[Gllug] A little OT: On the limits of VLANs

[Bruce Richardson]

On Thu, Apr 29, 2010 at 08:41:52AM +0100, Andrew wrote:
> On (03:48 29/04/10), general_email at technicalbloke.com wrote:
> 
> > It looks fairly straight forward to create several VLANs and, as I've
> > only got one switch I  don't think any of the known VLAN hopping hacks
> > apply to me. So what I was hoping to do was section off say 8 ports, put
> > them all on their own VLAN and then make one of my servers a member of
> > all 8 of those VLANs, the intended effect being that the machines
> > plugged into those 8 ports can not see each other but can see my server.
> > Is that something I could do with VLANs? The other scenario I'm
> 
> You should just need to designate a port as "trunk" rather than be on a
> specific VLAN, and then on your host configure VLAN interfaces that pick up
> each of these.

Um, only if you want the security of the network to be entirely
voluntary.  The OP said he wanted the machines not to be able to see
each other, so I would be plugging them into VLANned ports unless there
were a good reason for them to need to see more than one VLAN.  

Why make the network configuration on your hosts more complex and more
fragile (and less secure) than it need be?  VLAN the switch, plug hosts
into the appropriate VLANs, get on with life.

The only host that should normally need to be aware of 802.1q trunking
would be a router that connected the VLANs.

-- 
Bruce

The ice-caps are melting, tra-la-la-la.  All the world is drowning,
tra-la-la-la-la.  -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100429/b42efb16/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug