Howto / Linux
Debian VLAN 8021q Routing HowTo
Author: Katrame
Visits: 5859
Date: 23.04.2007
We can obviously need to enable Layer 3 routing, we can set a simple bash script to enable when needed:
#!/bin/sh -x
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADE
iptables -A FORWARD -s 10.0.2.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
That's all, to verify traffic going to the linux router just set we could inspect traffic for example with:
# tcpdump -i vlan2
If all is gone right we could set as default gw "10.0.1.254" on the client on VLAN 1 and "10.0.2.254" on client on VLAN 2
We need to set on cisco switch the trunk port:
interface FastEthernet0/1
description TrunkToLinuxRouter
switchport trunk encapsulation dot1q
switchport mode trunk
and for each interface on clients a specific VLAN port:
interface FastEthernet0/14
description PortToClientV1
switchport access vlan 1
interface FastEthernet0/15
description PortToClientV2
switchport access vlan 2
Author: Katrame
Visits: 5859
Date: 23.04.2007
We can obviously need to enable Layer 3 routing, we can set a simple bash script to enable when needed:
#!/bin/sh -x
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADE
iptables -A FORWARD -s 10.0.2.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
That's all, to verify traffic going to the linux router just set we could inspect traffic for example with:
# tcpdump -i vlan2
If all is gone right we could set as default gw "10.0.1.254" on the client on VLAN 1 and "10.0.2.254" on client on VLAN 2
We need to set on cisco switch the trunk port:
interface FastEthernet0/1
description TrunkToLinuxRouter
switchport trunk encapsulation dot1q
switchport mode trunk
and for each interface on clients a specific VLAN port:
interface FastEthernet0/14
description PortToClientV1
switchport access vlan 1
interface FastEthernet0/15
description PortToClientV2
switchport access vlan 2
<<
Page 2 of 2
Se vuoi discutere con noi su questo articolo o comunque vuoi porci delle domande usa il nostro Forum
