Description
Visit the Private Network page to learn more about the Multiple VLAN's feature.
Contents
Operating systems support matrix
| Operating System | Version | Style | Supports QinQ |
|---|---|---|---|
| Alma Linux | 8 | /etc/sysconfig/network-scripts/ifcfg-* | Yes |
| CentOS | 7 | /etc/sysconfig/network-scripts/ifcfg-* | Yes |
| Rocky Linux | 8 | /etc/sysconfig/network-scripts/ifcfg-* | Yes |
| Debian | 9-11 | /etc/network/interfaces | Yes |
| FreeBSD | 12-13 | /etc/rc.conf | Yes |
| Ubuntu | 18 - 22 | /etc/netplan/01-netcfg.yaml | Yes |
Windows Server | 2012 - 2022 | Windows style | Yes |
ESXi | 6.5 - 7.0 | ESXI style | Yes |
| ESXi | 6.0 | ESXI style | No |
| Rescue mode (GRML and Centos) | - | Using ip command line tool | Yes |
| Rescue mode (FreeBSD) | - | Using ifconfig command line tool | Yes |
Ubuntu
Configuration
Step1: Edit Netplan and add the following configuration for your QinQ VLAN. In our case it’s VLAN 100.
vi /etc/netplan/01-netcfg.yaml
vlans:
vlan.100:
id: 100
link: eno2
addresses: [192.168.1.100/24]
Run "netplan apply" command to apply the config changes. If necessary reboot the server
netplan apply
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
Removal
Step 1: Remove the existing persistent configuration from Netplan
vi /etc/netplan/01-netcfg.yaml
vlans:
vlan.100:
id: 100
link: eno2
addresses: [192.168.1.100/24]
Step 2: Apply the config. If necessary reboot the server
netplan apply
Debian
Configuration
Step 1: Install the VLAN package
sudo apt update && sudo apt install vlan
Important: Only for Debian 9
modprobe 8021q
Step 2: Edit the interfaces file and add the following configuration for your QinQ VLAN. In our case it’s VLAN 100.
vi /etc/network/interfaces
auto vlan100
iface vlan100 inet static
address 192.168.1.100/24
vlan-raw-device eno2
Step 3: Save and apply the config by bringing the QinQ interface online using the ifup/ifdown command or by restaring the system Network service
ifup vlan100
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
Removal
Step 1: Remove the existing persistent configuration from the "interfaces" file
Step 2: Apply and restart the Networking service if necessary
ifdown vlan100
CentOS / RockyLinux / AlmaLinux
Configuration
Step 1: Disable the NetworkManager service
Check the status of the NetworkManager.
sudo systemctl status NetworkManager
If NetworkManager is not running and you see Active: inactive (dead) you can proceed with step 2
If the NetworkManager service is active, it needs to be disabled
sudo systemctl stop NetworkManager
Step 2: Load kernel module
Check if kernel module 8021q is loaded.
sudo lsmod | grep 8021q
If it’s loaded, you will see an output similar to this:
If you do not, then it means that the module is not loaded. Load the kernel module.
sudo modprobe 8021q
To ensure that the kernel module 8021q is loaded during boot, we have to add the module into the modules configuration file.
sudo su -c 'echo "8021q" >> /etc/modules'
Step 3: Create a VLAN
Create a new configuration file for your QinQ VLAN. In our case it’s VLAN 100.
vi /etc/sysconfig/network-scripts/ifcfg-vlan100
Config:
DEVICE=vlan100 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.100 PREFIX=24 PHYSDEV=eno2 VLAN=yes
Step 4: Restart the NetworkManager service so the interface is created and in 'up' state
systemctl status NetworkManager
The alternative is to use the ifdown or ifup commands
ifdown vlan100 ifup vlan100
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
Removal
Remove the existing persistent configuration by reversing the steps from the Configuration part.
FreeBSD
Configuration
Edit the rc.conf file and add the following persistent configuration for your QinQ VLAN. In our case it’s VLAN 100.
vi /etc/rc.conf
vlans_bge1="100" ifconfig_bge1_100="inet 192.168.1.100/24"
With the "ifconfig" command you should see an ouput similar to this to confirm the creation of the interface:
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
Removal
Remove the existing persistent configuration by reversing the steps from the Configuration part.
Windows
Configuration
Step 1: Check before creating VLAN
Go to "Control Panel\Network and Internet\Network Connections" and right-click on "Embedded LOM 1 Port 2".
Select "Properties", then click "Configure" button and select "Advanced" tab.
Make sure that no VLAN ID is set in the network adapter advanced settings (VLAN ID value= 0).
Step 2: Create NIC Teaming
Go to Start → Server Manager → Select Local Server tab and enable the NIC Teaming by clicking on the link.
After enabling you get a "NIC Teaming" window. Under Teams section click Task → New Team.
Specify the Team name (VLAN ID) as "100" - This is your QinQ VLAN Id and select Member adapters as "Embedded LOM 1 Port 2".
Step 3: Create an interface
In the “Adapter and Interfaces” section add virtual network interfaces. Click Tasks -> Add Interface
You need to create 2 interfaces to make sure it's hybrid (one with Default VLAN for the Private Network overall traffic and another with 100, for the QInQ VLAN).
- Default VLAN (Private Network)
Add an interface with "VLAN 100" and select Default as VLAN Membership.
- QinQ VLAN
Click on the Add Interface again with Specific VLAN number.
After configuring you will see 2 new network connections under "Control Panel\Network and Internet\Network Connections":
Step 4: Assigning IP Address
Go to "Control Panel\Network and Internet\Network Connections".
Right-click on the newly created connection "VLAN 100" and Select Properties. Afterwards select Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.
Make sure "Obtain IP address automatically" is selected.
Right-click on the another newly created connection "VLAN100 - VLAN 100" and select Properties. Afterwards, select Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.
Assign 192.168.1.100/24
Subnet Mask: 255.255.255.0
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
An example, where we had another servers configured with 192.168.1.1 to verify that connectivity works.
Removal
Step 1: Delete Interfaces
In the “Adapter and Interfaces” section, select the two virtual network interfaces created for QinQ (one with Default Vlan & another with VLAN 100) and delete them.
Step 2: Disable Teaming
Go to Start → Server Manager → Select "Local Server" tab and Disable the NIC Teaming by clicking on the link "Enabled".
VMware ESXi
Configuration
- Virtual switch has to be created on the ESXi. In our case we've named it "Internal" followed by two port groups:
- Port group Internal access for untagged Private Network traffic
- Port group Internal VLAN 100 for the tagged QinQ VLAN 100 traffic
- Once we have the vSwitch and port-groups set, now we have to attach a NIC to the port-groups.
- For this example, we've created a virtual machine that will have hybrid access to the Private Network by adding two Network Adapters to it.
- Untagged Private Network
- Tagged QinQ
- For this example, we've created a virtual machine that will have hybrid access to the Private Network by adding two Network Adapters to it.
Important: To confirm that the QinQ VLAN works across the private network, you need to configure another server and do a simple ping test to verify.
An example, where we had another server configured with 192.168.1.1 to verify that QinQ connectivity works.
Removal
Step 1: Delete Virtual switches if necessary
Go to "Host" -> "Networking" & select "Virtual switches" tab. From there, Delete the pre-created virtual switch "Internal".
Step 2: Delete the Port groups
Go to "Host" -> "Networking" & select "Port groups" tab. From there, Delete the pre-created Port group "Internal Vlan 100" that relates to the QinQ VLAN.
Leaseweb Rescue Mode (GRML)
Configuration
An example how to create QinQ VLAN interface using the "ifconfig" command
ip link add link eno2 name eno2.100 type vlan id 100 ip addr add 192.168.1.100/24 dev eno2.100 ip link set dev eno2.100 up
Removal
To remove VLAN 100 from the eno2 interface execute the following IP command.
ip link delete eno2.100
Leaseweb Rescue Mode (FreeBSD)
Configuration
An example how to create QinQ VLAN interface using the "ifconfig" command
ifconfig bge1.100 create vlan 100 vlandev bge1 inet 192.168.1.100/24
ifconfig vlan100 create ifconfig vlan100 name bge1.100 ifconfig bge1.100 vlan 100 vlandev bge1 ifconfig bge1.100 inet 192.168.1.100/24
Removal
To remove a VLAN interface execute the following command.
ifconfig {vlan-name} destroy
Troubleshooting
First and foremost, you need to have more than one servers configured with the same tagged QinQ VLAN Id within a single subnet to be inspect and troubleshoot any connectivity issues.
Ping
The most basic check is to ping another IP on the private network that has QinQ VLAN interface configured. You could also add the -I vlan100@eno2 (source interface option)
An example:
ping 192.168.1.1
Packet capture
Run tcpdump or other packet capture tool on a server QinQ VLAN interface. An example:
tcpdump -nnvvi eth0 'vlan and vlan and host 192.168.1.1'
With this sample command you'll be capturing VLAN and Non-VLAN Traffic within the private network at the same time.
The traffic within the private network is transparent. QinQ (802.1ad) just segments but not isolates the traffic.
Other
Check for existing firewall policies or rules in place that don't permit any traffic over the private network