I wanted to set up a VMWare 2.0 server host to allow guests on multiple vlans. The project required that all Microsoft based servers / workstations be on one vlan and all Linux based servers / workstations be on a different vlan. This meant that a VMware Server hosting both Microsoft and Linux based guests would be impossible until setting up multiple interfaces and trunking the switch port. I did this project during a transition from from a Cisco switch to a Netgear Layer 3 switch so I provide config instructions for both devices.
Project Primary Goal(s):
1.) Create a trunk port from a switch / router connected directly to a Ubuntu 8.10 Server
2.) Enable multiple logical network interfaces on the Ubunutu system (1 each for each vlan on the trunk
3.) Be able to network “sniff” traffic for only a given vlan while still communicating over other vlans for mail / web / etc
4.) Be able to run VMware guests in different vlans
5.) No routing enabled on the Ubuntu Server
6.) Provide static config options for restoring all networks and connections after a reboot
On the Switch (This is Cisco – See below for a Netgear config):
1.) Enter config mode on the switch “config t”
2.) Enter config mode for the interface we want to trunk “int gig 1/0/1” for example
3.) On some switches / routers you will need to set the encapsulation type “switchport trunk encapsulation dot1q”
Note: If you don’t set this explicitely (even if your switch doesn’t require it) you will not be able to get vlan headers on a full network “sniff” and you may encounter communications problems on your vmware guest systems.
4.) Set port to trunk mode “switchport mode trunk”
5.) Allow vlan’s of interest on the trunk “switchport trunk allowed vlan 10,172,192″
6.) Most admins agree setting a description is worth the effort for reducing confusing in future troubleshooting – ‘description “Trunk link to Ubuntu 8.10 VMware Server”’
7.) Get out of int config mode “exit”
8.) Get out of config mode “exit”
9.) Save config to memory “write mem”
On the switch (This is Netgear config – See above for a Cisco config)
1.) Enter config mode “Configure Terminal”
2.) Enter interface config mode “Interface 0/10″
3.) Set participation in the vlans of interest:
”vlan participation include 10″
“vlan participation include 172″
“vlan participation include 192″
4.) Set tagging for all vlans:
“vlan tagging 10″
“vlan tagging 172″
“vlan tagging 192″
5.) Most admins agree setting a description is worth the effort for reducing confusing in future troubleshooting – ‘description “Trunk link to Ubuntu 8.10 VMware Server”’
6.) Get out of interface config mode “exit”
7.) Get out of config mode “exit”
8.) Save config to memory “save” then “y” to the confirm prompt
On the Ubuntu 8.10 Server (I’ll try to get around to writing up instructions for Fedora 10 as well – basically they are the same except the static settings and the su / sudo commands).
1.) I prefer to just up my privs to root and leave them there while on the terminal but you might want to use sudo instead – “sudo -s -H” then enter the root password for the system
2.) Remove any settings on eth0 – Especially do not leave eth0 as DHPC enabled (I’ll provide more info about what I decided to do in the static config section below – but if you are just looking to do something temporary just take off ip information and routing information for eth0)
3.) Now create the logical interfaces for each vlan.
“ip link add link eth0 name vlan10 type vlan id 10”
“ip link add link eth0 name vlan172 type vlan id 172”
“ip link add link eth0 name vlan192 type vlan id 192”
5.) If you have a dhcpserver on any of the vlans you can grab a dhcp address
“dhclient vlan10”
To release the dhcp address:
“dhclient -r vlan10”
6.) If you want to “sniff” traffic on a given vlan set the logical interface to promiscuous mode
“ifconfig vlan172 -promisc”
“tcpdump -i vlan172″
If you want to “sniff” traffic on all vlans
“tcpdump -i eth0″
Static Settings (this section is of interest if you want to set this up perminantely – For me that’s a primary project goal)
Several modifications need to be made to the /etc/network/interface file so “vi /etc/network/interfaces”
I include an example file here:
———————————————————————————————————————-
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
# I set this up in promiscuous mode for any network “sniffing” I may want to do in the future
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
# The vlan 10 network interface
# This is an example of a logical vlan interface that has connectivity to a DHCP server
iface vlan10 inet dhcp
pre-up ip link add link eth0 name vlan10 type vlan id 10
post-down ip link del dev vlan10
auto vlan10
# The vlan192 network interface
# This is an example of a logical vlan interface that needs static / manual ip address information
iface vlan192 inet static
pre-up ip link add link eth0 name vlan192 type vlan id 192
post-down ip link del dev vlan192
address 192.168.7.8
netmask 255.255.255.0
auto vlan192
———————————————————————————————————————-
Don’t forget to save the file “:wq!”.
Last thing is to reconfigure the VMserver environment:
-
At the root prompt type “/usr/bin/vmware-config.pl” or at the user prompt “sudo /usr/bin/vmware-config.pl”
-
When it asks to set up various network information the ones of highest interest is the Bridged. Ensure you choose to set a bridged network for each vlan – I chose to name mine “Bridged10″, “Bridged172″, and “Bridged192″ after the logical vlan interfaces they would operate on.
-
Go into the VMware Server web gui “https://serverip:8333” (you can do this from a remote system since you probably don’t have a graphical front end or web browser for the VMware Server) and for each guest that has been created ensure that the correct bridged network is selected. For me that meant selecting each Linux guest and changing it’s network to “Bridged192″ and selecting each Microsoft guest and changing it’s network to “Bridged10″.
Note: I did this for VMware applications but it’s not a terrible way to configure a Linux firewall that has only 1 interface. Just set the default route to the ip address given on each logical vlan interface. Then enable ip forwarding on the linux system.
Tags: Cisco, Configure Trunk on Fedora, ip link add link, multiple logical interfaces, Netgear Switch, Network Sniffer, Stripped Vlan Headers, Trunk, Ubuntu, Ubuntu Server 8.10, Vlan, Vlan headers