06-28-2014
You can create VLANs,not for common communication, but to isolate layer-2 communication from other network objects. Security.
Example:
If I am on VLAN A I may not be able to ssh over to VLAN B. A lot of places will do this with development versus production servers. Code librarians work on VLAN C with access to A and B. DMZ's are another possible example of isolation at the layer-2 level. Layer-1 isolation is the same idea. If bad guys cannot see network object at all it cannot be attacked. Air gap attacks notwithstanding.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies
2. UNIX for Dummies Questions & Answers
Dear All ,
Kindly note I have sun solaries 7 .
I want to block a domain who keep sending emails to my domain and users .
thanks (1 Reply)
Discussion started by: tamemi
1 Replies
3. UNIX for Dummies Questions & Answers
ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies
4. UNIX for Advanced & Expert Users
I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface.
Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies
5. IP Networking
Hi All,
I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame.
... (0 Replies)
Discussion started by: lagigliaivan
0 Replies
6. AIX
I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out.
mail domain ( example.com)
..................
The report column contain mail address in this format :
john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies
8. UNIX for Dummies Questions & Answers
Hi Gurus,
Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS.
Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies
9. Solaris
I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology.
My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies
10. Proxy Server
In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies
VLAN(4) BSD Kernel Interfaces Manual VLAN(4)
NAME
vlan -- IEEE 802.1Q Virtual LAN network device
SYNOPSIS
pseudo-device vlan
DESCRIPTION
The vlan interface provides support for IEEE 802.1Q Virtual Local Area Networks (VLAN). This supports the trunking of more than one network
on a single network interface. This is particularly useful on routers or on hosts which must be connected to many different networks through
a single physical interface.
To use a vlan interface, the administrator must first create the interface and then specify the VID (VLAN identifier, the first 12 bits from
a 16-bit integer which distinguishes each VLAN from any others) and physical interface associated with the VLAN. This can be done by using
the ifconfig(8) create, vlan, and vlanif subcommands from a shell command line or script. From within a C program, use the ioctl(2) system
call with the SIOCSIFCREATE and SIOCSIFVLAN arguments.
To be compatible with other IEEE 802.1Q devices, the vlan interface supports a 1500 byte MTU, which means that the parent interface will have
to handle packets that are 4 bytes larger than the original Ethernet standard. Drivers supporting this increased MTU are:
- drivers using the DP8390 core (such as ec(4), ne(4), we(4), and possibly others)
- bge(4)
- bnx(4)
- ea(4)
- eb(4)
- epic(4)
- etherip(4)
- ex(4)
- fxp(4)
- gem(4)
- hme(4)
- le(4)
- sip(4)
- ste(4)
- stge(4)
- ti(4)
- tl(4)
- tlp(4)
- vge(4)
- vr(4)
- wm(4)
- xi(4)
vlan can be used with devices not supporting the IEEE 802.1Q MTU, but then the MTU of the vlan interface will be 4 bytes too small and will
not interoperate properly with other IEEE 802.1Q devices, unless the MTU of the other hosts on the VLAN are also lowered to match.
EXAMPLES
The following will create interface vlan0 with VID six, on the Ethernet interface tlp0:
ifconfig vlan0 create
ifconfig vlan0 vlan 6 vlanif tlp0
After this set up, IP addresses (and/or other protocols) can be assigned to the vlan0 interface. All other hosts on the Ethernet connected
to tlp0 which configure a VLAN and use VID six will see all traffic transmitted through vlan0.
The same VLAN can be created at system startup time by placing the following in /etc/ifconfig.vlan0:
create
vlan 6 vlanif tlp0
SEE ALSO
ifconfig(8)
HISTORY
The vlan device first appeared in NetBSD 1.5.1, and was derived from a VLAN implementation that appeared in FreeBSD and OpenBSD.
BUGS
The vlan interfaces do not currently inherit changes made to the physical interfaces' MTU.
BSD
December 16, 2010 BSD