How to setup VLAN on same subnet as Ethernet?

ubuntu networking vlan

14,424

It looks like you're trying to set up overlapping subnets on different interfaces. This is going to screw with your routing tables and make lots of things not work. Secondly, you haven't set up VLANs in your config, so when you refer to eth0.10 it's missing some prerequisite steps. If you actually need a vlan (which i dont believe you do) see Debian's wiki for how to properly set up vlans.

As far as the networking stack is concerned, above layer 1 a VLAN interface might as well be a physical interface so you need to treat it as such.

If you want an additional IP with an overlapping subnet on an interface you need to set it up as a secondary (a.k.a. alias) IP. Change eth0.10 to eth0:10 in /etc/interfaces then ifup eth0:10.

14,424

junkyhlm

Updated on September 18, 2022

Comments

junkyhlm almost 2 years

I have a physical NIC with dev name eth0 with ip 192.168.1.2 and gateway 192.168.1.1 and I want to setup a VLAN with ip 192.168.1.x and same gateway as eth0.

Setting up the VLAN runs smoothly and I give the VLAN a iface name of eth0.10 and an ip of 192.168.1.69. Now when trying to establish a connection I get an error:

holmen@filserver:~$ sudo ifup eth0.10
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
RTNETLINK answers: File exists
Failed to bring up eth0.10.

So how do I get the VLAN to connect to the internet and what does the error message mean? My guess is that it have something to do with the broadcast.

Settings: /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp
        address 192.168.1.2
        netmask 255.255.255.0
        network 192.168.1.0
        gateway 192.168.1.1

iface eth0.10 inet static
        address 192.168.1.69
        netmask 255.255.255.0
        gateway 192.168.1.1

I have removed the auto eth0.10 since I don't want to establish it at startup

Settings: ifconfig

holmen@filserver:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1a:4d:5b:02:5c
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:4dff:fe5b:25c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11670807 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22363842 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:833725090 (833.7 MB)  TX bytes:31876321312 (31.8 GB)
          Interrupt:44 Base address:0x4000

eth0.10   Link encap:Ethernet  HWaddr 00:1a:4d:5b:02:5c
          inet addr:192.168.1.69  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:4dff:fe5b:25c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:432 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:41501 (41.5 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4899 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4899 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:697405 (697.4 KB)  TX bytes:697405 (697.4 KB)

Settings: netstat output

holmen@filserver:~$ netstat -anr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0.10

Test: ping output domain name

holmen@filserver:~$ ping -I eth0.10 www.dn.se
PING a1910.g1.akamai.net (23.60.69.161) from 192.168.1.2 eth0.10: 56(84) bytes of data.
From filserver.local (192.168.1.69) icmp_seq=1 Destination Host Unreachable
From filserver.local (192.168.1.69) icmp_seq=2 Destination Host Unreachable
From filserver.local (192.168.1.69) icmp_seq=3 Destination Host Unreachable
^C
--- a1910.g1.akamai.net ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4025ms
pipe 3

Test: ping output ip addr

holmen@filserver:~$ ping -I eth0.10 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.1.2 eth0.10: 56(84) bytes of data.
From 192.168.1.69 icmp_seq=1 Destination Host Unreachable
From 192.168.1.69 icmp_seq=2 Destination Host Unreachable
From 192.168.1.69 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4023ms
pipe 3

BitsOfNix over 11 years

Do you want a vlan or "virtual" interface? if you really want a vlan you seem to be missing a couple of things. You need to associate your interface with a vlan id which in turn needs to be match your swicth. Take a look here for vlan configuration: cyberciti.biz/tips/…
junkyhlm over 11 years

Thanks for your reply! Im going to open a vpn tunnel through the vlan device and route traffic from one app through the tunnel. I dont know if virtal iface or vlan is best for me, what do you think?
junkyhlm over 11 years

And i've already assigned the vlan id: holmen@filserver:~$ sudo vconfig add eth0 10 ERROR: trying to add VLAN #10 to IF -:eth0:- error: File exists
BitsOfNix over 11 years

but do you have it configured also on the other end? ex: on the switch end. Vlan tag is mostly used to separate different networks that will be operating on the same physical interface. From what I've understood you want to use the same network. 192.168.1.0/24 on both interfaces. Unfortunately my knowledge does not goes far enough for me to advice you if you should use a vlan or a virtual interface. but I believe that you want to have your system connected to the internet normaly and also to a vpn. is that right?
junkyhlm over 11 years

That is correct. I've got one ISP and a DLink DIR-655 as router and switch. Yes i want both interfaces to use 192.168.1.0/24. Is there any settings i need to change in the router/switch?
Mariusz Zieliński over 2 years

Please describe problem you would like to solve. I think you have some (IMHO wrong) solution you are trying to get help for. It is never a good idea to have identical subnet on two interfaces. There is no advantage and many practical issues with such setup.

Mariusz Zieliński over 2 years

It won't "screw with routing tables". It will still be valid configuration. Two equivalent routes will be used in a round robin way. It may make little sense when using single table but if you use multiple tables then it opens new possibilities. Still I think that OP tries to get help with wrong solution to his problem.
bahamat over 2 years

If they know what you're doing sure. If not, there'll be plenty of things happening that they don't expect and will have a hard time troubleshooting. Either way, an IP alias or LCAP is almost certainly better option in nearly all cases.