RHEL7配置vlan的几种方法

daneon 关注2018.09.15阅 10160

rhel7中根据是否启用了NetworkManager服务,有2种配置vlan的方法,外加使用ip命令,一共是3种方法:

1 如果启用了NetworkManager:方法1:使用nmtui图形化工具来配置;方法2:使用nmcli命令行来配置:nmcli connection add type vlan ifname eth0.10 con-name myvlan id 10 dev eth0 ip4 192.168.1.10/24 gw4 192.168.1.1

2 如果没有启用NetworkManager:直接修改网卡的配置文件

3 使用ip命令来配置vlan:ip link add link eth0 name eth0.8 type vlan id 8;ip -d link show eth0.8;删除vlan接口ip link delete eth0.8

本项目中由于安全加固关闭了NetworkManager服务,因此采用第2种方式来配置vlan

注意:

1 要创建vlan,需要在上级接口中创建一个接口,使vlan接口为数据包添加vlan标记,对返回的包取消标记

2 如果绑定接口的配置文件中有fail_over_mac=follow,那该绑定接口不支持配置vlan接口

3 配置vlan的接口需要上联交换机进行配置vlan或者trunk

4 如果使用ip命令来配置vlan,当reboot后,配置会丢失;直接修改配置文件的方法在reboot后不会丢失配置

需求:

在p5p1端口上配置vlan 300,指定到36个地址的静态路由(这里不举例,和rhel6中配置一样,也是在/etc/sysconfig/static-route中配置)

在p5p2端口上配置vlan 400,默认网关在该接口上

以下为配置步骤

step1:加载模块

modprobe --first-time 8021q

modinfo 8021q

注意:配置好了vlan,重启后系统也会自动加载8021q模块

step2:配置vlan接口

先配置上级接口p5p1和p5p2  ##p5p2和p5p1配置一样,这里就不贴了

more ifcfg-p5p1

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=none

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=p5p1

#UUID=5ef13abe-d107-4672-bcb2-6415e8ca07d6

DEVICE=p5p1

ONBOOT=yes

#IPADDR=XXXXXX

#NETMASK=XXXXXX

必须要注释掉IP和netmask,这两个需要配置在vlan端口上

之后配置vlan接口

vim ifcfg-p5p1.300  ##p5p1是上级接口,vlan id为300

DEVICE=p5p1.300

BOOTPROTO=none

ONBOOT=yes

IPADDR=XXXXXX

NETMASK=XXXXXX

VLAN=yes

vim ifcfg-p5p2.400 ##p5p2是上级接口,vlan id为400.我这里是两个物理网口,每个物理网口配置一个vlan

DEVICE=p5p2.400

BOOTPROTO=none

ONBOOT=yes

IPADDR=XXXXXX

NETMASK=XXXXXX

GATEWAY=XXXXXX

VLAN=yes

step3:重启网络服务

systemctl restart network

注意:

物理设备或者vlan接口配置BOOTPROTO=static或者是none都可以,详见https://access.redhat.com/solutions/39674

如果在一个物理接口上需要配置多个vlan,只需要在添加ifcfg-p5p1.500即可

step4:查看vlan配置信息

ip a

6: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff

inet6 fe80::b696:91ff:fe1d:6d84/64 scope link

valid_lft forever preferred_lft forever

7: p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff

inet6 fe80::b696:91ff:fe1d:6d86/64 scope link

valid_lft forever preferred_lft forever

12: p5p1.300@p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000

link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff

inet XXXXXX brd XXXXXX scope global p5p1.300

valid_lft forever preferred_lft forever

inet6 fe80::b696:91ff:fe1d:6d84/64 scope link

valid_lft forever preferred_lft forever

13: p5p2.400@p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000

link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff

inet XXXXXX brd XXXXXX scope global p5p2.400

valid_lft forever preferred_lft forever

inet6 fe80::b696:91ff:fe1d:6d86/64 scope link

valid_lft forever preferred_lft forever

cat /proc/net/vlan/config

VLAN Dev name | VLAN ID

Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

p5p1.300       | 300  | p5p1

p5p2.400       | 400  | p5p2

cat /proc/net/vlan/p5p1.300

p5p1.300  VID: 300 REORDER_HDR: 1  dev->priv_flags: 1

total frames received            0

total bytes received            0

Broadcast/Multicast Rcvd            0

total frames transmitted           25

total bytes transmitted         3802

Device: p5p1

INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0

EGRESS priority mappings:

cat /proc/net/vlan/p5p2.400

p5p2.400  VID: 400 REORDER_HDR: 1  dev->priv_flags: 1

total frames received            0

total bytes received            0

Broadcast/Multicast Rcvd            0

total frames transmitted           25

total bytes transmitted         3814

Device: p5p2

INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0

EGRESS priority mappings:

#################################

如果启用了NetworkManager服务,还可以使用如下命令查看vlan信息

[root@test ~]# nmcli con show

NAME                        UUID                                  TYPE            DEVICE

team0 slave 1               b643da79-127d-4b91-b68b-73376640543d  802-3-ethernet  eth1

team0.10                    92c61b73-bddb-4fa3-9dda-549618a51dc9  vlan            --

team0 slave 0               780454b4-9b00-4cc4-901d-4c657dfe6d84  802-3-ethernet  eth0

vlan10                      c1711904-5ddc-4efe-930a-11061141970e  vlan            vlan10

VLAN connection team0.1001  9f26912d-7690-463a-ad8d-367e7bb38955  vlan            team0.1001

Team connection team0       ebc808b8-f81e-4838-8fbd-0b28a2a81ad5  team            team0

VLAN connection team0.10    b50bc16b-952d-4572-abb0-10f262c61f0d  vlan            --

也可以查看nmcli -p con show vlan12

rhel7中根据是否启用了NetworkManager服务,有2种配置vlan的方法,外加使用ip命令,一共是3种方法:

1 如果启用了NetworkManager:方法1:使用nmtui图形化工具来配置;方法2:使用nmcli命令行来配置:nmcli connection add type vlan ifname eth0.10 con-name myvlan id 10 dev eth0 ip4 192.168.1.10/24 gw4 192.168.1.1

2 如果没有启用NetworkManager:直接修改网卡的配置文件

3 使用ip命令来配置vlan:ip link add link eth0 name eth0.8 type vlan id 8;ip -d link show eth0.8;删除vlan接口ip link delete eth0.8

本项目中由于安全加固关闭了NetworkManager服务,因此采用第2种方式来配置vlan

注意:

1 要创建vlan,需要在上级接口中创建一个接口,使vlan接口为数据包添加vlan标记,对返回的包取消标记

2 如果绑定接口的配置文件中有fail_over_mac=follow,那该绑定接口不支持配置vlan接口

3 配置vlan的接口需要上联交换机进行配置vlan或者trunk

4 如果使用ip命令来配置vlan,当reboot后,配置会丢失;直接修改配置文件的方法在reboot后不会丢失配置

需求:

在p5p1端口上配置vlan 300,指定到36个地址的静态路由(这里不举例,和rhel6中配置一样,也是在/etc/sysconfig/static-route中配置)

在p5p2端口上配置vlan 400,默认网关在该接口上

以下为配置步骤

step1:加载模块

modprobe --first-time 8021q

modinfo 8021q

注意:配置好了vlan,重启后系统也会自动加载8021q模块

step2:配置vlan接口

先配置上级接口p5p1和p5p2  ##p5p2和p5p1配置一样,这里就不贴了

more ifcfg-p5p1

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=none

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=p5p1

#UUID=5ef13abe-d107-4672-bcb2-6415e8ca07d6

DEVICE=p5p1

ONBOOT=yes

#IPADDR=XXXXXX

#NETMASK=XXXXXX

必须要注释掉IP和netmask,这两个需要配置在vlan端口上

之后配置vlan接口

vim ifcfg-p5p1.300  ##p5p1是上级接口,vlan id为300

DEVICE=p5p1.300

BOOTPROTO=none

ONBOOT=yes

IPADDR=XXXXXX

NETMASK=XXXXXX

VLAN=yes

vim ifcfg-p5p2.400 ##p5p2是上级接口,vlan id为400.我这里是两个物理网口,每个物理网口配置一个vlan

DEVICE=p5p2.400

BOOTPROTO=none

ONBOOT=yes

IPADDR=XXXXXX

NETMASK=XXXXXX

GATEWAY=XXXXXX

VLAN=yes

step3:重启网络服务

systemctl restart network

注意:

物理设备或者vlan接口配置BOOTPROTO=static或者是none都可以,详见https://access.redhat.com/solutions/39674

如果在一个物理接口上需要配置多个vlan,只需要在添加ifcfg-p5p1.500即可

step4:查看vlan配置信息

ip a

6: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff

inet6 fe80::b696:91ff:fe1d:6d84/64 scope link

valid_lft forever preferred_lft forever

7: p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff

inet6 fe80::b696:91ff:fe1d:6d86/64 scope link

valid_lft forever preferred_lft forever

12: p5p1.300@p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000

link/ether b4:96:91:1d:6d:84 brd ff:ff:ff:ff:ff:ff

inet XXXXXX brd XXXXXX scope global p5p1.300

valid_lft forever preferred_lft forever

inet6 fe80::b696:91ff:fe1d:6d84/64 scope link

valid_lft forever preferred_lft forever

13: p5p2.400@p5p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000

link/ether b4:96:91:1d:6d:86 brd ff:ff:ff:ff:ff:ff

inet XXXXXX brd XXXXXX scope global p5p2.400

valid_lft forever preferred_lft forever

inet6 fe80::b696:91ff:fe1d:6d86/64 scope link

valid_lft forever preferred_lft forever

cat /proc/net/vlan/config

VLAN Dev name | VLAN ID

Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD

p5p1.300       | 300  | p5p1

p5p2.400       | 400  | p5p2

cat /proc/net/vlan/p5p1.300

p5p1.300  VID: 300 REORDER_HDR: 1  dev->priv_flags: 1

total frames received            0

total bytes received            0

Broadcast/Multicast Rcvd            0

total frames transmitted           25

total bytes transmitted         3802

Device: p5p1

INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0

EGRESS priority mappings:

cat /proc/net/vlan/p5p2.400

p5p2.400  VID: 400 REORDER_HDR: 1  dev->priv_flags: 1

total frames received            0

total bytes received            0

Broadcast/Multicast Rcvd            0

total frames transmitted           25

total bytes transmitted         3814

Device: p5p2

INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0

EGRESS priority mappings:

#################################

如果启用了NetworkManager服务,还可以使用如下命令查看vlan信息

[root@test ~]# nmcli con show

NAME                        UUID                                  TYPE            DEVICE

team0 slave 1               b643da79-127d-4b91-b68b-73376640543d  802-3-ethernet  eth1

team0.10                    92c61b73-bddb-4fa3-9dda-549618a51dc9  vlan            --

team0 slave 0               780454b4-9b00-4cc4-901d-4c657dfe6d84  802-3-ethernet  eth0

vlan10                      c1711904-5ddc-4efe-930a-11061141970e  vlan            vlan10

VLAN connection team0.1001  9f26912d-7690-463a-ad8d-367e7bb38955  vlan            team0.1001

Team connection team0       ebc808b8-f81e-4838-8fbd-0b28a2a81ad5  team            team0

VLAN connection team0.10    b50bc16b-952d-4572-abb0-10f262c61f0d  vlan            --

也可以查看nmcli -p con show vlan12

(0)

相关推荐