Hello Eric: Some HP procurves only support 30 VLANS tagged from 0-30. Silly but true. We have a procurve that is like that. So when you setting up your Vlan interfaces you will need to keep the VLAN tag number below that. So you would do something like this vconfig set_name_type VLAN_PLUS_VID_NO_PAD (The first line setup the nameing convetion) vconfig add eth1 6 (or eth0) and choose vlans from 1-30 ifconfig vlan6 10.xx.6.1 netmask 255.255.255.0 Then reference the interface in iptables using $IPTABLES -A FORWARD -i vlan6 -p tcp -s 10.xx.6.1/24 --dport 135 -j DROP Then when assigning vlanID's to the Procuve the number must line up with the vconfig settings. Duane duanemulder@xxxxxxxxxxxxx -----Original Message----- From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx] On Behalf Of Eric Maynard Sent: Thursday, January 05, 2006 3:01 PM To: vlan@xxxxxxxxxxxxxxx Subject: [VLAN] NEWBIE: RH Linux and ProCurve VLAN Setup Ok, I am going to warn you all up front although I am comfortable at the Linux command line, I am by no means an expert and I am even more of a newbie to VLANs and any networking more complicated than layer 2 and Windows. Having said that, I consider myself a fast learner and I'm willing to research what I need to know to accomplish this. Here's the setup. I have just purchased a ProCurve 2626 to help me manage my LAN a little better. What I want is to have a handful of VLANs and to utilize the switch to control priority queuing of traffic (via 802.1Q) into and out of these VLANs. My network setup is not much different than Peter Stuge's diagram, but I do have extra layer I guess in my Firewall. I also desire to use setup "1b" which Peter refers to as the "dirty way" with only a single subnet behind the router. http://marc.theaimsgroup.com/?m=105098558615614. +--------+ (internet) ( cloud ) +--------+ | | +------------+ +--------+ trunk +---------+ | isp managed|-----| Redhat |---------| VLAN |vlan4 | router | eth0| FW |eth1 | switch |------------------+ +------------+ +--------+ +---------+ | vlan2| v2| |vlan3 | | | | | +--------+ | +-------+ | | | | | eth0| eth0| eth0| eth0| +--------+ +--------+ +--------+ +--------+ | client | | client | | client | | server | | box B | | box C | | box D | | box E | +--------+ +--------+ +--------+ +--------+ My firewall runs on a modest machine and is currently using a distro based on the following: Kernel Version 2.4.30-ow1 (SMP) Distro Name Red Hat Linux release 9 (Shrike) I appear to have vconfig already installed and ready for business. I currently use Shorewall to config the FW, but if need be I can dig into iptables and learn it better if it would make things any easier to setup VLAN support. What I am hoping the community can help me with is to confirm what I need to be researching in order to make this work. I'm not afraid to read documentation, but I just want to make sure I am reading the correct ones. So, in order to make this work, my understanding is I need to have tagged VLANs and a device that can route these tagged packets from tagged VLAN to VLAN without losing the 802.1Q information. From my research so far, it appears that the RH firewall I have should be able to do this, assuming my NICs (Intel and 3Com) don't fumble it in some way. Questions I have not found answers to include: 1) How does a VLAN on the Linux FW translate to a VLAN on the switch? 2) Will the Linux FW (box a) and the switch even "know" about each other. 3) Is Peter's bridging example at the link above enough for inter-VLAN traffic or do I still need some routing commands on top of this. Sorry for such a long post and thanks for all your help in advance. Thanks Eric Maynard Technology Associate, Holmes County Public Library _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.lanforge.com/mailman/listinfo/vlan
