Getting vlan right from the start saves hours of debugging later. In this comprehensive guide, we'll cover everything from initial setup to production-ready configuration, including tagging and 802.1q considerations.
Prerequisites
- A VPS running Ubuntu 22.04 or later (2GB+ RAM recommended)
- Understanding of TCP/IP fundamentals
- A registered domain name (for public-facing services)
Network Configuration
If you encounter issues during setup, check the system logs first. Most problems can be diagnosed by examining the output of journalctl or the application-specific log files in /var/log/.
# Network configuration and testing
ip addr show # View interfaces
ip route show # View routing table
ss -tlnp # View listening ports
# Firewall rules
sudo iptables -L -n -v # List current rules
sudo ufw status verbose # UFW status
These commands should be run as root or with sudo privileges. If you're using a non-root user, prefix each command with sudo.
Configuration Options
If you encounter issues during setup, check the system logs first. Most problems can be diagnosed by examining the output of journalctl or the application-specific log files in /var/log/.
Firewall Rules Setup
It's recommended to test this configuration in a staging environment before deploying to production. This helps identify potential compatibility issues and allows you to benchmark performance differences.
# Configure network interface
sudo nano /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
eth0:
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses:
- 8.8.8.8
- 1.1.1.1
sudo netplan apply
The output should show the service running without errors. If you see any warning messages, address them before proceeding to the next step.
- Review log files weekly for anomalies
- Enable automatic security updates for critical patches
- Keep your system packages updated regularly
- Monitor disk space usage and set up alerts
- Test your backup restore procedure monthly
Testing Connectivity
Before making changes to the configuration, always create a backup of the existing files. This ensures you can quickly roll back if something goes wrong during the setup process.
# Network configuration and testing
ip addr show # View interfaces
ip route show # View routing table
ss -tlnp # View listening ports
# Firewall rules
sudo iptables -L -n -v # List current rules
sudo ufw status verbose # UFW status
This configuration provides a good balance between performance and resource usage. For high-traffic scenarios, you may need to increase the limits further.
- Review log files weekly for anomalies
- Keep your system packages updated regularly
- Enable automatic security updates for critical patches
- Monitor disk space usage and set up alerts
Performance Tuning
When scaling this setup, consider vertical scaling (adding more RAM/CPU) first, as it's simpler to implement. Horizontal scaling adds complexity but may be necessary for high-traffic applications.
# Configure network interface
sudo nano /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
eth0:
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses:
- 8.8.8.8
- 1.1.1.1
sudo netplan apply
Make sure to restart the service after applying these changes. Some settings require a full restart rather than a reload to take effect.
Wrapping Up
Following this guide, your vlan setup should be production-ready. Keep an eye on resource usage as your traffic grows and don't forget to test your backup and recovery procedures periodically.