2. 首页 > Linux教程 > 正文

Linux教程FG203-VLAN虚拟局域网配置

教程整理:风哥教程  |  更新时间:2026-01-25  |  教程分类:Linux教程  |  文档学习:17

内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。

风哥提示:

本文档详细介绍VLAN虚拟局域网的配置方法,包括VLAN接口创建、VLAN间路由等内容。

Part01-VLAN基础概念

1.1 VLAN概述

# VLAN(Virtual Local Area Network)虚拟局域网
# 作用:
# 1. 隔离广播域
# 2. 提高网络安全性
# 3. 简化网络管理
# 4. 提高网络灵活性

# VLAN ID范围:
# 0-4095,其中:
# 0和4095:保留
# 1:默认VLAN
# 2-1001:标准VLAN范围
# 1002-1005:FDDI和令牌环VLAN
# 1006-4094:扩展VLAN范围

# 802.1Q标签格式:
# TPID(Tag Protocol ID):0x8100
# TCI(Tag Control Info):
# – Priority:3位,优先级
# – CFI:1位,规范格式指示
# – VLAN ID:12位,VLAN标识

Part02-创建VLAN接口

2.1 使用nmcli创建VLAN

# 查看物理接口
$ nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
lo loopback unmanaged —

# 创建VLAN 10接口
$ sudo nmcli connection add type vlan \
con-name vlan10 \
ifname vlan10 \
dev eth0 \
id 10

Connection ‘vlan10’ (abc12345-1234-5678-90ab-cdef12345678) successfully added.

# 配置VLAN接口IP地址
$ sudo nmcli connection modify vlan10 \
ipv4.addresses 192.168.10.1/24 \
ipv4.method manual

# 激活VLAN接口
$ sudo nmcli connection up vlan10
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/20)

# 创建VLAN 20接口
$ sudo nmcli connection add type vlan \
con-name vlan20 \
ifname vlan20 \
dev eth0 \
id 20

Connection ‘vlan20’ (def23456-2345-6789-01bc-defg23456789) successfully added.

$ sudo nmcli connection modify vlan20 \
ipv4.addresses 192.168.20.1/24 \
ipv4.method manual

$ sudo nmcli connection up vlan20
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21)

# 查看VLAN接口
$ ip addr show | grep vlan
4: vlan10@eth0: mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.10.1/24 brd 192.168.10.255 scope global noprefixroute vlan10
5: vlan20@eth0: mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.20.1/24 brd 192.168.20.255 scope global noprefixroute vlan20

Part03-使用ip命令管理VLAN

3.1 临时创建VLAN接口

# 加载802.1Q模块
$ sudo modprobe 8021q

# 验证模块加载
$ lsmod | grep 8021q
8021q 32768 0
garp 20480 1 8021q
mrp 20480 1 8021q

# 创建VLAN接口
$ sudo ip link add link eth0 name vlan30 type vlan id 30

# 配置IP地址
$ sudo ip addr add 192.168.30.1/24 dev vlan30

# 启用接口
$ sudo ip link set vlan30 up

# 查看VLAN接口
$ ip -d link show vlan30
5: vlan30@eth0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
vlan protocol 802.1Q id 30 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

# 删除VLAN接口
$ sudo ip link delete vlan30

# 查看所有VLAN接口
$ cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
vlan10 | 10 | eth0
vlan20 | 20 | eth0

Part04-VLAN配置文件

4.1 配置文件方式创建VLAN

# 创建VLAN配置文件
$ sudo tee /etc/sysconfig/network-scripts/ifcfg-vlan100 << EOF DEVICE=vlan100 NAME=vlan100 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.100.1 PREFIX=24 NETWORK=192.168.100.0 NETMASK=255.255.255.0 VLAN=yes VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD PHYSDEV=eth0 VLAN_ID=100 EOF # 创建物理接口配置文件 $ sudo tee /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF DEVICE=eth0 NAME=eth0 TYPE=Ethernet BOOTPROTO=none ONBOOT=yes EOF # 重启网络服务 $ sudo nmcli connection reload $ sudo nmcli connection up vlan100 # 验证配置 $ ip addr show vlan100 6: vlan100@eth0: mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.学习交流加群风哥QQ113257174100.1/24 brd 192.168.100.255 scope global noprefixroute vlan100
valid_lft forever preferred_lft forever

Part05-VLAN间路由

5.1 配置VLAN间路由

# 启用IP转发
$ sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

# 永久启用
$ echo “net.ipv4.ip_forward = 1” | sudo tee /etc/sysctl.d/99-ipforward.conf
net.ipv4.ip_forward = 1

# 应用配置
$ sudo sysctl -p /etc/sysctl.d/99-ipforward.conf
net.ipv4.ip_forward = 1

# 配置防火墙允许VLAN间通信
$ sudo firewall-cmd –permanent –add-interface=vlan10
success
$ sudo firewall-cmd –permanent –add-interface=vlan20
success

# 允许VLAN间转发
$ sudo firewall-cmd –permanent更多学习教程公众号风哥教程itpux_com –zone=trusted –add-source=192.168.10.0/24
success
$ sudo firewall-cmd –permanent –zone=trusted –add-source=192.168.20.0/24
success

# 重新加载防火墙
$ sudo firewall-cmd –reload
success

# 测试VLAN间通信
$ ping -I vlan10 192.168.20.1
PING 192.168.20.1 (192.168.20.1) from 192.更多视频教程www.fgedu.net.cn168.10.1 vlan10: 56(84) bytes of data.
64 bytes from 192.168.20.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.20.1: icmp_seq=2 ttl=64 time=0.098 ms
64 bytes from 192.168.20.1: icmp_seq=3 ttl=64 time=0.105 ms

— 192.168.20.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.098/0.108/0.123/0.010 ms

# 查看路由表
$ ip route show
192.168.10.0/24 dev vlan10 proto kernel scope link src 192.168.10.1
192.168.20.0/24 dev vlan20 proto kernel scope link src 192.168.20.1
192.168.100.0/24 dev vlan100 proto kernel scope link src 192.168.100.1

风哥针对配置建议:
1. 使用nmcli创建持久化VLAN配置
2. 确保交换机端口配置为Trunk模式
3. 合理规划VLAN ID避免冲突
4. 启用IP转发实现VLAN间路由
5. 配置防火墙规则控制VLAN间访问

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html

相关推荐

联系我们

在线咨询:点击这里给我发消息

微信号:itpux-com

工作日:9:30-18:30,节假日休息