Note: This article is only tested with CentOS 7.
As you probably already know, VLAN (Virtual LAN) is used to segment networks. There are several reasons why you would want to configure VLAN on your OP5 server.
Let's say you have a very large amount of monitored hosts and services. All the traffic destined for the server will probably be routed at the distribution layer. This could be avoided with VLAN configured on the server. Since the server would be on the same network as your hosts, the traffic will never be sent to your router/firewall. The traffic would only be handled in the access layer.
The interface connecting to the OP5 server, most likely a switch port, has to be configured as an 802.1Q trunk.
Before you start configuring your VLAN, there are a few things to take into consideration. For starters, where should the traffic destined for the Internet go? You could either:
- Remove the IP details from the physical interface and use one of the VLAN for the default route. Note that you might have to add the option "BOOTPROTO=none" to the physical interface for this to work.
- Just tag untagged traffic at the switch with the desired VLAN ID and leave the configuration for the physical interface. Most often referred to as native VLAN in terms of switch configuration.
It is recommended that you have physical access to the server, since you can easily lose contact with the server if something isn't configured correctly.
- Use your favourite SSH client to connect to your OP5 server.
- Create a new file in /etc/sysconfig/network-scripts/ and name it "ifcfg-eth0.X". Where "X" is your VLAN ID. The valid VLAN ID range is between 1 and 4096. VLAN 1 is untagged traffic.
Add the following to that file and replace the options to match your network configuration.
Note: Only add the "GATEWAY" statement for the interface used for outbound traffic. There can only be one default route.
Save the new configuration file and restart the network service. Note that you will lose connection to the server and will have to reconnect.
# /etc/init.d/network restart
Please sign in to leave a comment.