{"id":197,"date":"2018-02-06T15:23:02","date_gmt":"2018-02-06T15:23:02","guid":{"rendered":"https:\/\/www.kuncar.net\/blog\/?p=197"},"modified":"2018-02-06T15:23:34","modified_gmt":"2018-02-06T15:23:34","slug":"multiple-permanent-linux-interfaces-with-dhcp-allocated-addresses","status":"publish","type":"post","link":"https:\/\/www.kuncar.net\/blog\/2018\/multiple-permanent-linux-interfaces-with-dhcp-allocated-addresses\/","title":{"rendered":"Multiple permanent linux interfaces with dhcp allocated addresses"},"content":{"rendered":"<p><span style=\"font-size: 1rem; font-family: arial, helvetica, sans-serif;\"><span style=\"font-size: 14px;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-120\" src=\"https:\/\/www.kuncar.net\/blog\/wp-content\/uploads\/2018\/01\/tux-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.kuncar.net\/blog\/wp-content\/uploads\/2018\/01\/tux-150x150.png 150w, https:\/\/www.kuncar.net\/blog\/wp-content\/uploads\/2018\/01\/tux-150x150-100x100.png 100w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/>Recently I have been doing some on the HP 5500EI including a port security feature limiting the number of MAC addresses to 8. This is not a difficult configuration at all \u2013 in fact it is just one command on the interface itself .<\/span><\/span><\/p>\n<pre><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">mac-address max-mac-count 5<\/span><\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">So now with the limit in place I would like to test it. The first thought was to use Linux alias as a fast and dirty way of doing this but unfortunately I soon found out that tit doesn\u2019t allow for the requirements I had in mind.<\/span><\/p>\n<ul class=\"ili-indent\" style=\"text-align: justify;\">\n<li><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">There have to be 5 or more virtual interfaces on one physical interface<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">Each virtual interface must have its own individual MAC address<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">All virtual interfaces must be getting their own IP addresses from the DHCP server<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">All the virtual interfaces must receive an IP address from the same subnet (as they as plugged into an access port)<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">The main issue with just aliasing the interface is that it is a L3 interface only (uses the same MAC) and definitely doesn\u2019t allow for DHCP allocations from the same subnet. But fortunately on Linux this is not an issue and this can be done via \u201cip link\u201d feature which is part of the iproute package in Debian. The usage is rather simple:<\/span><\/p>\n<blockquote>\n<pre><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">ip link add dev intX link eth0 type macvlan<\/span>\r\n<span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">ip link del dev intX link eth0 type macvlan<\/span><\/pre>\n<\/blockquote>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">Where int will be name and X the number of the new interface and eth0 is the physical interface you want to bind to. This can be repeated multiple times and the MAC address will be generated randomly. There is also a way for setting it up to whatever you want by changing the syntax to this:<\/span><\/p>\n<blockquote>\n<pre><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">ip link add dev intX link eth0 address aa:aa:aa:aa:aa:aa type macvlan<\/span><\/pre>\n<\/blockquote>\n<p style=\"text-align: justify;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">If you run this couple times and get some IP addresses on those interfaces from DHCP server you will soon notice the following messages on your switches.<\/span><\/p>\n<blockquote>\n<pre><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">%Jun 7 11:03:01:411 2000 Core1 ARP\/5\/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict.<\/span>\r\n<span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">The device with MAC address 6e99-1b38-2b8c connected to Bridge-Aggregation2 in VLAN 100 and the device with MAC address d6b2-1ac8-9bd2 connected to Bridge-Aggregation2 in VLAN 100 are using the same IP address 10.0.3.248.<\/span><\/pre>\n<\/blockquote>\n<p><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">Quick check will reveal that there are no duplicate addresses assigned nor allocated so what is the system complaining about? The answer is that the default behavior of Linux kernel is that it will reply to ARP from the first interface in the list (eth0) also it can reply from all interfaces \/and or random interface making the Comware go crazy.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">Fortunately this default behavior can be adjusted by the following commands:<\/span><\/p>\n<blockquote>\n<pre><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">echo 1 &gt; \/proc\/sys\/net\/ipv4\/conf\/eth0\/arp_ignore<\/span>\r\n<span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">echo 8 &gt; \/proc\/sys\/net\/ipv4\/conf\/eth0\/arp_announce<\/span><\/pre>\n<\/blockquote>\n<p><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">There has been a lot of people around the net suggesting the second value should be 5 but that didn\u2019t work for me at all. If you want to make these changes persistent add the line with the values into \/etc\/sysctl.conf<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14px;\">There is some more explanation of the values above\u00a0<a title=\"arp announce cosdes\" href=\"https:\/\/web.archive.org\/web\/20160110091049\/http:\/\/kb.linuxvirtualserver.org\/wiki\/Using_arp_announce\/arp_ignore_to_disable_ARP\" target=\"_blank\" rel=\"noopener\">here<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently I have been doing some on the HP 5500EI including a port security feature limiting the number of MAC addresses to 8. This is not a difficult configuration at all \u2013 in fact it is just one command on the interface itself . mac-address max-mac-count 5 So now with the limit in place I &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.kuncar.net\/blog\/2018\/multiple-permanent-linux-interfaces-with-dhcp-allocated-addresses\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Multiple permanent linux interfaces with dhcp allocated addresses&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,4,13,14],"tags":[],"class_list":["post-197","post","type-post","status-publish","format-standard","hentry","category-debian","category-linux","category-recovered","category-testing"],"_links":{"self":[{"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/posts\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":2,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/posts\/197\/revisions"}],"predecessor-version":[{"id":199,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/posts\/197\/revisions\/199"}],"wp:attachment":[{"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/media?parent=197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/categories?post=197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kuncar.net\/blog\/wp-json\/wp\/v2\/tags?post=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}