1

Disclaimer: To this day I've been a lurker, still learning and for the the first time in 2 years, I didn't find any answer to my question, thank you very much for your read and I hope you'll take some time to help

I'm trying to setup two VLANS on my already existing LAN card, the purpose of this setup is to first make a first VLAN work before having everything going through different VLANS for different purposes

Here is my configuration:

Lan card:

cat /etc/netplan/10-enp1s0.yaml network:  version: 2  renderer: networkd  ethernets:
#LAN CARD config
   enp1s0:
     optional: true
     dhcp4: false
     dhcp6: false
     addresses: [192.168.1.91/24, ]
     gateway4: 192.168.1.254
     nameservers:
       addresses: [192.168.1.91, ] //I have a DNS on the server
       search: [domain.net]

Vlan:

cat /etc/netplan/11-vlan.11.yaml
 vlans:
   vlan.11:
     id: 11
     link: enp1s0
     optional: true
     dhcp4: false
     dhcp6: false
     addresses: [192.168.1.92/24, ]
     nameservers:
       addresses: [192.168.1.91, ]

With this configuration, here are the results:

  • When I try to ping vlan.11 from enp1s0, or the other way around I have no reply.
  • When I try to ping any internet from enp1s0, it works, but when I try with vlan.11, it doesn't work.

8.8.8.8 with enp1s0:

ping -I enp1s0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.1.91 enp1s0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=9.24 ms

8.8.8.8 with vlan.11:

ping -I vlan.11 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.1.92 vlan.11: 56(84) bytes of data.
3 packets transmitted, 0 received, 100% packet loss, time 2039ms
  • The last part and the weirdest one is that I'm able to ping both adresses with my a different PC on the same network
Pinging 192.168.1.91 with 32 bytes of data: Reply from 192.168.1.91:
bytes=32 time<1ms TTL=64

Pinging 192.168.1.92 with 32 bytes of data: Reply from 192.168.1.92:
bytes=32 time<1ms TTL=64 Reply from 192.168.1.92: bytes=32 time<1ms
TTL=64

So, can you please explain me why my vlan is not working properly ? What am I missing to have vlan.11 to behave like a network card.

Thank you very much for your read and any help is greatly appreciated.

When I type sudo netplan --debug generate, I see this (don't worry about enp2s0, not configured neither connected for now):

sudo netplan --debug generate
DEBUG:command generate: running ['/lib/netplan/generate']
** (generate:9423): DEBUG: 11:30:08.752: Processing input file /etc/netplan/10-enp1s0.yaml..
** (generate:9423): DEBUG: 11:30:08.752: starting new processing pass
** (generate:9423): DEBUG: 11:30:08.752: Processing input file /etc/netplan/11-vlan.11.yaml..
** (generate:9423): DEBUG: 11:30:08.752: starting new processing pass
** (generate:9423): DEBUG: 11:30:08.752: Processing input file /etc/netplan/20-enp2s0.yaml..
** (generate:9423): DEBUG: 11:30:08.752: starting new processing pass
** (generate:9423): DEBUG: 11:30:08.752: vlan.11: setting default backend to 1
** (generate:9423): DEBUG: 11:30:08.752: Configuration is valid
** (generate:9423): DEBUG: 11:30:08.752: enp2s0: setting default backend to 1
** (generate:9423): DEBUG: 11:30:08.752: Configuration is valid
** (generate:9423): DEBUG: 11:30:08.752: enp1s0: setting default backend to 1
** (generate:9423): DEBUG: 11:30:08.752: Configuration is valid
** (generate:9423): DEBUG: 11:30:08.752: Generating output files..
** (generate:9423): DEBUG: 11:30:08.752: NetworkManager: definition enp1s0 is not for us (backend 1)
** (generate:9423): DEBUG: 11:30:08.752: NetworkManager: definition vlan.11 is not for us (backend 1)
** (generate:9423): DEBUG: 11:30:08.752: NetworkManager: definition enp2s0 is not for us (backend 1)
Samy
  • 11
  • 1
  • 1
  • 5

3 Answers3

1

Your .yaml files are incomplete.

You can't "erasing my LAN card configuration".

Remove both .yaml files and try this... keep the same spacing and indentation, and no tabs...

network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      addresses: [192.168.1.91/24]
      gateway4: 192.168.1.254
      nameservers:
        addresses: 192.168.1.91
        search: [domain.net]
      optional: true
  vlans:
    vlan.11:
      id: 11
      link: enp1s0
      addresses: [192.168.1.92/24]

sudo netplan --debug generate # generate config files

sudo netplan apply # apply new configuration

reboot # reboot the computer

heynnema
  • 70,711
  • Hello, Thank you very much for your time.

    By "erasing" I just meant I'll remove IP configuration from the LAN card, not erasing the yaml file of course, I've corrected the question.

    Thank you for answering my question, I've tried this solution however I'm having the exact same result as with the configuration I posted above. Everything is behaving the exact same way.

    Do you have any other suggestion ?

     – Samy Jan 10 '20 at 10:17
  • @Samy Your sudo netplan --debug generate is for when you still had two separate .yaml files. Show me when using my .yaml please. – heynnema Jan 10 '20 at 15:41
  • @Samy show me uname -r and dpkg -l *netplan* – heynnema Jan 10 '20 at 15:48
  • @Samy What does "I'll remove IP configuration from the LAN card" mean? – heynnema Jan 10 '20 at 16:02
  • Thank you very much for your time, I'll put it below – Samy Jan 10 '20 at 19:23
  • @Samy Please see my prior comment about sudo netplan --debug generate while using only my .yaml file. Then do sudo netplan apply then reboot, then retest the pings. – heynnema Jan 10 '20 at 21:14
  • I've edited my answer using your config file only, I've retested the pings and it's behaving in the same exact manner....

    If this can help, networkctl list is giving me "configuring" on each interface.

     – Samy Jan 10 '20 at 22:08
  • @Samy I'd try booting to a Ubuntu Live 19.10 DVD/USB, installing my .yaml, and see if it works there. – heynnema Jan 10 '20 at 22:11
  • Good idea! I'll give it a try – Samy Jan 10 '20 at 22:23
  • Alright, after LONG minutes of testing, I've come up with a fresh new install on two different computers, and used exactly what you've sent me, and still have the same behavior. At this point, I think I'm stupid because I think I got the issue. All those computers are connected through a switch that came with the ISP. Do I need something special is term of hardware ? – Samy Jan 11 '20 at 00:23
  • @Samy You tried 19.10, yes? I don't think the problem is with you... I think the problem is with netplan. Is this a server or desktop installation? – heynnema Jan 11 '20 at 00:32
  • @Samy Please see https://wiki.ubuntu.com/vlan and https://askubuntu.com/questions/660506/how-to-setup-and-save-vlans-on-ethernet. These are NetworkManager specific, but the vlan and 8021q software may be required for this to work with netplan. If you're using netplan, then you shouldn't modify /etc/network/interfaces. Report back. – heynnema Jan 11 '20 at 15:39
  • Oh...I've tried 18.04 because that's the setup I have, however in both cases I have the latest version of netplan package. my main computer is the server 18.04 LTS version, the one I did use on the USB is 18.04 LTS desktop version. – Samy Jan 11 '20 at 20:37
  • I've seen those links, I already have 8021q module installed and firing up at boot, however I didn't want to use vlan package for the fact that netplan should be able to do it, it's just I'm uncomfortable with splitting up my network configuration between netplan & vlan. of course I won't modify network/interfaces because of the risk of conflict. I will check if netplan need vlan module setup tonight, I will keep you informed, and again, thank you very much for your help and time, you're really making me ask myself the right questions – Samy Jan 11 '20 at 20:40
  • Also, my renderer is networkd, not NetworkManager – Samy Jan 11 '20 at 21:58
  • Alright, reporting time. I've tried setting up everything, installing vlan and doing the steps required, with the method in the wiki and the netplan method I've been using till now, I have the same exact result. I can ping both vlan interfaces from a windows PC in the same network, but the vlans can't ping ANYTHING, not even each other or the windows machine that can ping them successfully. At this point, I believe my configuration is correct, but something is missing, or blocking to traffic out of the vlans. What do you think ? – Samy Jan 11 '20 at 22:24
  • @Samy I just spent the last few hours playing with this myself. I set up a 19.10 server in Virtualbox, and used a clone of my .yaml file. What I found was that ip a showed .91 and .92. I could ping/host in/out of .91, but not .92. I could ping both .91 and .92 from my host, AND I could ssh into either .91 or .92. What have we learned? That vlans don't work the way we think they do. There's a user here named slangseek, or something like that, who works for the netplan folks, and I wish we could track him down... – heynnema Jan 11 '20 at 22:44
  • @Samy I found that user... name is "slangasek"... and I just sent them a message, asking them to take a look at your question. Hopefully... – heynnema Jan 11 '20 at 22:53
  • Hope he will answer, thank you very much. If it wasn't you, no one for now have answered me and I would have lost faith on this. It's my first question ever on this website. – Samy Jan 12 '20 at 00:51
0

@heynnema:

Here is the output of sudo netplan --debug generate, I've just added optional to vlan.11 so the server will not wait for cloud-init

sudo netplan --debug generate

DEBUG:command generate: running ['/lib/netplan/generate']
** (generate:4851): DEBUG: 23:05:16.984: Processing input file /etc/netplan/10-enp1s0.yaml..
** (generate:4851): DEBUG: 23:05:16.984: starting new processing pass
** (generate:4851): DEBUG: 23:05:16.984: vlan.11: setting default backend to 1
** (generate:4851): DEBUG: 23:05:16.984: Configuration is valid
** (generate:4851): DEBUG: 23:05:16.984: enp1s0: setting default backend to 1
** (generate:4851): DEBUG: 23:05:16.984: Configuration is valid
** (generate:4851): DEBUG: 23:05:16.984: Generating output files..
** (generate:4851): DEBUG: 23:05:16.984: NetworkManager: definition enp1s0 is not for us (backend 1)
** (generate:4851): DEBUG: 23:05:16.984: NetworkManager: definition vlan.11 is not for us (backend 1)

uname -r

4.19.0-041900-generic

dpkg -l netplan

dpkg -l *netplan*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                                  Version                         Architecture                    Description
+++-=====================================================-===============================-===============================-===============================================================================================================
un  netplan                                               <none>                          <none>                          (no description available)
ii  netplan.io                                            0.98-0ubuntu1~18.04.1           amd64                           YAML network configuration abstraction for various backends

I really hope this will help you to help me on this issue, thank you again for your time.

Samy
  • 11
  • 1
  • 1
  • 5
0

Problem solved !

Instead of pinging and using vlan.11 (which is ..layer 2 name ? kind of?)

Anyway, using the ip adress directly works like a charm, so in short:

ping -I vlan.11 doesn't work ping -I work perfectly !

Thank you for your help, hope this helps someone else

Samy
  • 11
  • 1
  • 1
  • 5
  • 1
    I don't understand this answer. 'ping -I' always takes an interface name, but you don't say what interface name you used in place of 'vlan.11'. And no, vlan.11 is not a "layer 2" name. Your previous ping output shows that ping /does/ recognize it as an interface name. My question would be, how is your switch configured for the handling of this vlans? You can't put a vlan on a bare, unmanaged network and expect it to interoperate; only other devices using the same vlan ID (ID 11) will see your interface, and you don't mention anything about that configuration. – slangasek Jan 14 '20 at 01:40
  • Also you mention trying to ping the public internet using the VLAN interface, but you don't mention having set up any routing via that VLAN, either. Is a vlan actually what you're trying to set up? Or are you really after having multiple addresses assigned to an interface? – slangasek Jan 14 '20 at 01:42
  • Hello @slangasek, I will to answer your questions the best I can. I myself don't understand why ping -I vlan.11 doesn't work, but actually ping -I 192.168.1.92 (which is the ip of vlan.11) work. – Samy Jan 14 '20 at 21:06
  • Vlan.11 is not interoperating with anything, I'm just using it to have a second ip adress on my network card, it directly communicate with the main switch/ISP router. – Samy Jan 14 '20 at 21:09
  • Yes I'm able to ping public addresses without setting any routing, I actually posted my netplan config, you can try it yourself and see that it works, why ? I'm not a network engi... however I think that's because it's linked to the main NIC and it route everything through it by default – Samy Jan 14 '20 at 21:10
  • If you are not using vlans for broadcast domain isolation on a physical network, then vlans are the wrong tool for what you're trying to accomplish. If all you want is a second IP address, then use netplan's support for multiple addresses on a single interface. – slangasek Jan 15 '20 at 22:28
  • Thank you very much for your advice ! Can you please send me some good read about vlan and how to properly setup one for domain isolation in a network please ? I want to implement that in the future to isolate my computer and work tools from home network (I work from home from time to time) – Samy Jan 16 '20 at 00:26
  • Here is some information about what a vlan is and what they are used for: https://study-ccna.com/what-is-a-vlan/ In order to use vlans for isolation to prevent machines from being able to see each other (instead of someone just reconfiguring the system to talk on a vlan), you need vlan support on your switches. – slangasek Jan 17 '20 at 05:35
  • Thank you very much for your help.

    Problems solved and questions answered, have a good day !

     – Samy Jan 17 '20 at 19:08