This posts gives a short intro about VLAN and a simple configuration sample on a DELL PowerConnect 5224 switch with an OpenBSD machine.
VLANs
VLANs are a common way to gather ports of multiple connected network switches in groups (VLANs), and isolate thoses different groups as if they were on different physical networks.
For this to work, Ethernet frames (as standardized by the IEEE 802.3 standard) are basically extended with an extra field specifying the VLAN identifier (this is standardized by the IEEE 802.1q standard). A packet with this extra field is said to be “tagged”.
Provided with this information, a 802.1q aware switch can deliver ethernet packets only to the VLAN member ports. When this packet leaves the switch by a port, the switch has to decide whether the frame should be sent as 802.1q (to a 802.1q aware equipment) or as 802.3 (to a non-802.1q aware equipment) by “untagging” the packet.
Likewise, when a packet reaches the switch, either it is already tagged and the switch will propagate it to the matching VLAN, or it is not and the switch will tag it with the port default VLAN identifier (known as the “PVID”).
Let’s see how to setup VLANs on a Dell PowerConnect 5224 switch and an OpenBSD machine.
Sample configuration
For this test, we have a DELL PowerConnect 5224 network switch and an OpenBSD 4.2 machine. Both of those equipments are VLAN aware.
Switch
Here are the configuration blocks regarding the VLAN setup :
vlan database
vlan 1 name DefaultVlan media ethernet state active
vlan 2 name aSampleVLAN media ethernet state active
!
interface ethernet 1/1
description OpenBSD
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 2 tagged
We basically create a VLAN “aSampleVLAN” with and the identifier 2 and setup the port 1 of the switch so that packets sent to the VLAN 2 will be sent out on this port too as tagged packet (meaning the packets will be sent as 802.1q packets, hence including the VLAN id).
The “native vlan 1” sets the PVID, meaning that untagged packets entering the switch by the port 1 will be tagged as part of the VLAN 1.
That’s it for the switch setup.
Server
OpenBSD has a vlan(4) pseudo-device which takes care of VLANs. Once configured, a vlan pseudo-device will act just like a normal network interface which would be plugged in a VLAN.
The setup is really easy.
- Bring up the physical network interface which is connected to the switch:
# ifconfig xl0 up
- Create and configure the vlan pseudo-device :
# ifconfig vlan2 create
# ifconfig vlan2 vlan 2 vlandev xl0 - Setup the IP parameters of the vlan interface:
# ifconfig vlan2 inet 10.253.21.102 netmask 255.255.255.0
You can make this persistent over the next reboots by configuring the /etc/hostname.* files as follow :
$ cat /etc/hostname.xl0
up
This will take care of bringing up the physical network interface at next reboot.
$ cat /etc/hostname.vlan2
inet 10.10.10.100 255.255.255.0 10.10.10.255 vlandev xl0 description "Interface in VLAN 2"
This will setup the VLAN interface.
That’s pretty much it. You can bring up as many vlan interfaces as you want, for example if you need to have a server share resources on multiple VLAN or if you want to route packets between VLANs but you have more VLANs than the number of physical network interfaces/switch ports you want to use…
I’m very like this tutorial but i want build the dhcp server on this openbsd ( vlan already) to assign ip for correct each VLAN.
How i must do ?
I’m appreciate for your help
Minh Duc
Hello,
If I understood correctly, that’s actually pretty easy : you just have to edit the /etc/dhcpd.interfaces file and add the interfaces names (vlan1, vlan2 …) in there (one by line).
Hope this helps !
Stéphane
I will try this first and made the tutorial for everyone want to reference.
Thanks Stephane Kattor,
Nice to make friend openbsd fan
skype’s name: ducdoanminh
How am I supposed to read your article with that stupid facebook box covering everything? Safari.
You forgot the vlan tag in hostname.vlan2