Hi, Thanks! I think now it is clear! So nothing left than forwarding!!! :) ----Original Message----- From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx]On Behalf Of Ben Greear Sent: Tuesday, September 28, 2004 8:30 PM To: Linux 802.1Q VLAN Subject: Re: [VLAN] vlan & osi-model Csaba P?csai wrote: > HI, > > Just to make the thing clear. Is it true that vlan package of linux does > only the tagging. There is no any VLAN table which shows which packet can go > to where? Correct. BUT, there is bridging code in Linux which can do all of the normal bridging operations, and this works perfectly fine with VLAN interfaces. There are even ways to set up firewall rules on the bridges, which is more than most (all?) commercial switches allow. > I also tried VLAN and I recognized that I have to use one of the following: > > iptables ->> VLAN layer 3 to separate the different VLANS depending on > subnets > briging ->> VLAN layer 1 (port based) simply placing the interfaces in > different briges. > ???? (maybe iptables but only reduced) -->> VLAN layer 2 for MAC VLANs. > > How you do this things?! You can use ebtables (I believe that is correct) for firewall/filtering rules on bridges. For bridging, you can add VLAN devices and/or un-tagged devices to your bridge, in virtually any manner you want. Again, please check the bridging howtos for more info, as I haven't tried using this feature in a long time. Ben -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxx http://www.lanforge.com/mailman/listinfo/vlan --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004
