VLAN Routing through Nethserver

Support
4

Let’s start from the basics.

I do think you will prefer a “Router on a stick” setup instead of using a single interface for each VLAN (which is also quite expensive if you have more than 4 VLANs). So, let’s assume the following:

  • You have interface eth0 from NS to the switch port 1;
  • VLAN 1 will be the “Management” VLAN (e.g. 192.168.1.x/24);
  • NS would be your gateway for any VLANs on .254 address (e.g. 192.168.1.254);
  • We will use class C networks for the VLANs with the third octet being the VLAN ID (e.g. 192.168.40.x/24 for the VLAN 40);
  • On port 2 of the switch you have the connection to the DB, VLAN 20, its IP address would be 192.168.20.1;
  • From port 3 to port 8 you have the clients, each one in a single VLAN (port 3 -> VLAN 30).

So the configuration on the switch with 802.11q (and not port based VLAN) is the following:

  • Give to the switch a management IP address on vlan interface 1 (e.g. 192.168.1.1);
  • Port 1: mode trunk, native vlan 1, all other VLAN will be passed as tagged;
  • Port 2 to 8 will be each assigned in access mode (untagged) to each VLAN (port 2 to VLAN ID 20, port 3 to VLAN ID 30 etc.).

On NS side:

  • Interface eth0 would be configured as role red, IP address 192.168.1.254 mask 255.255.255.0;
  • Add a virtual interface with VLAN support for each VLAN you defined on the switch (excepted the 1, of course), using each VLAN ID;
  • Configure each eth0.<vlanid> interface with address 192.168.<vlanid>.254, netmask 255.255.255.0 (but you may also use a /30 network, since one client for one VLAN) with role red (or blue). DO NOT indicate the default gateway address for these interfaces;
  • Optionally, configure DHCP on each VLAN so your clients would receive an IP address automatically;
  • Optionally, configure a DNS entry for the DB server (to simplify access by using DNS names);
  • Insert a NAT rule for the DB: origin port 3306, destination port 3306, create a host for the DB Server, Allow only from: 192.168.0.0/16 (summarizing each VLAN).

Aaaand you should be done. It should be more or less half an hour of configuration.

HTH.

4 Likes
VLAN and Guests Network