RCPlive: Inter-VLAN Routing

VLAN configuration

VLAN interfaces are created using vlan interface command.

[no] interface vlan  <interface name> id <vlan id> <parent interface>
where:
   <interface name> is the interface name assigned
   <vlan id> is the VLAN number (1...4094)
   <parent interface> is the Eternet interface holding this VLAN

The no form of the command removes the interface. I enable eth1 with no IP address assigned to it, and I create the two VLAN interfaces. For each VLAN interface I assign an IP address and enable it.

rcp(config)#interface ethernet eth1
rcp(config-if eth1)#no ip address
rcp(config-if eth1)#no shutdown
rcp(config-if eth1)#exit
rcp(config)#
rcp(config)#interface vlan vlan10 id 10 eth1
rcp(config-if vlan10)#ip address 10.1.10.1/24
rcp(config-if vlan10)#no shutdown
rcp(config-if vlan10)#exit
rcp(config)#
rcp(config)#interface vlan vlan20 id 20 eth1
rcp(config-if vlan20)#ip address 10.1.20.1/24
rcp(config-if vlan20)#no shutdown
rcp(config-if vlan20)#exit

We can check in this moment all interfaces are up and running:

rcp(config)#show interface 
Interface        Type         IP                      Status (admin/link)
lo               loopback     127.0.0.1/8             UP/UP
eth0             ethernet     192.168.254.19/24       UP/UP
eth1             ethernet     0.0.0.0/0               UP/UP
vlan10           VLAN         10.1.10.1/0             UP/UP
vlan20           VLAN         10.1.20.1/0             UP/UP
rcp(config)#

Services

Any feature available for the regular Ethernet interfaces is also available for VLAN interfaces. This includes DNS proxy, DHCP relay and server, NTP server, RIP and OSPF. As an example, I will configure DHCP server support for our SALES and ENGINEERING VLAN domains.

I set a range of about 200 IP addresses for each VLAN domain with a lease time of 4 hours, and enable the DHCP server:

rcp(config)#ip dhcp server
rcp(dhcp server)#network 10.1.10.0/24
rcp(dhcp 10.1.10.0/24)#range 10.1.10.50 10.1.10.250
rcp(dhcp 10.1.10.0/24)#default-router 10.1.10.1
rcp(dhcp 10.1.10.0/24)#lease 0 4 0
rcp(dhcp 10.1.10.0/24)#exit
rcp(dhcp server)#network 10.1.20.0/24
rcp(dhcp 10.1.20.0/24)#range 10.1.20.50 10.1.20.250
rcp(dhcp 10.1.20.0/24)#default-router 10.1.20.1
rcp(dhcp 10.1.20.0/24)#lease 0 4 0
rcp(dhcp 10.1.20.0/24)#exit
rcp(dhcp server)#exit
rcp(config)#service dhcp

We can check the active leases using show ip dhcp leases command:

rcp#show ip dhcp leases 
MAC Address         IP Address                      Lease (hh:mm:ss)
00:15:58:1c:c4:bf   10.1.20.56                      02:20:21
00:24:20:b2:af:15   10.1.20.57                      03:59:54
00:58:22:33:00:08   10.1.10.148                     00:42:07
...

Firewall

In the most simple form, I deploy Network Address Translation (NAT) on the two VLAN domains. This allows our router to act as an agent between the public network and our private VLANs. All our computers will be represented on the public network by a single, unique IP address, 192.168.1.1 in my example.

rcp(config)#ip nat masquerade 10.1.10.0/24 eth0
rcp(config)#ip nat masquerade 10.1.20.0/24 eth0 

A simple access list (ACL) on interface eth0 denies the direct access from outside to our computers.

rcp(config)#access-list 100 deny  10.1.0.0/16  any  
rcp(config)#access-list 100 deny  any  out-interface eth0  
rcp(config)#access-list 100 deny  any  any  new,invalid
rcp(config)#interface ethernet eth0
rcp(config-if eth0)#ip access-group 100 in
rcp(config-if eth0)#ip access-group 100 forward

This is a very simple stateful firewall, from here it can be expanded further depending on the particular network requirements.

More about RCPlive

RCPlive is an open source IPv4 routing platform operated directly from the CDROM or USB stick on which it is distributed. It is primarily console based, featuring a CLI syntax similar to the syntax found in commercial routers. All you need to get started is the ISO image and a regular 64-bit PC with as many Ethernet cards as you can fit in. For more information please visit the project web page.

About these ads

9 thoughts on “RCPlive: Inter-VLAN Routing

  1. Pingback: RCPlive: Inter-VLAN Routing | Hallow Demon

  2. Pingback: Links 21/11/2013: Applications and Instructionals | Techrights

  3. Pingback: test my blog font | Juniper's JUNOS vs. Cisco's IOS

  4. Nick B.

    RCP100 looks a very interesting tool, particularly the cli. At first glance I thought I was reading about Quagga but I can see now it’s a completely new creation.
    I’ve been using OpenBSD to do similar things, creating routers in VMs to interface and test Cisco configs, either when I’m short of routers or just for network training. I usually create VMs under VirtualBox then connect to the outside world using .1Q and a breakout switch. I can see a definite advantage replacing it with RCP100 to keep the CLI familiarity.
    What are the plans for ipv6 support? It’s all there in the underlying OS and It’s a feature I would like to see.

    I originally landed on your blog after searching for ideas on lightweight Linux distros. Finding RCP100 was a bonus!

    Reply
    1. netblue30 Post author

      Thank you for your comment. Indeed, RCP100 is excellent for testing all kind of setups using some form of virtualization. I usually set the routers up in LXC (linux containers). IPv6 support is under development, it will be released probably later this year.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s