主页 / unix / 问题 / 783629
Accepted
shpokas
Asked: 2024-09-17 22:23:55 +0800 CST

如何在基于 RHEL 的系统上创建持久的 VLAN 感知桥(即使用 NetworkManager)

  • 772

在基于 RHEL 的系统上,网络应该由 NetworkManager 管理。我想构建一个持久的 VLAN 感知桥配置,该配置在重新启动后仍然有效。基于AB 的出色回答,我为运行 Alma Linux 9.4 的虚拟机创建了一个网络配置,该虚拟机接收 VLAN 1 标记的流量,并且可从管理 VLAN 访问。但如何使其持久?可以使用标准网络管理工具 NetworkManager 来完成吗?

# cat mkbr2.sh 
ip link add name bridge0 type bridge vlan_filtering 1 vlan_default_pvid 0
ip link set dev ens192 master bridge0
ip link set bridge0 up
bridge vlan add vid 1 dev bridge0 pvid untagged self
bridge vlan add vid 2-4094 dev ens192
bridge vlan add vid 1 dev ens192 pvid
ip addr add 10.200.200.106/24 dev bridge0
ip route add default via 10.200.200.10

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master bridge0 state UP group default qlen 1000
    link/ether 00:0c:29:44:89:b3 brd ff:ff:ff:ff:ff:ff
    altname enp11s0
6: bridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:44:89:b3 brd ff:ff:ff:ff:ff:ff
    inet 10.200.200.106/24 scope global bridge0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe44:89b3/64 scope link 
       valid_lft forever preferred_lft forever

# bridge -compressvlans vlan show
port              vlan-id  
ens192            1 PVID
                  2-4094
bridge0           1 PVID Egress Untagged
networkmanager

1 个回答

  1. Best Answer

    建立 VLAN 网桥的传统方法

    这就是我在路由器上构建网桥的方式nmcli。我有 3 个 VLAN(10=lan、11=guest、12=iot),我将每个 VLAN 放在各自的网桥上。我还将 WAN 放在自己的网桥上。因此,我们可以看到它们之间的直接接口、VLAN 接口、DHCP 和静态配置!这不使用网桥过滤,而是每个 VLAN 使用一个网桥,这在nft规则中很有用,或者可以作为 qemu VM 的简单网桥目标;只需指定网桥名称!

    WAN=enp2s0
LAN=enp3s0

# Clean up any residual configurations
nmcli connection delete $WAN $LAN.10 $LAN.11 $LAN.12 br-lan br-guest br-iot br-wan >/dev/null 2>&1
nmcli device delete $LAN.10 $LAN.11 $LAN.12 >/dev/null 2>&1

# Configure internet (WAN)

nmcli device set $WAN autoconnect yes

nmcli connection add type bridge con-name br-wan ifname br-wan bridge.stp no ipv4.method auto ipv6.method disabled
nmcli connection add type bridge-slave con-name $WAN ifname $WAN master br-wan


# Configure the separate VLANs

nmcli device set $LAN autoconnect no

nmcli connection add type bridge con-name br-lan ifname br-lan bridge.stp no ip4 192.168.0.1/24 ipv6.method disabled
nmcli connection add type vlan con-name $LAN.10 ifname $LAN.10 vlan.parent $LAN vlan.id 10 slave-type bridge master br-lan
nmcli device set $LAN.10 autoconnect yes

nmcli connection add type bridge con-name br-guest ifname br-guest bridge.stp no ip4 192.168.2.1/24 ipv6.method disabled
nmcli connection add type vlan con-name $LAN.11 ifname $LAN.11 vlan.parent $LAN vlan.id 11 slave-type bridge master br-guest
nmcli device set $LAN.11 autoconnect yes

nmcli connection add type bridge con-name br-iot ifname br-iot bridge.stp no ip4 192.168.3.1/24 ipv6.method disabled
nmcli connection add type vlan con-name $LAN.12 ifname $LAN.12 vlan.parent $LAN vlan.id 12 slave-type bridge master br-iot
nmcli device set $LAN.12 autoconnect yes

    结果是这样的:

    % nmcli con show
NAME              UUID                                  TYPE       DEVICE    
br-wan            0102b304-effc-4437-a70a-aa3360d4d3e0  bridge     br-wan    
br-lan            acf41256-e68b-40a8-a85a-944eb95035a6  bridge     br-lan    
br-guest          a3c962bb-e605-46aa-8d43-7cb9db4ebad1  bridge     br-guest  
br-iot            f7715bbd-1a7c-41fb-bfb0-5ddc2900048a  bridge     br-iot    
enp2s0            e966376e-39e5-4789-aaaa-5a2c0154323d  ethernet   enp2s0    
enp3s0.10         bfd85eca-989c-499c-89d2-cb4f57d0cde9  vlan       enp3s0.10 
enp3s0.11         a63e60ce-e808-499e-bfb1-aedb5ee83541  vlan       enp3s0.11 
enp3s0.12         2d775836-ab3b-4ccb-a120-c32e2ec0efc7  vlan       enp3s0.12 
lo                87342e58-0839-4e20-9db0-2d653faa117c  loopback   lo

    使用桥接 VLAN 过滤的新方法

    另一种方法是使用较新的桥接过滤,也可以以类似的方式完成

    这台测试机上ens2有外部网络接口。因此,我们建立一个启用了 VLAN 过滤和默认 PVID 的网桥,然后将接口添加到网桥并定义与端口关联的 VLAN。

    nmcli con del mybridge
nmcli conn add type bridge con-name mybridge ifname mybridge bridge.stp no ipv4.method auto ipv6.method disabled bridge.vlan-filtering 1 bridge.vlan-default-pvid 1

nmcli con delete ens2
nmcli con add type bridge-slave con-name ens2 ifname ens2 master mybridge bridge-port.vlans "1 pvid,2-4094"

    现在我们可以看到结果与之前的结果类似:

    # bridge -compressvlans vlan show
port              vlan-id  
ens2              1 PVID
                  2-4094
mybridge          1 PVID Egress Untagged

# nmcli con show
NAME      UUID                                  TYPE      DEVICE   
mybridge  19ed366a-a954-45bc-8f12-ad5ac004ce29  bridge    mybridge 
ens2      621368c3-f973-4865-886b-808bda61d389  ethernet  ens2     
lo        ed24d02e-2e25-4f84-a38f-20d42147a582  loopback  lo
    • 1

相关问题