From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aseem Rastogi Subject: Re: Iptables and vlan interfaces Date: Mon, 03 Oct 2005 15:35:11 +0530 Message-ID: <43410257.1090200@india.tejasnetworks.com> References: <20050930112129.19898.qmail@focomunicatii.ro> <20050930125427.28160.qmail@focomunicatii.ro> <200509300839.15330.rob0@gmx.co.uk> <4340D42B.2070106@india.tejasnetworks.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Received: from localhost (unknown [127.0.0.1]) by anche.india.tejasnetworks.com (*****) with ESMTP id 8FDD4739D0; Mon, 3 Oct 2005 09:52:57 +0000 (UTC) Received: from india.tejasnetworks.com (aseem.india.tejasnetworks.com [192.168.0.38]) by anche.india.tejasnetworks.com (*****) with ESMTP id D395473999; Mon, 3 Oct 2005 15:22:54 +0530 (IST) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Henrik Nordstrom Cc: netfilter@lists.netfilter.org Okay. Does it mean that if I connect my machine ethernet port to another machine and configure a vlan interface with that port as physical port and then add route to another machine through that vlan interface (I need to do this to use vlan interface right ? ), then all packets sent out of it will be tagged by whatever tag i mention in vconfig? I did't know about vlan support in linux. This can be a good testing platform for L2 applications without requiring special boxes. Henrik Nordstrom wrote: > On Mon, 3 Oct 2005, Aseem Rastogi wrote: > >> i have been following this post rather keenly. it now seems to have >> died down. but still i am not able to understand what is a vlan >> interface. > > > VLANs is IEEE 802.1Q, dividing Ethernet into 4097 virtual Ethernet > networks. (the normal untagged network + 4096 .1q tagged networks = 4097) > > VLAN is normally only used within and between switches, but it is also > possible to use between the switch and a server/host allowing the > server to participate in multiple VLANs on the switch. > > This is configured on the Linux side using vconfig, creating one > vritual network interface per such virtual Ethernet being used between > the server and the switch. The virtual interfaces created by vconfig > is true virtual interfaces and can even have a different MAC address > than the physical interface if you like (defaults to use the same MAC > however). These virtual interfaces is named like > physicalinterface.vlannumber (i.e. eth0.45 for the VLAN with the .1q > tag 45 on the eth0 physical connection). > > More information on the VLAN support in Linux can be found from > http://www.candelatech.com/~greear/vlan.html. The needed software is > also available in most distributions (the kernel driver is available > in the kernel since many years back). \ > > >> can somebody please give me some pointer where i can read about this. >> vlan i thought is a l2 concept and should have nothing to do with l3. > > > vlan is indeed purely a l2 concept, using a slightly different > Ethernet frame format than normal Ethernet allowing for multiple > virtual Ethernet networks to be transported over the same cable. > > IP-aliases on the other hand is purely a l3 concept, allowing you to > have more than one IP address on the same interface, optionally > labelled with a name (interface:name) for administrative purposes. The > (optional) label on an IP-alias has no significant meaning other than > as a reminder to the administrator, and to produce confusing results > when using ifconfig (ifconfig has the odd habit of displaying the > named ip-aliases as if they were separate interfaces). > > Regards > Henrik > -- The end is always good. If it's not good, it's not the end.