[Gllug] A little OT: On the limits of VLANs
andrew at osmosoft.com
Thu Apr 29 08:03:16 UTC 2010
On (08:58 29/04/10), Bruce Richardson wrote:
> On Thu, Apr 29, 2010 at 08:41:52AM +0100, Andrew wrote:
> > On (03:48 29/04/10), general_email at technicalbloke.com wrote:
> > > It looks fairly straight forward to create several VLANs and, as I've
> > > only got one switch I don't think any of the known VLAN hopping hacks
> > > apply to me. So what I was hoping to do was section off say 8 ports, put
> > > them all on their own VLAN and then make one of my servers a member of
> > > all 8 of those VLANs, the intended effect being that the machines
> > > plugged into those 8 ports can not see each other but can see my server.
> > > Is that something I could do with VLANs? The other scenario I'm
> > You should just need to designate a port as "trunk" rather than be on a
> > specific VLAN, and then on your host configure VLAN interfaces that pick up
> > each of these.
> Um, only if you want the security of the network to be entirely
> voluntary. The OP said he wanted the machines not to be able to see
> each other, so I would be plugging them into VLANned ports unless there
> were a good reason for them to need to see more than one VLAN.
Sorry, I should have been clearer: I meant the server on a trunk port and
_not_ the other hosts, which would, as you pointed out, be pinned to a
> Why make the network configuration on your hosts more complex and more
> fragile (and less secure) than it need be? VLAN the switch, plug hosts
> into the appropriate VLANs, get on with life.
Not at all what I was suggesting.
> The only host that should normally need to be aware of 802.1q trunking
> would be a router that connected the VLANs.
> The ice-caps are melting, tra-la-la-la. All the world is drowning,
> tra-la-la-la-la. -- Tiny Tim.
> Gllug mailing list - Gllug at gllug.org.uk
mailto:andrew at osmosoft.com
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG