Re: Multiple IP's (virtual interfaces) on ONE VLAN?

To: debian-isp@lists.debian.org
Subject: Re: Multiple IP's (virtual interfaces) on ONE VLAN?
From: Mike Bird <mgb-debian@yosemite.net>
Date: Thu, 22 May 2008 10:44:30 -0700
Message-id: <[🔎] 200805221044.30383.mgb-debian@yosemite.net>
In-reply-to: <[🔎] 20080522171138.GA27056@www.lobefin.net>
References: <[🔎] 87abii3e55.fsf@pumba.bayour.com> <[🔎] 200805221004.02447.mgb-debian@yosemite.net> <[🔎] 20080522171138.GA27056@www.lobefin.net>

On Thu May 22 2008 10:11:38 Stephen Gran wrote:
> This one time, at band camp, Mike Bird said:
> > On Thu May 22 2008 02:02:30 Turbo Fredriksson wrote:
> > > Currently I have 'eth0' and 'eth0:0'.
> > >
> > > 'Shortly', we'll be moving the office to another location (share office
> > > space with another company), where they have VLAN's. They have given me
> > > VLAN #20 and from what I can see (I'll be testing my setup later this
> > > week), everything should be ok.
> > >
> > > But what about the intranet server which have TWO addresses? I've tried
> > > 'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither
> > > worked...
> >
> > Are you certain what they mean by VLAN's?  One would normally
> > configure the VLAN onto the switch ports and the computers would
> > use normal non-VLAN connections.  This is moderately more
> > secure than allowing each computer to decide which VLAN's it
> > wants to sniff.
>
> Well, that's just a switch configuration - tagged on VLAN n or untagged
> on VLAN n.  If they've decided to make the port tagged on VLAN n, then
> the server needs to support VLAN tagging as well.  Just because both the
> switch and the server need to agree on the VLAN it's on doesn't mean
> there are other tagged VLANs on the port.

VLAN switch ports are much more common, and are usually handled
differently from Linux VLAN interfaces on home networks.  Consider
this fragment from a Cisco switch configuration:

  interface FastEthernet0/1
   switchport mode trunk
  !
  interface FastEthernet0/2
  !
  interface FastEthernet0/3
  !
  interface FastEthernet0/4
   switchport access vlan 4

Port f0/1 is a trunk port, which communicates via tagged packets.  This
would normally connect to a router or another switch, although there are
situations where one would connect a VLAN-capable server to a trunk port.

Ports f0/2 and f0/3 are by default "in VLAN 1".  They accept incoming
untagged packets and add the "VLAN 1" tag before switching.  For output,
only packets tagged "VLAN 1" are considered, and the tag is stripped
before transmission.

Similarly, port f0/4 is "in VLAN 4".  Only untagged packets are accepted
inbound, and the "VLAN 4" tag is added before switching.  For output,
only packets tagged "VLAN 4" are considered, and the tag is stripped
before transmission.

The boxes attached to f0/2, f0/3, and f0/4 are not themselves configured
for VLANs, indeed they may not have any VLAN capability.

Ports f0/2 and f0/4 cannot see each other's traffic.  But all of their
traffic is trunked - typically to a router with multiple subinterfaces,
so that traffic can be routed between VLAN's 1 and 4 when appropriate.

In short, in typical VLAN deployments, neither workstations nor servers
have VLAN configurations.  It's all done (more securely) in the switches
and routers.

--Mike Bird

Reply to:

References:
- Multiple IP's (virtual interfaces) on ONE VLAN?
  - From: Turbo Fredriksson <turbo@debian.org>
- Re: Multiple IP's (virtual interfaces) on ONE VLAN?
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: Multiple IP's (virtual interfaces) on ONE VLAN?
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: Multiple IP's (virtual interfaces) on ONE VLAN?
Next by Date: Re: Multiple IP's (virtual interfaces) on ONE VLAN?
Previous by thread: Re: Multiple IP's (virtual interfaces) on ONE VLAN?
Next by thread: Re: Multiple IP's (virtual interfaces) on ONE VLAN?
Index(es):
- Date
- Thread