Visit The New, Modern Unix Linux Community


VLANs and their domains


 
Thread Tools Search this Thread
Special Forums IP Networking VLANs and their domains
# 1  
VLANs and their domains

Hey everyone. I work in a data center, and I'm working on getting my CCNA. Now when I read articles on the idea of VLAN's it makes sense. Especially if you have multiple switches daisy chained in multiple locations. My two main questions though are that most of these examples use PC's as examples for using VLAN's. But in the environment I work in, we have clients who have 2 and 3u servers, with multiple hard drive bays in these vlans. I don't know what these machines are running, but what could they possibly need to communicate to each other for?

Even in regards to normal PC's like in the examples I read in the cisco book, what protocol or data is sent directly to another PC? If I'm using something like yahoo instant messenger, and I send a message to the person on the same VLAN, does that packet/frame ever leave the vlan? or is it send directly to the switch and the switch sends it to the receiver? Wouldn't something like that go to a Yahoo messaging server somewhere and then send back to the person sitting next to me?

I ask this because I can't think of information that is send directly from one computer to the next without it ever leaving a vlan. Except transfers files or something and the idea of separating broadcasts.

Hope this line of questioning makes sense! Thanks!
# 2  
You can create VLANs,not for common communication, but to isolate layer-2 communication from other network objects. Security.

Example:
If I am on VLAN A I may not be able to ssh over to VLAN B. A lot of places will do this with development versus production servers. Code librarians work on VLAN C with access to A and B. DMZ's are another possible example of isolation at the layer-2 level. Layer-1 isolation is the same idea. If bad guys cannot see network object at all it cannot be attacked. Air gap attacks notwithstanding.
# 3  
Like Jim says, the main purpose would be security enforcement. It is very typical for an application to make use of a web server, an application server, and a database server. The Web server is obviously open on ports 80 and 443, and accessible from the internet. Web server may talk to the application server via, say DCOM, which by default used UDP ports 1024-5000. Lastly, the application server may talk to the Database server using SQL on TCP port 1433.

Ideally these servers would all talk to each other through a firewall, which can perform L3 - L7 application filtering and enforcement. So your firewall would have a leg in all 3 VLANS, and all traffic between the servers would be forced through the firewall. With things like virtual firewalls becoming more common things are becoming more and more complex in the DC. For example, the web, application and db server may all reside on the same physical host in a virtualised environment, so then you need to start thinking about things like 802.1q trunking etc, but that's another discussion Smilie

Last edited by gjws; 07-22-2014 at 09:10 PM.. Reason: spelling

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #928
Difficulty: Medium
64-bit versions of the Unix time stamp will cease to work at 15:30:08 UTC on Sunday, 14 December 2922770265960.
True or False?

10 More Discussions You Might Find Interesting

1. Proxy Server

Linux Networking - VLANs & Multiple IP's

In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies

2. Solaris

Oracle VMs and VLANs

I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology. My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies

3. UNIX for Dummies Questions & Answers

Help with VLANs

Hi Gurus, Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS. Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies

4. UNIX for Dummies Questions & Answers

Sub domains from report

Hi, I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out. mail domain ( example.com) .................. The report column contain mail address in this format : john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies

5. AIX

AIX / Etherchannel / VLANs

I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies

6. IP Networking

vlans

Hi All, I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame. ... (0 Replies)
Discussion started by: lagigliaivan
0 Replies

7. UNIX for Advanced & Expert Users

Different Nameservers for Different Domains?

I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface. Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies

8. UNIX for Dummies Questions & Answers

creating domains

ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies

9. UNIX for Dummies Questions & Answers

blocking domains

Dear All , Kindly note I have sun solaries 7 . I want to block a domain who keep sending emails to my domain and users . thanks (1 Reply)
Discussion started by: tamemi
1 Replies

10. UNIX for Dummies Questions & Answers

multiple domains

Hello, I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies

Featured Tech Videos