inter VLAN routing with Ubuntu

Question

I have 4 VLANs created and I'm trying to use my Ubuntu machine as the DNS,DHCP, and L3 router. I want my 4 VLANs separated but still able to talk each other. Here is a bit about my setup.

Cable modem (Bridged)-->Ubuntu Server box (see below)-->Dell Power connect 2824 (in Managed mode) - L2 switch w/ IP address of 192.168.1.1

(4 VLANs setup within the Dell L2 switch) vlan1 (Mgmt) 192.168.1.0/24

vlan10 (home network) 192.168.10.0/24

vlan20 (Storage/Backups/Media server) 192.168.20.0/24

vlan30 (Work) 192.168.30.0/24

Ubuntu server 14.4 LTS eth0 - Cable modem IP (WAN) Netmask 255.255.224.0

eth1 - LAN side - 192.168.10.2 Netmask 255.255.255.0

I can NOT get the static routes setup on this to save my life. On Ubuntu server DNS works great. DHCP hands out addresses fine only for the 192.168.10.x network. It will not hand out addresses for the other VLANs. I assume that will work once we get all of the VLANs talking properly.

I understand the concepts but need specifics of what to change to get this working and routes should be persistent upon reboot. Thank you for the assist.

ip address show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:23:7d:f3:10:d2 brd ff:ff:ff:ff:ff:ff
    inet 70.115.129.7/19 brd 255.255.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::223:7dff:fef3:10d2/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::223:7dff:fef3:10d0/64 scope link
       valid_lft forever preferred_lft forever


ip route show

default via 70.115.128.1 dev eth0
70.115.128.0/19 dev eth0  proto kernel  scope link  src 70.115.129.7
192.168.10.0/24 dev eth1  proto kernel  scope link  src 192.168.10.2

The new routing table after the VLAN interfaces were configured on the Linux router:

$ ip r s
default via 70.115.128.1 dev eth0
70.115.128.0/19 dev eth0 proto kernel scope link src 70.115.129.7
192.168.1.0/24 dev eth1.1 proto kernel scope link src 192.168.1.10
192.168.10.0/24 dev eth1.10 proto kernel scope link src 192.168.10.2
192.168.20.0/24 dev eth1.20 proto kernel scope link src 192.168.20.1

I do not agree that this question to be closed. Even if this question is for a home config, I think it could help junior system admins to configure the network for a small company. — Mircea Vutcovici, Jun 07 '16 at 21:11

Mircea Vutcovici · Answer 1 · 2016-06-06T19:23:58.270

1

On Linux server you need to create the vlan interfaces and assign static IP addresses. Follow the official Ubuntu documentation for details 1.

Configure DHCP to listen to all VLANs except the one facing the cable modem. You will need separate DHCP subnet for each VLAN. Make sure that you send via DHCP as default route the IP of the VLAN interface directly connected with that VLAN.

Use tshark/wireshark/tcpdump for debugging. Use them on both VLAN interfaces and on ethernet interface. You can filter for DHCP packets only if you have too much traffic:

Could you please edit your question and add the output of following commands from the router:

ip address show
ip route show

Edit /etc/network/interfaces and make sure you have for each VLAN a vlan interface configured. Here is only VLAN10:

# Disable IP on eth1, we are not using the native VLAN
iface eth1 inet manual

# VLAN 10 - home network
auto eth1.10
iface eth1.10 inet static
    address 192.168.10.1/24
    vlan-raw-device eth1

Make sure that eth1 has no IP assigned. you will assign IP addresses on VLAN interfaces (like eth1.10).

edited Jun 06 '16 at 19:23

answered Jun 06 '16 at 18:48

Mircea Vutcovici

17,619
4
56
83

Added sorry I couldn't get the formatting right when it saved.. Here is a sample declaration from one of the vlans from dhcpd.conf as an example. # Vlan 20 - Storage Network subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.2 192.168.20.10; default-lease-time 600; max-lease-time 7200; #option routers 192.168.10.2; option broadcast-address 192.168.20.255; option subnet-mask 255.255.255.0; #option domain-name-servers 192.168.10.2, 209.18.47.62, 209.18.47.61; #hardware ethernet cc:e1:d5:8c:13:a6; #fixed-address 192.168.20.5; #} – dsmigelski Jun 06 '16 at 18:54
You need to create the VLAN interfaces on the router. Make sure that the switch port that is connected to the router is configured to have 802.1Q VLAN encapsulation and all VLANs are allowed on this port. See: https://wiki.ubuntu.com/vlan – Mircea Vutcovici Jun 06 '16 at 18:58
Yes I had some trouble getting those vlans created on the router. Followed https://wiki.ubuntu.com/vlan but I wasn't sure based on my setup what to ip addresses/settings to configure. – dsmigelski Jun 06 '16 at 19:03
meant to type...I wasn't sure based on my setup what ip address/settings to configure exactly and on what device (eth1?). Do you have an example based on my settings? – dsmigelski Jun 06 '16 at 19:09
As an example? auto eth1.1 iface eth1.1 inet static address 192.168.1.10/24 vlan-raw-device eth1 auto eth1.10 iface eth1.10 inet static address 192.168.10.1/24 vlan-raw-device eth1 auto eth1.20 iface eth1.20 inet static address 192.168.20.1/24 vlan-raw-device eth1 – dsmigelski Jun 06 '16 at 19:18
If you are not using VLAN1, why are you using eth1.1 ? Do not mix the configs or you will make it more complicate to debug. First make sure you make VLAN10 to work, then add the other VLAN interfaces later. – Mircea Vutcovici Jun 06 '16 at 19:30
Is your switch configured with 802.1Q VLAN encapsulation on the port connected with the Linux router? – Mircea Vutcovici Jun 06 '16 at 19:30
Vlan1 is in use for management (switch & HP i-LOs are on the 192.168.1.0 network). Switch is configured for 802.1Q VLAN Enc yes on the switch port – dsmigelski Jun 06 '16 at 19:34
restart networking and make sure the vlan interfaces are created: `ip a s; ip r s` – Mircea Vutcovici Jun 06 '16 at 19:36
It won't let me paste all of the the results:2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:23:7d:f3:10:d2 brd ff:ff:ff:ff:ff:ff inet 70.115.129.7/19 brd 255.255.255.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::223:7dff:fef3:10d2/64 scope link valid_lft forever preferred_lft forever – dsmigelski Jun 06 '16 at 19:41
3: eth1: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff inet6 fe80::223:7dff:fef3:10d0/64 scope link valid_lft forever preferred_lft forever 4: eth1.1@eth1: mtu 1500 qdisc noqueue state UP group default link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1.1 valid_lft forever preferred_lft forever inet6 fe80::223:7dff:fef3:10d0/64 scope link – dsmigelski Jun 06 '16 at 19:42
5: eth1.10@eth1: mtu 1500 qdisc noqueue state UP group default link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.10.2/24 brd 192.168.10.255 scope global eth1.10 valid_lft forever preferred_lft forever inet6 fe80::223:7dff:fef3:10d0/64 scope link valid_lft forever preferred_lft forever – dsmigelski Jun 06 '16 at 19:42
6: eth1.20@eth1: mtu 1500 qdisc noqueue state UP group default link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.20.1/24 brd 192.168.20.255 scope global eth1.20 valid_lft forever preferred_lft forever inet6 fe80::223:7dff:fef3:10d0/64 scope link valid_lft forever preferred_lft forever – dsmigelski Jun 06 '16 at 19:42
default via 70.115.128.1 dev eth0 70.115.128.0/19 dev eth0 proto kernel scope link src 70.115.129.7 192.168.1.0/24 dev eth1.1 proto kernel scope link src 192.168.1.10 192.168.10.0/24 dev eth1.10 proto kernel scope link src 192.168.10.2 192.168.20.0/24 dev eth1.20 proto kernel scope link src 192.168.20.1 – dsmigelski Jun 06 '16 at 19:42
Looks ok. You need to configure DHCP now. Make sure it is listening an all VLAN interfaces with: `sudo netstat -ulnp|grep dhcpd` – Mircea Vutcovici Jun 06 '16 at 19:45
Yes new errors now in /var/log/syslog: Jun 6 14:50:27 abcde dhcpd: No subnet declaration for eth1 (no IPv4 addresses). Jun 6 14:50:27 abcde dhcpd: ** Ignoring requests on eth1. If this is not what... – dsmigelski Jun 06 '16 at 19:52
That is fine. You will use only the vlan interfaces, not eth1 directly. You need to edit `/etc/default/isc-dhcp-server` and add only the vlan interfaces (e.g. `eth1.10`) – Mircea Vutcovici Jun 06 '16 at 20:00
Check if you receive DHCP requests on VLAN interfaces. E.g. for VLAN10 run: `sudo tshark -npi eth1.10 port 67 or port 68` – Mircea Vutcovici Jun 06 '16 at 20:03
Completely forgot about that /etc/default/isc-dhcp-server config file. thanks. apturing on 'eth1.10' 1 0.000000 00:23:7d:f3:10:d0 -> ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.10.4? Tell 192.168.10.2 1 2 0.998445 00:23:7d:f3:10:d0 -> ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.10.4? Tell 192.168.10.2 2 3 1.998442 00:23:7d:f3:10:d0 -> ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.10.4? Tell 192.168.10.2 – dsmigelski Jun 06 '16 at 20:06
netstat -ulnp | grep 'dhcpd' udp 0 0 0.0.0.0:27144 0.0.0.0:* 2518/dhcpd udp 0 0 0.0.0.0:67 0.0.0.0:* 2518/dhcpd udp6 0 0 :::57139 :::* 2518/dhcpd – dsmigelski Jun 06 '16 at 20:08
I'd also like to add IP Reservations are still setup for Mac Address: 00:23:7d:f3:10:d0 which belongs to the eth1.10 and eth1 has no assigned IP(As you asked). Forgot to mention that – dsmigelski Jun 06 '16 at 20:27
route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 70.115.128.1 0.0.0.0 UG 0 0 0 eth0 70.115.128.0 0.0.0.0 255.255.224.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.1 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.20 – dsmigelski Jun 07 '16 at 15:40
The routing table looks ok, but I preffer the output of `ip r s`. I think it is better to add those kind of info to the question and format them properly. It is hard to read like this. Next step is to configure DHCP properly. Use `tshark` to see the conversation between the DHCP clients and the Linux server. Make sure you send via DHCP as default gateway the IP you have set on the respective VLAN interface. – Mircea Vutcovici Jun 07 '16 at 21:07
Can you please tell me how to format the copied text in the way that it is better? I can't seem to get it to display correctly. – dsmigelski Jun 09 '16 at 01:46
```ip r s default via 70.115.128.1 dev eth0 70.115.128.0/19 dev eth0 proto kernel scope link src 70.115.129.7 192.168.1.0/24 dev eth1.1 proto kernel scope link src 192.168.1.10 192.168.10.0/24 dev eth1.10 proto kernel scope link src 192.168.10.2 192.168.20.0/24 dev eth1.20 proto kernel scope link src 192.168.20.1``` – dsmigelski Jun 09 '16 at 01:47
Only in the question is possible. In the comment you can only highlight something with back ticks ``` – Mircea Vutcovici Jun 09 '16 at 01:47
The routing table is OK. You should make sure that VLAN configuration on the switch is ok, then configure DHCP. I will edit the question to add the new routing table. – Mircea Vutcovici Jun 09 '16 at 01:54
Yes that part confused me. I don't understand the port tagging. T, U, F, Blank. Most ports are set to U in their respective vlans. I think the port to the cable modem was set to T. Any recommendations? I feel this is close to working.. – dsmigelski Jun 09 '16 at 02:21
Will isc-dhcp-relay be needed? I tried installing it but it is still not working. Any other ideas Mircea? – dsmigelski Jun 14 '16 at 15:45
I'm not convinced it's actually listening on all VLAN ports. I've never found proof that is listening on eth1.1 or eth1.20 virt interfaces. When I tail - f /var/log/syslog I only see addresses being handed out on the 192.168.10.0 network. – dsmigelski Jun 14 '16 at 15:59
You do not need isc-dhcp-relay. You just need dhcp to listen on all interfaces. Some switches support DHCP relay, you can use that if you do not want dhcpd to listen on all VLAN interfaces. You can see the interfaces dhcpd is listening with `sudo netstat -tulnp|grep dhcp`. – Mircea Vutcovici Jun 15 '16 at 04:39

inter VLAN routing with Ubuntu

1 Answers1