Multiple IP's (virtual interfaces) on ONE VLAN?
 

Hi,

* Turbo Fredriksson <turbo@debian.org> [2008-05-22 11:03]:

> 'Shortly', we'll be moving the office to another location (share office
> space with another company), where they have VLAN's. They have given me
> VLAN #20 and from what I can see (I'll be testing my setup later this week),
> everything should be ok.

You'll probably need to use vconfig [1]. That is if you have to
terminate an 802.1q tagged vlan trunk. We use it on our router here and
it works very well.

[1] Debiann package 'vlan'.

regards,
j.
--
Heimo Steps hat sich von seinen Waffen und dem Waffenschein getrennt,
weil die Partei es so wollte.

http://plagi.at/geruecht/

Multiple IP's (virtual interfaces) on ONE VLAN?
 

Turbo Fredriksson wrote:

Currently I have 'eth0' and 'eth0:0'.

'Shortly', we'll be moving the office to another location (share office
space with another company), where they have VLAN's. They have given me
VLAN #20 and from what I can see (I'll be testing my setup later this week),
everything should be ok.

But what about the intranet server which have TWO addresses? I've tried
'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither worked...





/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD
/sbin/vconfig add eth0 20

/sbin/ip address add 1.1.1.1/23 dev vlan20
/sbin/ip link set vlan20 up

---- i guess you're here. just try to add something like this, only the
two last rows:


/sbin/ip address add 2.1.1.1/23 dev vlan20:1
/sbin/ip link set vlan20:1 up

*this is if you've got tagged vlan port* and should work, not tested
actually.


if you do have untaged port in the vlan - just ignore the fact about the
vlan and carry on - it is just like plain ol' ethernet on your
(untagged) side.


edi.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Multiple IP's (virtual interfaces) on ONE VLAN?
 

On Thu May 22 2008 02:02:30 Turbo Fredriksson wrote:
> Currently I have 'eth0' and 'eth0:0'.
>
> 'Shortly', we'll be moving the office to another location (share office
> space with another company), where they have VLAN's. They have given me
> VLAN #20 and from what I can see (I'll be testing my setup later this
> week), everything should be ok.
>
> But what about the intranet server which have TWO addresses? I've tried
> 'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither worked...

Are you certain what they mean by VLAN's? One would normally
configure the VLAN onto the switch ports and the computers would
use normal non-VLAN connections. This is moderately more
secure than allowing each computer to decide which VLAN's it
wants to sniff.

--Mike Bird


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Multiple IP's (virtual interfaces) on ONE VLAN?
 

This one time, at band camp, Mike Bird said:
> On Thu May 22 2008 02:02:30 Turbo Fredriksson wrote:
> > Currently I have 'eth0' and 'eth0:0'.
> >
> > 'Shortly', we'll be moving the office to another location (share office
> > space with another company), where they have VLAN's. They have given me
> > VLAN #20 and from what I can see (I'll be testing my setup later this
> > week), everything should be ok.
> >
> > But what about the intranet server which have TWO addresses? I've tried
> > 'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither worked...
>
> Are you certain what they mean by VLAN's? One would normally
> configure the VLAN onto the switch ports and the computers would
> use normal non-VLAN connections. This is moderately more
> secure than allowing each computer to decide which VLAN's it
> wants to sniff.

Well, that's just a switch configuration - tagged on VLAN n or untagged
on VLAN n. If they've decided to make the port tagged on VLAN n, then
the server needs to support VLAN tagging as well. Just because both the
switch and the server need to agree on the VLAN it's on doesn't mean
there are other tagged VLANs on the port.
--
-----------------------------------------------------------------
| ,'`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------

Multiple IP's (virtual interfaces) on ONE VLAN?
 

On Thu May 22 2008 10:11:38 Stephen Gran wrote:
> This one time, at band camp, Mike Bird said:
> > On Thu May 22 2008 02:02:30 Turbo Fredriksson wrote:
> > > Currently I have 'eth0' and 'eth0:0'.
> > >
> > > 'Shortly', we'll be moving the office to another location (share office
> > > space with another company), where they have VLAN's. They have given me
> > > VLAN #20 and from what I can see (I'll be testing my setup later this
> > > week), everything should be ok.
> > >
> > > But what about the intranet server which have TWO addresses? I've tried
> > > 'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither
> > > worked...
> >
> > Are you certain what they mean by VLAN's? One would normally
> > configure the VLAN onto the switch ports and the computers would
> > use normal non-VLAN connections. This is moderately more
> > secure than allowing each computer to decide which VLAN's it
> > wants to sniff.
>
> Well, that's just a switch configuration - tagged on VLAN n or untagged
> on VLAN n. If they've decided to make the port tagged on VLAN n, then
> the server needs to support VLAN tagging as well. Just because both the
> switch and the server need to agree on the VLAN it's on doesn't mean
> there are other tagged VLANs on the port.

VLAN switch ports are much more common, and are usually handled
differently from Linux VLAN interfaces on home networks. Consider
this fragment from a Cisco switch configuration:

interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
switchport access vlan 4

Port f0/1 is a trunk port, which communicates via tagged packets. This
would normally connect to a router or another switch, although there are
situations where one would connect a VLAN-capable server to a trunk port.

Ports f0/2 and f0/3 are by default "in VLAN 1". They accept incoming
untagged packets and add the "VLAN 1" tag before switching. For output,
only packets tagged "VLAN 1" are considered, and the tag is stripped
before transmission.

Similarly, port f0/4 is "in VLAN 4". Only untagged packets are accepted
inbound, and the "VLAN 4" tag is added before switching. For output,
only packets tagged "VLAN 4" are considered, and the tag is stripped
before transmission.

The boxes attached to f0/2, f0/3, and f0/4 are not themselves configured
for VLANs, indeed they may not have any VLAN capability.

Ports f0/2 and f0/4 cannot see each other's traffic. But all of their
traffic is trunked - typically to a router with multiple subinterfaces,
so that traffic can be routed between VLAN's 1 and 4 when appropriate.

In short, in typical VLAN deployments, neither workstations nor servers
have VLAN configurations. It's all done (more securely) in the switches
and routers.

--Mike Bird



--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Multiple IP's (virtual interfaces) on ONE VLAN?
 

I've always set my vlan interfaces naming scheme to not use the . notation
since Linux gets confused, that said, aliases using ethN.VLAN:A should
work, if you have setup tagged vlan ports (as many others have mentioned by
now) using the 8021q driver and either vconfig manually or the Debian
package (apt-get install vlan).


You may not be receiving tagged frames at all, in fact, unless you're
expected to be trunking multiple vlan's you usually won't.


--On May 22, 2008 11:02:30 AM +0200 Turbo Fredriksson <turbo@debian.org>
wrote:



Currently I have 'eth0' and 'eth0:0'.

'Shortly', we'll be moving the office to another location (share office
space with another company), where they have VLAN's. They have given me
VLAN #20 and from what I can see (I'll be testing my setup later this
week), everything should be ok.

But what about the intranet server which have TWO addresses? I've tried
'eth0:0.20', 'eth0.20:0' (for the virtual interface) but neither worked...


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org







--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Thu May 22 22:30:01 2008
Return-path: <kubuntu-users-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Thu, 22 May 2008 22:20:36 +0300
Received: from chlorine.canonical.com ([91.189.94.204])
by s2.java-tips.org with esmtp (Exim 4.68)
(envelope-from <kubuntu-users-bounces@lists.ubuntu.com>)
id 1JzGL6-0000AQ-LZ
for tom@linux-archive.org; Thu, 22 May 2008 22:20:36 +0300
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <kubuntu-users-bounces@lists.ubuntu.com>)
id 1JzGKv-0000DT-GR; Thu, 22 May 2008 20:20:25 +0100
Received: from [200.55.154.1] (helo=mx1.jovenclub.cu)
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <yosvany01064@cha.jovenclub.cu>) id 1JzGKr-00009O-3I
for kubuntu-users@lists.ubuntu.com; Thu, 22 May 2008 20:20:21 +0100
Received: from mailnull by mx1.jovenclub.cu with spam-scanned (Exim 4.63
(FreeBSD)) (envelope-from <yosvany01064@cha.jovenclub.cu>)
id 1JzHEk-000INo-92
for kubuntu-users@lists.ubuntu.com; Thu, 22 May 2008 20:18:06 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on mx1.jovenclub.cu
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=4.0 tests=ALL_TRUSTED autolearn=ham
version=3.1.6

Received: from mail-usr.jovenclub.cu ([192.168.250.7]
helo=tinored.jovenclub.cu)
by mx1.jovenclub.cu with esmtp (Exim 4.63 (FreeBSD))
(envelope-from <yosvany01064@cha.jovenclub.cu>) id 1JzHEk-000INj-7E
for kubuntu-users@lists.ubuntu.com; Thu, 22 May 2008 20:18:06 +0000
Received: from [192.168.54.3] (helo=mx.cha.jovenclub.cu)
by tinored.jovenclub.cu with esmtp (Exim 4.63)
(envelope-from <yosvany01064@cha.jovenclub.cu>) id 1JzHFK-0000FW-SH
for kubuntu-users@lists.ubuntu.com; Thu, 22 May 2008 20:18:42 +0000
Received: from webmail.cha.jovenclub.cu (ftp.cha.jovenclub.cu [192.168.54.2])
by mx.cha.jovenclub.cu (Postfix) with ESMTP id 6F9BD5E2296
for <kubuntu-users@lists.ubuntu.com>;
Thu, 22 May 2008 20:18:40 +0000 (UCT)
Received: from 192.168.3.78 (proxying for 172.16.10.1)
(SquirrelMail authenticated user yosvany01064)
by webmail.cha.jovenclub.cu with HTTP;
Thu, 22 May 2008 21:18:56 +0100 (BST)
Message-ID: <57551.192.168.3.78.1211487536.squirrel@webmail.ch a.jovenclub.cu>
In-Reply-To: <mailman.80244.1211472264.27872.kubuntu-users@lists.ubuntu.com>
References: <mailman.80244.1211472264.27872.kubuntu-users@lists.ubuntu.com>
Date: Thu, 22 May 2008 21:18:56 +0100 (BST)
Subject: How to install remotelly some workstations
From: =?utf-8?B?WW9zdmFueSBFc3TDqXZleiBPcm96Y28=?=
<yosvany01064@cha.jovenclub.cu>
To: kubuntu-users@lists.ubuntu.com
User-Agent: SquirrelMail/1.4.8-4.el5.centos.1
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: kubuntu-users@lists.ubuntu.com
X-Mailman-Version: 2.1.8
Precedence: list
Reply-To: Kubuntu Help and User Discussions <kubuntu-users@lists.ubuntu.com>
List-Id: Kubuntu Help and User Discussions <kubuntu-users.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/kubuntu-users>,
<mailto:kubuntu-users-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kubuntu-users>
List-Post: <mailto:kubuntu-users@lists.ubuntu.com>
List-Help: <mailto:kubuntu-users-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kubuntu-users>,
<mailto:kubuntu-users-request@lists.ubuntu.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: kubuntu-users-bounces@lists.ubuntu.com
Errors-To: kubuntu-users-bounces@lists.ubuntu.com

Hi. I have installen on my server a new kubuntu and I wonder if there is
some option to install via lan my workstations. Using knoppix I've found
an option at "Terminal Services Server" or some thing like that. I hope in
kubuntu I can find some thing alike.
I'm using kubuntu 7.04 and I also have a comple mirror on my HDD.

How can I deploy kubuntu to my workstations via lan? Any sugestion will be
wellcome.

Thanks,
Yosvany



--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Multiple IP's (virtual interfaces) on ONE VLAN?
 

--On May 22, 2008 10:04:02 AM -0700 Mike Bird <mgb-debian@yosemite.net>
wrote:



Are you certain what they mean by VLAN's? One would normally
configure the VLAN onto the switch ports and the computers would
use normal non-VLAN connections. This is moderately more
secure than allowing each computer to decide which VLAN's it
wants to sniff.


Actually on any switch you're only going to hear the broadcast traffic
unless you take other steps to trick the switch into sending packets for a
different MAC address to your port. That also said any decent VLAN capable
switch lets you decide what VLANs to allow on a particular port, even in
trunk mode, most even allow you to control spanning tree operation as well.
(hint: turn on at least bpduguard on your cisco devices facing
untrusted/customer devices)



--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Multiple IP's (virtual interfaces) on ONE VLAN?
 

On Thu, 22 May 2008, Jogi [utf-8] Hofmüller wrote:
> You'll probably need to use vconfig [1]. That is if you have to
> terminate an 802.1q tagged vlan trunk. We use it on our router here and
> it works very well.

tomorrow i will have to deploy a similar arrangement.
I will use some Linksys SLM2024 and Allied Telesyn GS950 switches.
I have 4 subnets but for historical resaon for some months i will have to
carry all the traffic on a single cable.
Most WS are only on one subnet, so i would untag some ports for each
subnets and carry the traffic between switches on the single wire as
untagged. There are howewer some server that now are connected on two or
three of the subnets.
I was thinking of using only one tagged interface for all three subnets
(the single GB channel is not the bottleneck, that is the disk
performances).
The doubt however arise from the fact that two of then do the following
thing:
sudo ifconfig eth0:xx K.K.K.xx netmask 255.255.255.0
sudo iptables -t nat -A POSTROUTING -s 192.168.L.yy -j SNAT --to-source
K.K.K.175

whre K.K.K.xx are addresses on the K subnet, and 192.168.L.yy in the L
subnet.hereby allowing host on the private subnet L to use public subnet K
(note that on phisical subnet K there is also a logical subnet J with
addresses as 172.25.J.ww and server has either a K.K.K.n and a 172.25.J.n
address bound to eth0 and eth0:1 so it is even possible the natting is
active between the same subnet. (not to say that the same host does VPN
for remopte users wanting to present themselves as 192.168.L.rr
Given these costraints it is better to keep three interfaces on three
tagged port ? (the advantage of vlanning them would be just the saving of
6 cables around and 6 ports on a switch, with further semplification of
the net. what is the price however ?




--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org