Multiple VLAN on a RaspberryPi

VLAN can be very handy to use several subnets on a machine with only one network interface. Learn how I’m using multiple VLAN on a RaspberryPi v3.

So far I’ve been using an Alix APUC1 to run my openHAB instance and some other services. That’s been very convenient, as it’s sporting 3 network interfaces and I prefer to keep things separate. My openHAB instance is using three different subnets, one for the “normal” LAN communication in my flat, one to be accessed from the internet (the DMZ) and a third one for all the sensors and actors I don’t want to be access the internet and phone home. However the Alix is convenient only when kept in the network cabinet near the switch as it’s need three LAN cables. Using wireless switches using z-wave or enocean works not so well with the openHAB running from a steel cabinet. That’s why I decided to move openHAB to a RaspberryPi. So I need to use vlaning to run the same three subnets a before on one NIC: All the steps described here have been taken on a freshly installed raspbian “Jessie” (2016-05-10).

Install dependencies and load kernel module

sudo apt-get install vlan
sudo modprobe 8021q

To load the 8012q kernel module for vlaning at boot time add it as last line of /etc/modules.

Create the virtual device(s)

Add the virtual network devices to /etc/network/interfaces:

# Interface for the internal (green) network
auto eth0.10
iface eth0.10 inet static
 address 192.168.2.13
 netmask 255.255.255.0

# Interface for the DMZ (orange)
auto eth0.12
iface eth0.10 inet static
 address 192.168.3.13
 netmask 255.255.255.224

# Interface for the sensor network (pink)
auto eth0.13
iface eth0.13 inet static
 address 192.168.6.1
 netmask 255.255.255.0

The numbers appended to the name of the “real” network interface are the VLAN ids. So in my setup VLAN 10 is the local (green) network, 12 the DMZ (orange) and 13 my home automation network (pink).

Add routes and rules

The networks stack by default only routes the packages from the first network. For other networks you need to configure routes manually. First add two new routing tables to /etc/iproute2/rt_tables:

1    rt_pink
2    rt_orange

Then define the routes in /etc/rc.local:

ip route add 192.168.3.0/27 dev eth0.12 src 192.168.3.13 table rt_orange
ip route add default via 192.168.3.1 dev eth0.12 table rt_orange
ip rule add from 192.168.3.13/27 table rt_orange
ip rule add to 192.168.3.13/27 table rt_orange

Then restart the networking system:

sudo systemctl daemon-reload
sudo systemctl restart networking

or restart the whole system:

sudo reboot

Testing

Check if other hosts in the different subnets can be reached:

ping -c 3 192.168.2.105
ping -c 3 192.168.3.105

Now networking should be working for the subnet(s) on one wire.

Leave a Reply

Your email address will not be published. Required fields are marked *