https://access.redhat.com/solutions/39674
如果在一个物理接口上需要配置多个vlan,只需要在添加ifcfg-p5p1.500即可
step4:查看vlan配置信息
ip a
6: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b696:91ff:fe1d:6d84/64 scope link
valid_lft forever preferred_lft forever
7: p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b696:91ff:fe1d:6d86/64 scope link
valid_lft forever preferred_lft forever
12: p5p1.300@p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff
inet XXXXXX brd XXXXXX scope global p5p1.300
valid_lft forever preferred_lft forever
inet6 fe80::b696:91ff:fe1d:6d84/64 scope link
valid_lft forever preferred_lft forever
13: p5p2.400@p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff
inet XXXXXX brd XXXXXX scope global p5p2.400
valid_lft forever preferred_lft forever
inet6 fe80::b696:91ff:fe1d:6d86/64 scope link
valid_lft forever preferred_lft forever
cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
p5p1.300 | 300 | p5p1
p5p2.400 | 400 | p5p2
cat /proc/net/vlan/p5p1.300
p5p1.300 VID: 300 REORDER_HDR: 1 dev->priv_flags: 1
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0
total frames transmitted 25
total bytes transmitted 3802
Device: p5p1
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
cat /proc/net/vlan/p5p2.400
p5p2.400 VID: 400 REORDER_HDR: 1 dev->priv_flags: 1
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0
total frames transmitted 25
total bytes transmitted 3814
Device: p5p2
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
#################################
如果启用了NetworkManager服务,还可以使用如下命令查看vlan信息
[root@test ~]# nmcli con show
NAME UUID TYPE DEVICE
team0 slave 1 b643da79-127d-4b91-b68b-73376640543d 802-3-ethernet eth1
team0.10 92c61b73-bddb-4fa3-9dda-549618a51dc9 vlan --
team0 slave 0 780454b4-9b00-4cc4-901d-4c657dfe6d84 802-3-ethernet eth0
vlan10 c1711904-5ddc-4efe-930a-11061141970e vlan vlan10
VLAN connection team0.1001 9f26912d-7690-463a-ad8d-367e7bb38955 vlan team0.1001
Team connection team0 ebc808b8-f81e-4838-8fbd-0b28a2a81ad5 team team0
VLAN connection team0.10 b50bc16b-952d-4572-abb0-10f262c61f0d vlan --
也可以查看nmcli -p con show vlan12