Vlan

Vlan

Post by WebNewsReade » Sun, 15 Oct 2006 07:44:52



Hi
I would like to get a simple setup (on cd or floppy preference) the permits
me to create:

- 2 vlans
- Vlan 1 - Nic 1 and Nic 2
- Vlan 2 - Nic 1 and Nic 3
- Prevent any trafic between Nic 2 and Nic 3

Used material:

- Old PC with three NIC (network interface cards)

------------------------------------------------------

The main idea is to permit a public access to my ethernet router
without compromising security on a private segment of my lan.

Any ideas ???

 
 
 

Vlan

Post by Tauno Voipi » Sun, 15 Oct 2006 17:36:42



> Hi
> I would like to get a simple setup (on cd or floppy preference) the permits
> me to create:

> - 2 vlans
> - Vlan 1 - Nic 1 and Nic 2
> - Vlan 2 - Nic 1 and Nic 3
> - Prevent any trafic between Nic 2 and Nic 3

> Used material:

> - Old PC with three NIC (network interface cards)

> ------------------------------------------------------

> The main idea is to permit a public access to my ethernet router
> without compromising security on a private segment of my lan.

> Any ideas ???

If you have 3 physical interfaces, you do not need
VLANs, but firewalled routing. A VLAN permits you
to tag the packets in an Ethernet segment so that
you can run multiple separate LAN links on one
physical interface and cable.

The concept you're looking for is called DMZ (de-militarized
zone) firewalling. Get iptables references, and read them.

A starting point could be <http://www.linuxjournal.com/article/4415>.

--

Tauno Voipio
tauno voipio (at) iki fi

 
 
 

Vlan

Post by WebNewsReade » Mon, 16 Oct 2006 05:27:50


Thank you



> > Hi
> > I would like to get a simple setup (on cd or floppy preference) the
permits
> > me to create:

> > - 2 vlans
> > - Vlan 1 - Nic 1 and Nic 2
> > - Vlan 2 - Nic 1 and Nic 3
> > - Prevent any trafic between Nic 2 and Nic 3

> > Used material:

> > - Old PC with three NIC (network interface cards)

> > ------------------------------------------------------

> > The main idea is to permit a public access to my ethernet router
> > without compromising security on a private segment of my lan.

> > Any ideas ???

> If you have 3 physical interfaces, you do not need
> VLANs, but firewalled routing. A VLAN permits you
> to tag the packets in an Ethernet segment so that
> you can run multiple separate LAN links on one
> physical interface and cable.

> The concept you're looking for is called DMZ (de-militarized
> zone) firewalling. Get iptables references, and read them.

> A starting point could be <http://www.linuxjournal.com/article/4415>.

> --

> Tauno Voipio
> tauno voipio (at) iki fi

 
 
 

1. To vlan or not to vlan, that's the question

Hello everyone, 1st. post on this group here! (hope it's the right place)

Actually the network I administer, consists of actually 3 networks,
INTERNAL, DMZ, and EXTERNAL, that may be a familiar scenario for most of
you, simple and effective. The three networks, are interconnected with a
firewall (on a linux box, using netfilter). I was asked to literally
divide the network in two (phisically and/or logically), intending to
improve security & performance.

That's why we considered the option of a switch with VLAN support (but
we haven't done it in a serious way yet). Notice that we're talking
about a network with <100 hosts, counting servers and workstations.

The 1st. question is:
1) Why would I spend $$ on a switch that supports VLAN, among other
features(*), if (IMHO) I can implement the same thing with 2 common
switches (less money), and a firewall interconnecting them (managing
security & routing) ?

beside the -probable- answer is 'you just don't need vlan!!! Don't burn
money!', please let me write some additional questions:

2) in what environment is really worthy implement vlan?
Google took me here:
http://nislab.bu.edu/nislab/education/sc441/six/implementation.htm
"Why implement Vlan?" but, It'd be nice to see comments about some
real-life examples.

3) What can I do with a vlan switch than I CANNOT DO with 2 switches?

4) The firewall/router interconnecting both networks will have any
special issues to consider if the interconnected networks are a vlan
network, or are independient?

(*) there may be other features, that I don't know, and even I may not
need, but this can be gently answered in question 2 ;)

Regards,

pd: sorry for my eventual lack of knowledge, in that case, here go my
apologies in advance, and I'd be glad to be pointed to some "FMs"...so I
can RTFM  :P

--
Jose R. "Xous" Negreira
[ *xous*at*xouslab_dot_com* ]
XousLAB - http://www.xouslab.com
iptableslinux - http://www.iptableslinux.com

2. X problems with Rh 7.1

3. VLAN/DHCP IP Address by Floor

4. Help on setting up network card on new computer (IBM)

5. VLAN Support

6. Help installing a EEpro 10+

7. FreeBSD as eth swtich w/ vlans

8. Apache2 <IfDefine SSL> not working - HUH?

9. VLAN routing issues

10. NIC with ISL / vlan support

11. Server with NICs in different VLANs: separation/routing

12. VLAN's

13. VLAN in kernel?