Network setup - How to - Routers - Cisco - Linux

To begin working with VLANs, is necessary to know how they work, that is, knowing the basic definitions and how to function in an environment that works with VLANs.

The operation of VLANs becomes more interesting when combined with trunk lines that allow the multiplexing of multiple VLANs via a single link.



Each frame that comes from the trunk is tagged with a VLAN ID (VLAN identifier), so that the devices can then provide the information only for VLANs where they belong.


Trunk ports can be configured between two switches, between a switch and a router, or between a switch and a computer that supports trunking (via IEEE 802.1q). In the computer each VLAN is treated as if it were a different interface. An important thing to remember is that all VLANs running on this physical interface share the same bandwidth, so if the link works at 100Mbps, this will be shared by all interfaces.

Linux and VLANs

Linux has long been support for working with or VLAN trunking via a kernel patch. In early versions, support trunking is supported from version 2.6

Linux patches are available online for a variety of network cards, however, currently Linux distributions come already prepared for such implementations.

Settings on a Linux Router for multiple VLANs

Configuring a Linux Router for multiple VLANs, is very similar to configurations with regular physical cards, the only difference is that it is necessary to indicate that physical interface being added each VLAN. For this you use the vconfig command.

For this example, three interfaces are created in the Linux Router, from 2-4, Linux Server eth0 port is connected to a trunk port of the switch that allows for communication between multiple VLANs, as shown in the following image.

The commands to perform the configuration on the Linux Router for multiple VLANs, are:

linux-7o72:~ # vconfig add eth0 2
linux-7o72:~ # vconfig add eth0 3
linux-7o72:~ # vconfig add eth0 4


You also need to make settings for the network address of each of the new interfaces:

ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255

The command "vconfig" can set a number of additional parameters such as VLAN name and others, but for example, we will use the minimum parameters for operation. Once you have defined the virtual interfaces you can display related data via the command "ifconfig -a", as is done with virtual interfaces.

This configuration is not permanent, that is, once the computer restarted all the work will be lost when you require this to be permanent you can create a script like this.

## Script creating multiple VLANs on a Linux Router ##
# / bin / bash
# Creating VLANs

vconfig add eth0 2
vconfig add eth0 3
vconfig add eth0 4

# Assigning IP VLANs
ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255

# Enable routing on Linux #
echo "1"> / proc/sys/net/ipv4/ip_forward

echo All interfaces are created!

Thus we have a Linux Router for multiple VLANs, then it is necessary to perform the settings in the PC with the following settings, for example only describes the configuration of the PC with address 172.16.2.10





Configuration on the switch

For this example we will use a switch WS-C2950G-24TS Cisco, because as everyone knows the settings vary in concordance with the make and model. However, this would work for any type of mark so long as the switch allows creating VLANs. (For this part requires a switch that is administrable and support the creation of VLANs)

The necessary settings on the switch are:

Sw1# configure terminal
Sw1(config)# interface G0/1
Sw1(config-if)# switchport mode trunk
Sw1(config-if)# switchport trunk encapsulation dot1q
Sw1(config-if)# exit

Range setting interfaces


    Interfaces    Vlan o Subred

    F0/1 – 8    Vlan 2

    F0/9 – 16    Vlan 3

    F0/17 – 24    Vlan 4
 

Sw1(config)# interface range f0/1 - 8
Sw1(config-if)#  switchport mode access
Sw1(config-if)#  switchport access vlan 2

Sw1(config)# interface range f0/9 - 16
Sw1(config-if)#  switchport mode access
Sw1(config-if)#  switchport access vlan 3

Sw1(config)# interface range f0/17 - 24
Sw1(config-if)#  switchport mode access
Sw1(config-if)#  switchport access vlan 4


Right now only necessary to test the performance of our network and be able to ping from the PC with IP address 172.16.2.10 to the PC with IP address 172.16.3.10

Cacti is an open source tool that allows a network administrator to know the link status, availability of network devices, among other things. This knowledge is important because it allows you to plan, book and manage efficiently the resources of a LAN.

Requirements:

• Distribution: Kubuntu 9.04
• Software: cacti (hobbit-4.2.0.tar.gz), apache2 (apache2.2.9)
• Server: netadmin (IP-Addr: 192.168.1.5)

Cacti Server Dependencies

Cacti requires that the following packages are installed on your system.

• RRDTool 1.0.49 or 1.2.x or greater
• MySQL 4.1.x or 5.x or greater
• PHP 4.3.6 or greater, 5.x is recommended
• Web Server, Apache2 for this manual.

Name required packages

• httpd
• php
• php-mysql
• php-snmp
• mysql
• mysql-server
• net-snmp

Installing Cacti program

netadmin @linux:~ > apt-get install cacti

Note: During this process, it will install all dependencies that cacti need. (Only debian based operating systems). In Kubuntu, Cacti for a password for the database during this process. So no need to perform subsequent configurations.

Cacti Server Basic Configuration

Once completed the installation process of packages, we proceed to the configuration is done through a web browser.

As this is a new installation, you only need to click on next.


This section asks the user key administrator for the first time, the User Name is "admin" and password: "admin". Cacti, then request the change of the password for the admin user

By default, the first time Cacti allows access to the admin account with admin password, then you make this change, you can view images of the home team. Cacti can monitor only the local computer, then you have to configure the control of other computers.

Add a new device

To add a new device (servers, switches or routers) must enter the Console tab and then select the item New Graph.

This section introduces the details of equipment, such as IP address, device description (important to identify it) and type of device.

This is a continuation of the previous screen is used to configure the communication mechanism of Cacti with the device, either through ping or snmp, snmp is best done by, and is also recommended to configure an SNMP community other than public


Creating new graphics on the device

To add a chart to an existing device, you must enter the Console tab and then select the item New Graph.

At this stage, Cacti, equipment selection requests which to generate the new graph

As shown, it is only necessary to perform a check on the new graph needs to be created.

Once you do this, the process is the same for adding new switches and routers. Cacti also allows many other options, however, this will allow you to start working with a very good system to control the bandwidth being used on the network.

To build a LAN, it is necessary to take into account many aspects to the network meets the needs of small and medium enterprises, ie designing the network is necessary to use techniques to get closer to success.

The hierarchical model has many benefits, as it allows the network more predictable. This, because the campus network is divided into layers and each layer defined in the services they provide. Compared to other network designs, a hierarchical network is managed and expanded more easily and resolve problems faster.

Among the advantages that exist to separate the networks in three levels, is that it is easier to design, implement, maintain and scale the network, plus it makes it more reliable, with better cost / benefit ratio. Each layer has specific functions assigned and not necessarily refer to a physical separation, but logic, so that various devices can have a single layer or a device by the features of more than one of the layers.

The layers and their typical functions are:

• The access layer, and controls the users access workgroup (workgroup access) or network resources. This layer performs the Ethernet switching. The access layer interfaces with end devices such as PCs, printers and IP phones, to provide access to the rest of the network. The access layer can include routers, switches, bridges, hubs, and wireless access points (AP). The main purpose of the access layer is to provide a means of connection to the network devices and control devices which can communicate over the network.

• The distribution layer is the means of communication between the access layer and the core. The functions of this layer are to provide routing, packet filtering, access to the WAN and determine which packets must arrive at Core. It also determines what is the fastest way to meet network requirements, for example, how to bring a file from a server.
  Here also are deployed network policies, eg routing, access-list, packet filtering, queuing, security is implemented and network policies, routing between VLANs and other workgroup functions are defined domains broadcast and multicast.

• The core layer is literally the core of the network, its only function is to switch traffic as fast as possible and is responsible for carrying large amounts of traffic in a reliable and fast, so the latency and speed are important factors in this layer.
  
  In case of failure, it affects all users, so that fault tolerance is important. Moreover, given the importance of speed, does not function as may increase latency, and access-list, interVLAN routing, packet filtering.
  
  The core layer is essential for interconnectivity among devices of the distribution layer, therefore, it is important that the core is highly available and redundant.
  
  The selection of switches or network equipment should be considered according to the requirements of each layer based on the hierarchical model.

In the access layer equipment can be found the following characteristics:

• 10/100/1000 Ethernet connectivity.
• PoE
• vlan
• QoS

In the distribution layer, it is advisable to purchase equipment which complies with the following features.

• Redundant links.
• Connections to 1G or 10G
• Capacity Routing (L2 and L3 Switches)
• QoS
• High switching capacity, like forwarding high rates.

While in the core layer, the switches have the following characteristics:

• Connections to 1G or 10G
• QoS
• High switching capacity, like forwarding high rates.
• Redundant links.

In some cases, when you have more than one public IP address you may want to use dynamic allocation thereof to the local network computers can connect to the Internet. This is accomplished by configuring an IP address pool on the router that performs NAT.

The commands needed for this configuration are described below:

General configuration of NAT and public address pool

Configuring the interface f0/0 (Internet)

Configuring the interface f0/1 (Internal LAN)

This is similar to the configuration required for a dynamic NAT with a single public IP address, with the only difference that it allows external devices to see more than one IP address on your network.



In the above commands, you can identify how you create the pool of public IP addresses and then how it is assigned to the NAT configuration line. In this case is no longer necessary overload keyword.

In the basic configuration of NAT, all internal network computers will share the same IP address for the public interface. Cisco routers allow the NAT settings in a way quite simple.

General Configuration of NAT (Access Control List)
--------------------------------------------
Router#configure terminal
Router(config)#access-list 90 permit 192.168.1.0 0.0.0.255
Router(config)#access-list 90 permit 192.168.2.0 0.0.0.255
Router(config)#ip nat inside source list 90 interface Ethernet0/0 overload 

Configuring the Interface F1/0 (LAN 1)
--------------------------------------------
Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit

Configuring the Interface F1/0 (LAN 2)
--------------------------------------------
Router(config)#interface FastEthernet1/1
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit


Configuring the Interface F0/0 (Internet)
--------------------------------------------
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 172.16.10.1 255.255.255.252
Router(config-if)#ip nat outside
Router(config-if)#end
Router# 

In this example, the cisco router performs rewriting of the public IP address to all devices that are both internal networks (LAN1 and LAN2). When devices connect to computers on the Internet, they do appear with the IP address 172.16.10.1

The following command tells the router that will translate any address that matches the access control list 90. The router performs the translation of all devices with the address of the interface f0/0, or rather by the network interface connected to the public network.

Router(config)#ip nat inside source list 90 interface F0/0 overload

The overload keyword is not necessary to write because the router automatically configures the option.

The configuration or operation of NAT is confusing to some users because they usually relate to functions of a firewall.