1

My goal is to run a software router (Sophos) in KVM, using a single physical NIC in an X220T for the WAN-side, LAN-side, host (Kubuntu), and any other KVM guests.

I tried following https://wiki.ubuntu.com/vlan, but it seems outdated using /etc/network/interfaces. For now, these are the commands that seem to do stuff:

sudo apt-get install VLAN
sudo modprobe 8021q
sudo su -c 'echo "8021q" >> /etc/modules'

sudo vconfig add enp0s25 444
sudo vconfig add enp0s25 888
sudo ip link set up enp0s25.444
sudo ip link set up enp0s25.888

The switch setup is VLAN 444 for WAN, VLAN 888 for LAN:

  • Port 1 - Modem, member of VLAN 444, ingress pvid 444, untagged egress.
  • Port 2 - This X220T, member of VLAN 444 and 888, ingress pvid 888 (My understanding is this only applies to untagged packets i.e. from the non-VLAN interface, but packets already tagged 444 will remain 444, even with pvid set to 888), tagged egress for both VLAN 444 and 888.
  • Ports 3-8 - Client workstations, members of VLAN 888, ingress pvid 888, untagged egress.

I was able to use virt manager to give Sophos both VLAN interfaces (444 passthrough, 888 bridge so it will share with host and other vguests), but in the ISO installer, I didn't know which was which between eth0 and eth1 so I guessed eth0 for WAN and eth1 for LAN and switched the cables around to try both sides, but I couldn't access the management address in either case.

Since it's not working, for now, I've plugged the X220T back into the old router so I can at least SSH into it... here is the output of ip addr at this point, maybe I have a wrong setting somewhere?

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f0:de:f1:61:23:ac brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.22/24 brd 192.168.0.255 scope global dynamic noprefixroute enp0s25
       valid_lft 245314sec preferred_lft 245314sec
    inet6 fe80::39be:9737:c950:363f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether a0:88:b4:5f:53:bc brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:09:fd:21 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:09:fd:21 brd ff:ff:ff:ff:ff:ff
12: enp0s25.444@enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f0:de:f1:61:23:ac brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f2de:f1ff:fe61:23ac/64 scope link 
       valid_lft forever preferred_lft forever
13: enp0s25.888@enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f0:de:f1:61:23:ac brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f2de:f1ff:fe61:23ac/64 scope link 
       valid_lft forever preferred_lft forever
Tejas Lotlikar
  • 2,875
  • 5
  • 16
  • 26
davidtgq
  • 123
  • 1
  • 6

1 Answers1

0

All it is needed to configure vlan with iproute2 is as below:

ip link add name ${VLAN interface name} link ${parent interface name} type vlan id ${tag}

"VLAN interface name" - any name;
"parent interface name" - trunk interface;
"tag" - 802.1q vlan id

RomanK
  • 440
  • 3
  • 8