May 10, 2011 0
Multiple VLAN setup on OpenBSD
Open BSD has for some while supported 802.1q Virtual LANs (VLAN). This allow you to have a server using only one Network Card/Cable to be a part of multiple distinct network ranges. Now in order to do this you need to be connected to a network switch that understands VLANS (most decent smart switches do), and you need to configure the port that is attached to your server as a trunk port, and optionally supply a list of VLAN identifiers that will pass down that trunk.
Configuring the switch side is an exercise for the reader, since every switch maker has a ‘slightly’ different way to do it, but on a Cisco switch for example
interface FastEthernet0/1
description Trunk link to OpenBSD Server
switchport mode trunks
switchport allowed vlan 1,7,9
speed 100
duplex full
would allow access to the Virtual LANs 1, 7, and 9 to be sent towards the server.
On the server side, the setup is amazingly simple, thanks to the built in support for the vlan device
First, we need to bring up the master interface (say xl0) but we do not give it an ip address
ifconfig xl0 up
we can then add the required vlans as virtual network interfaces
ifconfig vlan1 create
ifconfig vlan7 create
ifconfig vlan9 create
ifconfig vlan1 vlan 1 vlandev xl0
ifconfig vlan7 vlan 7 vlandev xl0
ifconfig vlan9 vlan 9 vlandev xl0
In the above examples I have kept the name of the interfaces the same as the vlan they are attached to, but there is no reason why you cannot call them something different if you want to, the important bit is that the number after the vlan keyword must match the vlan definition on the switches
Now that we have our vlan interfaces, we can configure them in the normal way for networking
ifconfig vlan1 inet 10.10.10.1 netmask 255.255.255.0
ifconfig vlan7 inet 10.20.30.1 netmask 255.255.255.0
ifconfig vlan9 inet 10.30.40.1 netmask 255.255.255.0
Of course, in order to make this persis after you next reboot the box, we need to configure the /etc/hostname.xxx files in the normal way, this configuration would look like
/etc/hostname.xl0
up
/etc/hostname.vlan1
inet 10.10.10.1 255.255.255.0 10.10.10.255 vlandev xl0 description "VLAN1-Net1"
/etc/hostname.vlan7
inet 10.20.30.1 255.255.255.0 10.20.30.255 vlandev xl0 description "VLAN7-Net2"
and so on