Posts Tagged ‘vlan’
May 7th, 2009 | 
Author: Traditional network designs use routers to create broadcast domains and limit broadcasts between multiple subnets. This prevents broadcast floods in larger networks from consuming resources, or causing unintentional denials of service unnecessarily. Unfortunately, the traditional network design methodology has some flaws in design
* Geographic Focus – Traditional network designs focus on physical locations of equipment and personnel for addressing and LAN segment placement. Because of this there are a few significant drawbacks:
* Network segments for physically disjointed organizations cannot be part of the same address space. Each physical location must be addressed independently, and be part of its own broadcast domain. This can force personnel to be located in a central location, or to have additional latency or connectivity shortfalls.
* Relocations of personnel and departments can become difficult, especially if the original location retains its network segments. Relocated equipment will have to be reconfigured based on the new network configuration.
Read the rest of this entry »
Suppose you have a layer 2 switch with support for 802.1q.
Suppose you want to route traffic from one VLAN to another VLAN.
Suppose you have two vlan with vlan_id 2 and 3.
You can use a linux box for that.
VLAN is Virtual Lan and it is created with equipments such as switches that support the 802.1q protocol
which manage to insert a ‘tag’ in the ethernet frame, this tag identifies the VLAN to which a packet belongs.
If you have two VLANs in a switch is like having physically two switches, as the packets from one does not pass
to the other, if you need to pass traffic from one to another VLAN you will have a layer 3 switch,
and enable the internal virtual router, but you can do that with a Linux Box, this way.
Configure a switch port to be member of both vlan (2 and 3).
#apt-get install vlan
– this is to install the vlan software –
#modprobe 8021q
– This is to load the 802.1q module –
#vconfig add eth0 2
#vconfig add eth0 3
– Creating two vlans over the eth0 interface –
#ifconfig eth0 0.0.0.0 up
– To make only the VLAN interfaces to have traffic, be sure you have the eth0 up or you will see no traffic at all –
#ifconfig eth0.2 10.1.1.1 broadcast 10.1.1.255 netmask 255.255.255.0 up
#ifconfig eth0.3 10.1.2.1 broadcast 10.1.2.255 netmask 255.255.255.0 up
– Asume you have this two VLANs 1 is 10.1.1.0/24 and the second is 10.1.2.0/24 and you want traffic between them –
Now you have this done, configure your one of your switch ports to belong to VLAN 2 and 3 at the same time, and connect your linux box to that port.
#echo 1 > /proc/sys/net/ipv4/ip_forward
– To enable packet forwarding on the linux router –
#route add -net 10.1.1.0 netmask 255.255.255.0 gw eth0.2
#route add -net 10.1.2.0 netmask 255.255.255.0 gw eth0.3
Connect your newly created linux box to the switch port configures to be member of both vlan.
That’s all.
Riccardo
