06-28-2014
You can create VLANs,not for common communication, but to isolate layer-2 communication from other network objects. Security.
Example:
If I am on VLAN A I may not be able to ssh over to VLAN B. A lot of places will do this with development versus production servers. Code librarians work on VLAN C with access to A and B. DMZ's are another possible example of isolation at the layer-2 level. Layer-1 isolation is the same idea. If bad guys cannot see network object at all it cannot be attacked. Air gap attacks notwithstanding.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies
2. UNIX for Dummies Questions & Answers
Dear All ,
Kindly note I have sun solaries 7 .
I want to block a domain who keep sending emails to my domain and users .
thanks (1 Reply)
Discussion started by: tamemi
1 Replies
3. UNIX for Dummies Questions & Answers
ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies
4. UNIX for Advanced & Expert Users
I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface.
Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies
5. IP Networking
Hi All,
I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame.
... (0 Replies)
Discussion started by: lagigliaivan
0 Replies
6. AIX
I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out.
mail domain ( example.com)
..................
The report column contain mail address in this format :
john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies
8. UNIX for Dummies Questions & Answers
Hi Gurus,
Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS.
Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies
9. Solaris
I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology.
My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies
10. Proxy Server
In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies
LEARN ABOUT CENTOS
fipvlan
FIPVLAN(8) Open-FCoE Tools FIPVLAN(8)
NAME
fipvlan - Fibre Channel over Ethernet VLAN Discovery
SYNOPSIS
fipvlan [-c|--create] [-s|--start] [-m|--mode fabric|vn2vn] interfaces
fipvlan -a|--auto [-c|--create] [-d|--debug] [-s|--start] [-m|--mode fabric|vn2vn] [-l|--link-retry count]
fipvlan -h|--help
fipvlan -v|--version
DESCRIPTION
The fipvlan command performs Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) VLAN Discovery over Ethernet interfaces.
fipvlan can be used as a diagnostic tool to determine which VLANs have FCoE services available on a network, prior to configuring VLAN
interfaces and the Open-FCoE initiator. fipvlan can also be used to create VLAN interfaces as they are discovered, and to start the
Open-FCoE initiator. The --create and --start options are primarily intended to be used as part of an Open-FCoE boot solution. FCoE
instances started in this way cannot be destroyed or reset by fcoeadm.
fipvlan takes a list of network interface names to run the VLAN discovery protocol over, or the --auto option to use all available Ethernet
interfaces.
fipvlan will enable any interface which is found disabled. If no response is received on that interface it will be shutdown again when
fipvlan terminates.
OPTIONS
-a, --auto
Use all Ethernet interfaces currently available
-c, --create
Create network interfaces for discovered FCoE VLANs. If a VLAN device already exists for a discovered VLAN, a new VLAN device will not
be created.
-d, --debug
Enable debugging output
-s, --start
Start the Open-FCoE initiator on discovered FCoE VLANs
-m, --mode
fabric|vn2vn Specify whether VLAN discovery is performed in the default fabric mode, or in VN2VN mode.
-f, --suffix suffix
Append the specified string suffix to VLAN interface names.
-l, --link-retry count
Retry check for link up to count times. The link state is checked every 500 ms. The default number of retries is 20.
-h, --help
Display a help message with basic usage instructions
-v, --version
Display the fipvlan version string
VLAN NAMING CONVENTIONS
If a new VLAN device is created, it will have the name dev.vlan; where dev is the name of the Ethernet parent device and vlan is the
discovered VLAN ID number. An optional suffix may be appended to this with the the -f command line option.
EXAMPLES
Display all discoverable VLANs with FCoE services
fipvlan --auto
Discover FCoE VLANs on interface eth2, create VLAN devices and start the Open-FCoE initiator
fipvlan --create --start eth2
In this example if FCoE services were available on VLAN 101 of network interface eth2, then a VLAN interface eth2.101 would be created and
used as the parent device for the initiator.
SEE ALSO
fcoeadm(8) fcoemon(8)
SUPPORT
fipvlan is part of the fcoe-utils package, maintained through the Open-FCoE project. Resources for both developers and users can be found
at the Open-FCoE website http://open-fcoe.org/
Open-FCoE 03/18/2013 FIPVLAN(8)