[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-vlan
Subject: Re: [VLAN] VLANs and Network Emulation
From: Hazelsnitzel <hazelsnitzel0 () cox ! net>
Date: 2007-01-25 15:39:13
Message-ID: 7.0.1.0.2.20070125073740.0246f798 () cox ! net
[Download RAW message or body]
At 01:35 PM 1/24/2007, you wrote:
>On Wed, Jan 24, 2007 at 11:12:43AM -0800, Hazelsnitzel wrote:
> > [ Linux Bridge ]--[eth0]--[trunked]---[ Port 1 ]
> > +-------[eth1]--[trunked]---[ Port 2 ]
> > VLAN 2 [ Port 3 ]---- 192.168.2.3
> > VLAN 3 [ Port 4 ]---- 192.168.2.4
> > VLAN 4 [ Port 5 ]---- 192.168.3.3
> > VLAN 5 [ Port 6 ]---- 192.168.3.4
> > ..... ..... ..........
> >
> > In this configuration, VLANs 2 and 3 emulate one link and VLANs 4 and 5
> > emulate another.
>
>Assuming your cisco switch is an SVL switch, you have two
>possibilities:
>IP proxy arp trick:
>ip a add 127.0.0.1 dev vlan2
>ip a add 127.0.0.1 dev vlan3
>ip ro add 192.168.2.3 dev vlan2
>ip ro add 192.168.2.4 dev vlan3
>echo 1 > /proc/sys/net/ipv4/conf/vlan2/proxy_arp
>echo 0 > /proc/sys/net/ipv4/conf/vlan2/rp_filter
>echo 1 > /proc/sys/net/ipv4/conf/vlan3/proxy_arp
>echo 0 > /proc/sys/net/ipv4/conf/vlan3/rp_filter
>
>The 127.0.0.1 is a working example. It really doesn't matter,
>just use an IP to bind the interface to the ip stack.
>This is just the easiest solution and clear on queueing and
>routing. The hosts 192.168.2.3 and 2.4 can just be given a /24
>network.
>By using routing as the core forwarding you prevent any mac
>address related issues.
>
>Bridge:
>This is probably the most complex and headache prone since you
>are choosing for mac-address troubles. I don't have a working
>example out of my head. You should use ebtables to masquerade all
>outgoing packets with a mac-address != mac-address of the source
>host.
>
>The essence is the following (which should be a faq):
>On an svl switch the source mac-address is only allowed to appear
>on a single port switch wide, independent of vlans.
>(SVL == shared vlan learning == a single switch wide mac-address
>table)
>
>On an ivl switch the source mac-address is only allowed to appear
>on a single (port+vlan) switch wide.
>(IVL == Independent vlan learning == for each vlan a separte
>mac-address table).
>
>
>Anyway: if this doesn't really make sense, you should invest in
>either:
>* hardware (ben :-), or a very expensive switch)
>* knowledge ( http://lartc.org/ f.i. and .1Q standard )
>
>
>If your switch already is IVL (which I cannot imagine, since only
>very big and expensive switches do that, or very small
>inexpensive switches like the ones in the wrt54g do have 2
>mac-address tables if I am correct) the above explanation is
>moot. Just bridge and it will work. And turn off bpdu guard :-).
>
>_______________________________________________
>Vlan mailing list
>Vlan@candelatech.com
>http://www.candelatech.com/mailman/listinfo/vlan
Ard,
Thanks for your comments. I can see that I have some reading to do.
Regards,
Bob
_______________________________________________
Vlan mailing list
Vlan@candelatech.com
http://www.candelatech.com/mailman/listinfo/vlan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic