[VLAN] About VLAN implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Csaba P?csai wrote:
> Hi,
> 
> I am new at VLAN so please be patient!:)
> A*s far as I understood the concept of the VLAN it is useful for separating
> different LANS from each other improving the security.
> 
> I tried a really easy use of VLAN package and I was not able to get it work
> as I desired.
> 	VLAN2		eth3		eth2       		VLAN3
> PC A  ---------------------------------------->  PC
> B ----------------------------------> PC C
> 
> All of them are Linux boxes. At PC B there is IP forwarding switched on.
> So I configured  at PCB eth2.3 interface and eth3.2 interface with class C
> addresses and different subnets.
> The eth3 and eth2 interfaces at PC B are up with 0.0.0.0 ip address.
> The PC A and PC C interfaces are also set to use vlan tags. In this case PC
> A eth1.2 PC C is eth1.3.
> 
> If I try to ping from PCA the PC C than I can do that!!! How can it be?! Why
> should I use iptables to DROP those packages?! It think VLAN should do this
> by itself?!
> How can I do that that there is a subnet instead of PC A and all the VLAN3
> tagged package goes to PC C but nothing from another VLAN?!

Didn't you just configured a router?  I think your VLAN PC is routing
between the two VLANs, which is perfectly normal.  Or, maybe I mis-understand
your setup.

> 
> 
> Another question about VLAN over MAC address. Is that already in use?!
> Shouldn't be there a table which tells which MAC address is associated with
> which VLAN ?!
> How can I filter out the wrong packages not to send to wrong VLAN based on
> MAC address?

MAC-VLANs have nothing to do with 802.1Q VLANs, it is just another type
of VLANs.  I use them mostly for emulating lots of network devices in a single
machine.

Ben

> 
> Thank you in advice.
> 
> Csaba
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.751 / Virus Database: 502 - Release Date: 9/2/2004
> 
> _______________________________________________
> Vlan mailing list
> Vlan@xxxxxxxxxxxx
> http://www.lanforge.com/mailman/listinfo/vlan
> 


-- 
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc  http://www.candelatech.com
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux