Csaba P?csai wrote: > HI, > > Just to make the thing clear. Is it true that vlan package of linux does > only the tagging. There is no any VLAN table which shows which packet can go > to where? Correct. BUT, there is bridging code in Linux which can do all of the normal bridging operations, and this works perfectly fine with VLAN interfaces. There are even ways to set up firewall rules on the bridges, which is more than most (all?) commercial switches allow. > I also tried VLAN and I recognized that I have to use one of the following: > > iptables ->> VLAN layer 3 to separate the different VLANS depending on > subnets > briging ->> VLAN layer 1 (port based) simply placing the interfaces in > different briges. > ???? (maybe iptables but only reduced) -->> VLAN layer 2 for MAC VLANs. > > How you do this things?! You can use ebtables (I believe that is correct) for firewall/filtering rules on bridges. For bridging, you can add VLAN devices and/or un-tagged devices to your bridge, in virtually any manner you want. Again, please check the bridging howtos for more info, as I haven't tried using this feature in a long time. Ben -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com
