How to setup VLAN on same subnet as Ethernet?
It looks like you're trying to set up overlapping subnets on different interfaces. This is going to screw with your routing tables and make lots of things not work. Secondly, you haven't set up VLANs in your config, so when you refer to eth0.10
it's missing some prerequisite steps. If you actually need a vlan (which i dont believe you do) see Debian's wiki for how to properly set up vlans.
As far as the networking stack is concerned, above layer 1 a VLAN interface might as well be a physical interface so you need to treat it as such.
If you want an additional IP with an overlapping subnet on an interface you need to set it up as a secondary (a.k.a. alias) IP. Change eth0.10
to eth0:10
in /etc/interfaces
then ifup eth0:10
.
Related videos on Youtube
junkyhlm
Updated on September 18, 2022Comments
-
junkyhlm almost 2 years
I have a physical NIC with dev name eth0 with ip 192.168.1.2 and gateway 192.168.1.1 and I want to setup a VLAN with ip 192.168.1.x and same gateway as eth0.
Setting up the VLAN runs smoothly and I give the VLAN a iface name of eth0.10 and an ip of 192.168.1.69. Now when trying to establish a connection I get an error:
holmen@filserver:~$ sudo ifup eth0.10 Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config RTNETLINK answers: File exists Failed to bring up eth0.10.
So how do I get the VLAN to connect to the internet and what does the error message mean? My guess is that it have something to do with the broadcast.
Settings: /etc/network/interfaces
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.1 iface eth0.10 inet static address 192.168.1.69 netmask 255.255.255.0 gateway 192.168.1.1
I have removed the auto eth0.10 since I don't want to establish it at startup
Settings: ifconfig
holmen@filserver:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:1a:4d:5b:02:5c inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21a:4dff:fe5b:25c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11670807 errors:0 dropped:0 overruns:0 frame:0 TX packets:22363842 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:833725090 (833.7 MB) TX bytes:31876321312 (31.8 GB) Interrupt:44 Base address:0x4000 eth0.10 Link encap:Ethernet HWaddr 00:1a:4d:5b:02:5c inet addr:192.168.1.69 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21a:4dff:fe5b:25c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:432 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:41501 (41.5 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4899 errors:0 dropped:0 overruns:0 frame:0 TX packets:4899 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:697405 (697.4 KB) TX bytes:697405 (697.4 KB)
Settings: netstat output
holmen@filserver:~$ netstat -anr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.10
Test: ping output domain name
holmen@filserver:~$ ping -I eth0.10 www.dn.se PING a1910.g1.akamai.net (23.60.69.161) from 192.168.1.2 eth0.10: 56(84) bytes of data. From filserver.local (192.168.1.69) icmp_seq=1 Destination Host Unreachable From filserver.local (192.168.1.69) icmp_seq=2 Destination Host Unreachable From filserver.local (192.168.1.69) icmp_seq=3 Destination Host Unreachable ^C --- a1910.g1.akamai.net ping statistics --- 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4025ms pipe 3
Test: ping output ip addr
holmen@filserver:~$ ping -I eth0.10 8.8.8.8 PING 8.8.8.8 (8.8.8.8) from 192.168.1.2 eth0.10: 56(84) bytes of data. From 192.168.1.69 icmp_seq=1 Destination Host Unreachable From 192.168.1.69 icmp_seq=2 Destination Host Unreachable From 192.168.1.69 icmp_seq=3 Destination Host Unreachable ^C --- 8.8.8.8 ping statistics --- 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4023ms pipe 3
-
BitsOfNix over 11 yearsDo you want a vlan or "virtual" interface? if you really want a vlan you seem to be missing a couple of things. You need to associate your interface with a vlan id which in turn needs to be match your swicth. Take a look here for vlan configuration: cyberciti.biz/tips/…
-
junkyhlm over 11 yearsThanks for your reply! Im going to open a vpn tunnel through the vlan device and route traffic from one app through the tunnel. I dont know if virtal iface or vlan is best for me, what do you think?
-
junkyhlm over 11 yearsAnd i've already assigned the vlan id: holmen@filserver:~$ sudo vconfig add eth0 10 ERROR: trying to add VLAN #10 to IF -:eth0:- error: File exists
-
BitsOfNix over 11 yearsbut do you have it configured also on the other end? ex: on the switch end. Vlan tag is mostly used to separate different networks that will be operating on the same physical interface. From what I've understood you want to use the same network. 192.168.1.0/24 on both interfaces. Unfortunately my knowledge does not goes far enough for me to advice you if you should use a vlan or a virtual interface. but I believe that you want to have your system connected to the internet normaly and also to a vpn. is that right?
-
junkyhlm over 11 yearsThat is correct. I've got one ISP and a DLink DIR-655 as router and switch. Yes i want both interfaces to use 192.168.1.0/24. Is there any settings i need to change in the router/switch?
-
Mariusz Zieliński over 2 yearsPlease describe problem you would like to solve. I think you have some (IMHO wrong) solution you are trying to get help for. It is never a good idea to have identical subnet on two interfaces. There is no advantage and many practical issues with such setup.
-
-
Mariusz Zieliński over 2 yearsIt won't "screw with routing tables". It will still be valid configuration. Two equivalent routes will be used in a round robin way. It may make little sense when using single table but if you use multiple tables then it opens new possibilities. Still I think that OP tries to get help with wrong solution to his problem.
-
bahamat over 2 yearsIf they know what you're doing sure. If not, there'll be plenty of things happening that they don't expect and will have a hard time troubleshooting. Either way, an IP alias or LCAP is almost certainly better option in nearly all cases.