0

I have a linux router (Centos 6) that I built. It has eth3 and wlan0 bridged together as br0. I have not been utilizing vlans up to this point.

I have a wireless AP that is tagged vlan 42 for a guest SSID that I want to isolate from the rest of the network, and I have a Netgear L2 switch that is set up with the vlan info.

On the linux router, it appears I cannot add vlan 42 as a vlan interface on br0.

What is the proper way to do this? At some point, wlan0 can go away and I can just have eth3 for the lan interface on the router, but that isn't until we test the new AP. I don't mind reconfiguring the network stack in the meantime to make this all work.

=====================================

Updated with network drawing and details on current configs. This is where I am at now. I can ping 10.4.3.1, but traceroutes and pings don't make it any further, and a client on the aerohive guest network cannot ping anywhere, including 10.4.3.1.

I'm fairly sure that I have the switch configured correctly from talking to a tech at Netgear, and same for the Aerohive. Do you see something wrong with anything in my ifcfg files? Or something else that I'm missing? Any other info I can provide you? I really appreciate the effort at helping me here!

ifcfg-eth3:

DEVICE="eth3"
TYPE="bridge"
BOOTPROTO="none"
BRIDGE="br0"
HWADDR="68:05:CA:00:DC:11"
NM_CONTROLLED="no"
ONBOOT="yes"

**ifcfg-eth3.42:**
BRIDGE=br0
DEVICE=vlan42
PHYSDEV=eth3
BOOTPROTO=none
ONBOOT=yes
VLAN=yes

**ifcfg-wlan0:**
DEVICE="wlan0"
TYPE="bridge"
HWADDR="00:02:6F:BD:95:94"
BOOTPROTO="none"
BRIDGE="br0"
NM_CONTROLLED="no"
ONBOOT="yes"

**ifcfg-br0:**
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.1.1
NETMASK=255.255.255.0

**ifcfg-br0:1:**
DEVICE=br0:1
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.4.3.1
NETMASK=255.255.255.0

ip route:
65.116.247.192/29 dev eth4  proto kernel  scope link  src 65.116.247.194
10.0.1.0/24 dev br0  proto kernel  scope link  src 10.0.1.1
10.4.3.0/24 dev br0  proto kernel  scope link  src 10.4.3.1
10.3.3.0/24 dev wlan1  proto kernel  scope link  src 10.3.3.1
169.254.0.0/16 dev eth4  scope link  metric 1002
169.254.0.0/16 dev br0  scope link  metric 1006
169.254.0.0/16 dev wlan1  scope link  metric 1009
default via 65.116.247.193 dev eth4

network diagram

danielj
  • 163
  • 3
  • 10
  • Coincidentally, this popped up on Reddit this morning. Perhaps it can help you? http://packetpushers.net/switching-to-linux-for-switches/ – fukawi2 Dec 17 '13 at 21:59
  • 1) Remove `eth3` from `br0`; 2) Move ipaddr `10.4.3.1` from `eth3.42` to `br0`; 3) I would also remove custom `vlan42` name from `eth3.42` -- It is irrelevant and redundant there since vlan 42 host connectivity is served by `br0`. Instead mind to change bridge name for `br0` to something like `vlan42br`. Hope It'll help. – Veniamin Dec 19 '13 at 05:56
  • I don't see how I can move the ipaddr 10.4.3.1 to br0 - br0 is 10.0.1.1. Can I leave the IP off but add a static route for 10.4.3.0/24 to br0? – danielj Dec 19 '13 at 16:53
  • Static route is not an option since you still need 10.4.3.1 wich can be accesible only being on br0 or its alias. If you need two subnets on vlan 42 then add alias br0:0 and assign 10.4.3.1 to It. – Veniamin Dec 19 '13 at 17:27
  • Thanks. I removed the ipaddr from eth3.42 and assigned it to br0:1. I can ping 10.4.3.1. However, I still can't get past there to the client on the guest network at 10.4.3.10, and that client can't ping 10.4.3.1. Any thoughts on what else I'm missing? I don't need to enable STP, do I? – danielj Dec 19 '13 at 20:27
  • STP is needed if you have loops in broadcast domains. It may be also usefull to prevent casual loops e.g. with misconfigured devices. To resolve the problem your detail network drawing is helpful both with description what do you want to get. – Veniamin Dec 20 '13 at 04:42
  • @Veniamin, I added a graphic and hopefully more clarity into where I am at with configs, etc. – danielj Dec 20 '13 at 23:51
  • Well, I do not understand the purpose of wlan0 on the router. It is already connected to vlan1 and vlan42 using eth3 wired port. – Veniamin Dec 21 '13 at 12:47
  • @Veniamin, wlan0 is a wireless NIC that is currently providing wifi access to the office. It is bridged with eth3 so there is seamless access to the network regardless of wifi or wired connection. We just got the Aerohive AP, and want to use that instead, but I can't take wlan0 out of the equation until we have everything working correctly with the vlan and the Aerohive. – danielj Dec 27 '13 at 00:10
  • Definitely you should not bridge eth3 and eth3.42 together - these are different VLANs. I did not configure multiple SSID WiFi NIC on Lunux and do not know how It should appeared - I presume as wlan0/1/2/... . What is wlan1 in your setup, second physical NIC or just logical NIC with different SSID? – Veniamin Dec 27 '13 at 10:38

2 Answers2

0

Try adding subinterfaces to br0 and you can follow the following to configure your VLAN

http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html

Keep in mind that if you say want to add VLAN 150 you'd have to configure br0.150

Hope this helps.

Rico
  • 2,235
  • 19
  • 19
0

Adding a VLAN to a bridge makes this VLAN to span all interfaces connected to this bridge. This implies that your wlan0 should work in tagged mode. But WiFi does not support 802.1q tagged frames. Thus, the system reasonably refuses such configuration.

If you want the frames from SSID to go to eth3 as tagged with VLAN 42 -- create eth3.42 and bridge it with wlan0.

Veniamin
  • 863
  • 6
  • 11