Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: VLANs and their domains
Special Forums IP Networking VLANs and their domains Post 302907504 by jim mcnamara on Saturday 28th of June 2014 07:34:10 PM
Old 06-28-2014
You can create VLANs,not for common communication, but to isolate layer-2 communication from other network objects. Security.

Example:
If I am on VLAN A I may not be able to ssh over to VLAN B. A lot of places will do this with development versus production servers. Code librarians work on VLAN C with access to A and B. DMZ's are another possible example of isolation at the layer-2 level. Layer-1 isolation is the same idea. If bad guys cannot see network object at all it cannot be attacked. Air gap attacks notwithstanding.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

multiple domains

Hello, I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies

2. UNIX for Dummies Questions & Answers

blocking domains

Dear All , Kindly note I have sun solaries 7 . I want to block a domain who keep sending emails to my domain and users . thanks (1 Reply)
Discussion started by: tamemi
1 Replies

3. UNIX for Dummies Questions & Answers

creating domains

ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies

4. UNIX for Advanced & Expert Users

Different Nameservers for Different Domains?

I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface. Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies

5. IP Networking

vlans

Hi All, I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame. ... (0 Replies)
Discussion started by: lagigliaivan
0 Replies

6. AIX

AIX / Etherchannel / VLANs

I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies

7. UNIX for Dummies Questions & Answers

Sub domains from report

Hi, I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out. mail domain ( example.com) .................. The report column contain mail address in this format : john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies

8. UNIX for Dummies Questions & Answers

Help with VLANs

Hi Gurus, Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS. Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies

9. Solaris

Oracle VMs and VLANs

I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology. My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies

10. Proxy Server

Linux Networking - VLANs & Multiple IP's

In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies

LEARN ABOUT DEBIAN

ip-link

IP-LINK(8)							       Linux								IP-LINK(8)

NAME

       ip-link - network device configuration

SYNOPSIS

       ip [ OPTIONS ] link  { COMMAND | help }

       OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }

       ip link add [ link DEVICE ] [ name ] NAME
	       [ txqueuelen PACKETS ]
	       [ address LLADDR ] [ broadcast LLADDR ]
	       [ mtu MTU ]
	       type TYPE [ ARGS ]

       TYPE := [ vlan | veth | vcan | dummy | ifb | macvlan | can | bridge ]

       ip link delete DEVICE type TYPE [ ARGS ]

       ip link set { DEVICE | group GROUP } { up | down | arp { on | off } |
	       promisc { on | off } |
	       allmulticast { on | off } |
	       dynamic { on | off } |
	       multicast { on | off } |
	       txqueuelen PACKETS |
	       name NEWNAME |
	       address LLADDR | broadcast LLADDR |
	       mtu MTU |
	       netns PID |
	       netns NETNSNAME |
	       alias NAME |
	       vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] |
	       master DEVICE
	       nomaster  }

       ip link show [ DEVICE | group GROUP ]

DESCRIPTION

   ip link add - add virtual link
       link DEVICE
	      specifies the physical device to act operate on.

	      NAME specifies the name of the new virtual device.

	      TYPE specifies the type of the new device.

	      Link types:

		      vlan - 802.1q tagged virtual LAN interface

		      veth - Virtual ethernet interface

		      vcan - Virtual Local CAN interface

		      dummy - Dummy network interface

		      ifb - Intermediate Functional Block device

		      macvlan - virtual interface base on link layer address (MAC)

		      can - Controller Area Network interface

		      bridge - Ethernet Bridge device

   ip link delete - delete virtual link
       DEVICE specifies the virtual  device to act operate on.	TYPE specifies the type of the device.

       dev DEVICE
	      specifies the physical device to act operate on.

   ip link set - change device attributes
       dev DEVICE
	      DEVICE specifies network device to operate on. When configuring SR-IOV Virtual Fuction (VF) devices, this keyword should specify the
	      associated Physical Function (PF) device.

       group GROUP
	      GROUP has a dual role: If both group and dev are present, then move the device to the specified group.  If only a group is speci-
	      fied, then the command operates on all devices in that group.

       up and down
	      change the state of the device to UP or DOWN.

       arp on or arp off
	      change the NOARP flag on the device.

       multicast on or multicast off
	      change the MULTICAST flag on the device.

       dynamic on or dynamic off
	      change the DYNAMIC flag on the device.

       name NAME
	      change the name of the device.  This operation is not recommended if the device is running or has some addresses already configured.

       txqueuelen NUMBER

       txqlen NUMBER
	      change the transmit queue length of the device.

       mtu NUMBER
	      change the MTU of the device.

       address LLADDRESS
	      change the station address of the interface.

       broadcast LLADDRESS

       brd LLADDRESS

       peer LLADDRESS
	      change the link layer broadcast address or the peer address when the interface is POINTOPOINT.

       netns PID
	      move the device to the network namespace associated with the process PID.

       netns NETNSNAME
	      move the device to the network namespace associated with name NETNSNAME.

       alias NAME
	      give the device a symbolic name for easy reference.

       group GROUP
	      specify the group the device belongs to.	The available groups are listed in file /etc/iproute2/group.

       vf NUM specify a Virtual Function device to be configured. The associated PF device must be specified using the dev parameter.

		      mac LLADDRESS - change the station address for the specified VF. The vf parameter must be specified.

		      vlan VLANID - change the assigned VLAN for the specified VF. When specified, all traffic sent from the VF will be tagged
		      with the specified VLAN ID. Incoming traffic will be filtered for the specified VLAN ID, and will have all VLAN tags
		      stripped before being passed to the VF. Setting this parameter to 0 disables VLAN tagging and filtering. The vf parameter
		      must be specified.

		      qos VLAN-QOS - assign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLAN tags transmitted by the VF will
		      include the specified priority bits in the VLAN tag. If not specified, the value is assumed to be 0. Both the vf and vlan
		      parameters must be specified. Setting both vlan and qos as 0 disables VLAN tagging and filtering for the VF.

		      rate TXRATE - change the allowed transmit bandwidth, in Mbps, for the specified VF.  Setting this parameter to 0 disables
		      rate limiting. The vf parameter must be specified.

		      spoofchk on|off - turn packet spoof checking on or off for the specified VF.

       master DEVICE
	      set master device of the device (enslave device).

       nomaster
	      unset master device of the device (release device).

       Warning: If multiple parameter changes are requested, ip aborts immediately after any of the changes have failed.  This is the only case
       when ip can move the system to an unpredictable state.  The solution is to avoid changing several parameters with one ip link set call.

   ip link show - display device attributes
       dev NAME (default)
	      NAME specifies the network device to show.  If this argument is omitted all devices in the default group are listed.

       group GROUP
	      GROUP specifies what group of devices to show.

       up     only display running interfaces.

EXAMPLES

       ip link show
	   Shows the state of all network interfaces on the system.

       ip link set dev ppp0 mtu 1400
	   Change the MTU the ppp0 device.

       ip link add link eth0 name eth0.10 type vlan id 10
	   Creates a new vlan device eth0.10 on device eth0.

       ip link delete dev eth0.10
	   Removes vlan device.

SEE ALSO

       ip(8)

AUTHOR

       Original Manpage by Michail Litvak <mci@owl.openwall.com>

iproute2							    20 Dec 2011 							IP-LINK(8)
All times are GMT -4. The time now is 09:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy