主页 / server / 问题 / 879327
Accepted
Brad
Asked: 2017-10-20 11:16:51 +0800 CST

如何在具有和不具有 VLAN 桥接设备的网络上同时配置 NIC

  • 772

我正在使用具有单个物理以太网端口的 CentOS 7 系统,该端口将其连接到网络。该网络主要位于一个子网(“管理网络”)上,但也使用一个标记的 VLAN (VLAN 137),该 VLAN 为 VM 提供了一个单独的子网。

当配置“正常”时 - 它出现并在管理子网上工作。

但是,我想创建一个连接到同一个物理适配器的网桥设备,但要让网桥使用 137 VLAN。

我不知道该怎么做。我可以在普通(无标记)LAN 上拥有 NIC,也可以在(主)LAN 或 VLAN 上创建一个桥接设备。但我无法弄清楚如何同时让主机进入“主”网络和 VLAN 上的网桥。

似乎一个 NIC 一次只能分配给一个“网桥”,而一个网桥可以分配给一个 VLAN,或者没有 VLAN。

我显然错过了一些东西。有任何想法吗?

(PS 最好在没有网络管理器的情况下这样做——我认为这是必须的)。

networking

2 个回答

  1. 在没有使用网桥的情况下,我在虚拟服务器上进行了以下测试,服务器具有 eth0 配置。

    ip link add link eth0 name eth0.100 type vlan id 100
ip addr add 10.0.0.10/24 dev eth0.100
ip link set eth0.100 up

    如果我尝试ping google.it

    [root@localhost ~]# tcpdump -i any not port 22 -nne
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
17:49:34.880834 Out 52:54:00:c5:83:ad ethertype IPv4 (0x0800), length 71: 10.0.2.15.57014 > 10.0.2.3.53: 53728+ A? google.it. (27)
17:49:34.928806  In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 87: 10.0.2.3.53 > 10.0.2.15.57014: 53728 1/0/0 A 216.58.205.99 (43)
17:49:34.929356 Out 52:54:00:c5:83:ad ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 216.58.205.99: ICMP echo request, id 28643, seq 1, length 64
17:49:34.946459  In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 216.58.205.99 > 10.0.2.15: ICMP echo reply, id 28643, seq 1, length 64
17:49:34.947340 Out 52:54:00:c5:83:ad ethertype IPv4 (0x0800), length 88: 10.0.2.15.35452 > 10.0.2.3.53: 7858+ PTR? 99.205.58.216.in-addr.arpa. (44)
17:49:34.997721  In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 156: 10.0.2.3.53 > 10.0.2.15.35452: 7858 2/0/0 PTR mil04s26-in-f99.1e100.net., PTR mil04s26-in-f3.1e100.net. (112)

    如果尝试 ping vlan 子网中的主机,您可以看到 vlan 标记:

    [root@localhost ~]# tcpdump -i any not port 22 -nne
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
17:51:12.237624 Out 52:54:00:c5:83:ad ethertype ARP (0x0806), length 44: Request who-has 10.0.0.11 tell 10.0.0.10, length 28
17:51:12.237628 Out 52:54:00:c5:83:ad ethertype 802.1Q (0x8100), length 48: vlan 100, p 0, ethertype ARP, Request who-has 10.0.0.11 tell 10.0.0.10, length 28
17:51:13.238115 Out 52:54:00:c5:83:ad ethertype ARP (0x0806), length 44: Request who-has 10.0.0.11 tell 10.0.0.10, length 28
17:51:13.238123 Out 52:54:00:c5:83:ad ethertype 802.1Q (0x8100), length 48: vlan 100, p 0, ethertype ARP, Request who-has 10.0.0.11 tell 10.0.0.10, length 28
17:51:14.239809 Out 52:54:00:c5:83:ad ethertype ARP (0x0806), length 44: Request who-has 10.0.0.11 tell 10.0.0.10, length 28

    对我来说,您可以在物理接口上拥有管理 ip,而在 vlan 接口上拥有其他 ip

    • 0
  2. Best Answer

    以下配置采用一个 NIC - 为其创建一个 VLAN 接口 - 然后将桥接设备添加到原始 NIC 和 VLAN 接口

    ifcfg-br0

    BOOTPROTO="static"
DEFROUTE="yes"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
DNS1="10.244.53.108"
DNS2="10.245.177.15"
DOMAIN="dssdhop.lab.emc.com"
NM_CONTROLLED="no"
TYPE="Bridge"
IPADDR=10.244.141.171
PREFIX=24
GATEWAY=10.244.141.1
DNS1="10.244.53.108"

    ifcfg-br0.137

    BOOTPROTO="static"
DEFROUTE="yes"
NAME="br0.137"
DEVICE="br0.137"
ONBOOT="no"
DNS1="10.244.53.108"
DNS2="10.245.177.15"
DOMAIN="dssdhop.lab.emc.com"
NM_CONTROLLED="no"
TYPE="Bridge"
# Enable the following 3 IF you want to assign a local address to the host on this network
#IPADDR=10.244.137.54 
#PREFIX=24
#GATEWAY=10.244.137.1  – Generally don't want to specify a gatway - or it'll try using this as a default route!

    ifcfg-eno1

    TYPE=Ethernet
BOOTPROTO=none
NAME=eno1
UUID=8378a1f0-0330-45c8-bba6-7b77190cfb08
DEVICE=eno1
ONBOOT=yes
NM_CONTROLLED="no"
BRIDGE="br0"

    ifcfg-eno1.137

    DEVICE=eno1.137
VLAN=yes
ONBOOT=no
BRIDGE=br0.137
NM_CONTROLLED=NO
    • 0

相关问题