[Gllug] A little OT: On the limits of VLANs

Andrew Back andrew at osmosoft.com
Thu Apr 29 08:03:16 UTC 2010 

On (08:58 29/04/10), Bruce Richardson wrote:
> On Thu, Apr 29, 2010 at 08:41:52AM +0100, Andrew wrote:
> > On (03:48 29/04/10), general_email at technicalbloke.com wrote:
> > 
> > > It looks fairly straight forward to create several VLANs and, as I've
> > > only got one switch I  don't think any of the known VLAN hopping hacks
> > > apply to me. So what I was hoping to do was section off say 8 ports, put
> > > them all on their own VLAN and then make one of my servers a member of
> > > all 8 of those VLANs, the intended effect being that the machines
> > > plugged into those 8 ports can not see each other but can see my server.
> > > Is that something I could do with VLANs? The other scenario I'm
> > 
> > You should just need to designate a port as "trunk" rather than be on a
> > specific VLAN, and then on your host configure VLAN interfaces that pick up
> > each of these.
> 
> Um, only if you want the security of the network to be entirely
> voluntary.  The OP said he wanted the machines not to be able to see
> each other, so I would be plugging them into VLANned ports unless there
> were a good reason for them to need to see more than one VLAN.  

Sorry, I should have been clearer: I meant the server on a trunk port and
_not_ the other hosts, which would, as you pointed out, be pinned to a
specific VLAN.
 
> Why make the network configuration on your hosts more complex and more
> fragile (and less secure) than it need be?  VLAN the switch, plug hosts
> into the appropriate VLANs, get on with life.

Not at all what I was suggesting.
 
> The only host that should normally need to be aware of 802.1q trunking
> would be a router that connected the VLANs.

Quite.

Cheers,

Andrew
 
> -- 
> Bruce
> 
> The ice-caps are melting, tra-la-la-la.  All the world is drowning,
> tra-la-la-la-la.  -- Tiny Tim.



> -- 
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug


-- 
Andrew Back
mailto:andrew at osmosoft.com
http://carrierdetect.com
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list