Help with multiple IP networks over an ethernet one

Help with multiple IP networks over an ethernet one

[ArcosCom Linux User]

Hello people,
   I have a little problem with one linux box that route some local IP
networks between them and internet.
   An schema from the IP point of view is this:
        (3 uplinks)
  INTERNET <---> route <---> LANS

  From ethernet point of view is this:

  INET link 1 <--->        <---> INET link 3
  INET link 2 <---> router <---> LANs

  Physically there are 3 ethernet networks, one for the uplink 1, other
for uplink 2, and the third is for the lans and the uplink 3.
  I forced to share the ethernet for the LANs and uplink 3.

  The router has 4 interfaces, eth1 for uplink 1, eth2 for uplink 2, eth3
for uplink 3 and eth0 for the LANs.

  The problem I have is that, without a constant time or reason, sometimes
I detect latences between uplink 3 and the router, and other times
between the router and LAN hosts.

  I think that I need to configure something in eth3 config files
(/proc/sys/net/ipv4/conf/eth3) to disallow local frames and allow only
the router and uplink 3 gateway comunication, but I don't found anything
that help me.

  I tried with arp_filter, rp_filter, and many of them, but without
success (I don't found many documentation about it, and I review lartc
and googled about that parameters).

  I think that only allowing arp traffic betwen eth3 and uplink 3 gateway
(using arptables) will solve this, but I don't know if arptables will be
the solution or not.

  Do anybody help me a bit?

  Thanks!!

Re: Help with multiple IP networks over an ethernet one

[Grant Taylor]

On 09/09/08 03:29, ArcosCom Linux User wrote:
> Physically there are 3 ethernet networks, one for the uplink 1, other 
> for uplink 2, and the third is for the lans and the uplink 3. I 
> forced to share the ethernet for the LANs and uplink 3.

Ok...

> The router has 4 interfaces, eth1 for uplink 1, eth2 for uplink 2, 
> eth3 for uplink 3 and eth0 for the LANs.

Just so I understand you correctly.  You have four physical ethernet 
interfaces in the system, but eth3 and eth0 are connected to the same 
ethernet network (broadcast domain)?

(Presuming that the above understanding is correct.)  Why do you have 
eth0 (LANs) and eth3 (uplink 3) connected to the same ethernet network? 
  Rather why not have them be different networks from each other?

> The problem I have is that, without a constant time or reason, 
> sometimes I detect latences between uplink 3 and the router, and 
> other times between the router and LAN hosts.

Ok...

Can we have some information about the IP addresses used for each 
network?  Do all four networks have IP addresses in different subnets / 
networks?  Can we ask what they are (sanitized if need be) for the sake 
of discussion?

> I think that I need to configure something in eth3 config files 
> (/proc/sys/net/ipv4/conf/eth3) to disallow local frames and allow 
> only the router and uplink 3 gateway comunication, but I don't found 
> anything that help me.

I can't say one way or the other for sure until I know what IP addresses 
you have where.  However as a general rule of thumb you don't need to do 
that.  I'd be wondering if you don't have a hardware resource / IRQ 
conflict depending on how much data (amount and / or size of packets).

> I tried with arp_filter, rp_filter, and many of them, but without 
> success (I don't found many documentation about it, and I review 
> lartc and googled about that parameters).
> 
> I think that only allowing arp traffic betwen eth3 and uplink 3 
> gateway (using arptables) will solve this, but I don't know if 
> arptables will be the solution or not.

With out knowing your IP addressing scheme better it's hard to say.



Grant. . . .

Re: Help with multiple IP networks over an ethernet one

[ArcosCom Linux User]

Thanks for the response, I explain a bit more.

The 3 uplinks have 3 public IP addressess (one per uplink), and are "ADSL"
links, one public ip per interface.

eth1 and eth2 have, each one, their direct connect to their ADSL gateway.

eth3 (public IP) and eth0 (private IP) share the same ethernet network.

Physically, this shared ethernet have many wireless bridges (using STP) to
link all the buildings we need to link.

The test I done to see the latences are send 2 pings to the same physical
place to diferent defices from the linux box.

One ping from router to adsl gateway (eth3->uplink3 gateway) and, at the
same time, one ping from router to a workstation (eth0->LAN).

Physically the two pings go trought the same physicall path and end in the
same switch where the uplink3 gateway and the test workstation are.

In router:
   a) I MASQUERADE the IP by interface (-j MASQUERADE), because I need to
have all ougoing frames control.
   b) I balance the routers (as described in lartc and use magle to allow
the responses from the incomming interface where they arrives.
   c) I use tc (using HTB qdiscs) for the QoS (the problem became with QoS
disabled too, don't think this were the problem).

Yesterday, I found a local kernel text file called
/usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ip-sysctl.txt
(internet is not all) where I see a very usefull information about ip
parameters and appears that tweaking some of them will solve some problems
with ARP, but really I don't know many of these parameters and only
appears to be usefull for me some of them: arp_filter, arp_accept,
arp_ignore, rp_filter.

My distro is CentOS 5.2 whith the last kernel (2.6.18 based).

Expect that with this information the problem could be more explained than
in the initial e-mail.

Regards

El Mar, 9 de Septiembre de 2008, 23:49, Grant Taylor escribió:
> On 09/09/08 03:29, ArcosCom Linux User wrote:
>> Physically there are 3 ethernet networks, one for the uplink 1, other
>> for uplink 2, and the third is for the lans and the uplink 3. I
>> forced to share the ethernet for the LANs and uplink 3.
>
> Ok...
>
>> The router has 4 interfaces, eth1 for uplink 1, eth2 for uplink 2,
>> eth3 for uplink 3 and eth0 for the LANs.
>
> Just so I understand you correctly.  You have four physical ethernet
> interfaces in the system, but eth3 and eth0 are connected to the same
> ethernet network (broadcast domain)?
>
> (Presuming that the above understanding is correct.)  Why do you have
> eth0 (LANs) and eth3 (uplink 3) connected to the same ethernet network?
>   Rather why not have them be different networks from each other?
>
>> The problem I have is that, without a constant time or reason,
>> sometimes I detect latences between uplink 3 and the router, and
>> other times between the router and LAN hosts.
>
> Ok...
>
> Can we have some information about the IP addresses used for each
> network?  Do all four networks have IP addresses in different subnets /
> networks?  Can we ask what they are (sanitized if need be) for the sake
> of discussion?
>
>> I think that I need to configure something in eth3 config files
>> (/proc/sys/net/ipv4/conf/eth3) to disallow local frames and allow
>> only the router and uplink 3 gateway comunication, but I don't found
>> anything that help me.
>
> I can't say one way or the other for sure until I know what IP addresses
> you have where.  However as a general rule of thumb you don't need to do
> that.  I'd be wondering if you don't have a hardware resource / IRQ
> conflict depending on how much data (amount and / or size of packets).
>
>> I tried with arp_filter, rp_filter, and many of them, but without
>> success (I don't found many documentation about it, and I review
>> lartc and googled about that parameters).
>>
>> I think that only allowing arp traffic betwen eth3 and uplink 3
>> gateway (using arptables) will solve this, but I don't know if
>> arptables will be the solution or not.
>
> With out knowing your IP addressing scheme better it's hard to say.
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Help with multiple IP networks over an ethernet one

[Brian Austin - Standard Universal]

ArcosCom Linux User wrote:
> Thanks for the response, I explain a bit more.
>
> The 3 uplinks have 3 public IP addressess (one per uplink), and are "ADSL"
> links, one public ip per interface.
>
> eth1 and eth2 have, each one, their direct connect to their ADSL gateway.
>
> eth3 (public IP) and eth0 (private IP) share the same ethernet network.
>
> Physically, this shared ethernet have many wireless bridges (using STP) to
> link all the buildings we need to link.
>
> The test I done to see the latences are send 2 pings to the same physical
> place to diferent defices from the linux box.
>
> One ping from router to adsl gateway (eth3->uplink3 gateway) and, at the
> same time, one ping from router to a workstation (eth0->LAN).
>
> Physically the two pings go trought the same physicall path and end in the
> same switch where the uplink3 gateway and the test workstation are.
>
> In router:
>    a) I MASQUERADE the IP by interface (-j MASQUERADE), because I need to
> have all ougoing frames control.
>    b) I balance the routers (as described in lartc and use magle to allow
> the responses from the incomming interface where they arrives.
>    c) I use tc (using HTB qdiscs) for the QoS (the problem became with QoS
> disabled too, don't think this were the problem).
>
> Yesterday, I found a local kernel text file called
> /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ip-sysctl.txt
> (internet is not all) where I see a very usefull information about ip
> parameters and appears that tweaking some of them will solve some problems
> with ARP, but really I don't know many of these parameters and only
> appears to be usefull for me some of them: arp_filter, arp_accept,
> arp_ignore, rp_filter.
>
> My distro is CentOS 5.2 whith the last kernel (2.6.18 based).
>
> Expect that with this information the problem could be more explained than
> in the initial e-mail.
>
> Regards
>
> El Mar, 9 de Septiembre de 2008, 23:49, Grant Taylor escribió:
>   
>> On 09/09/08 03:29, ArcosCom Linux User wrote:
>>     
>>> Physically there are 3 ethernet networks, one for the uplink 1, other
>>> for uplink 2, and the third is for the lans and the uplink 3. I
>>> forced to share the ethernet for the LANs and uplink 3.
>>>       
>> Ok...
>>
>>     
>>> The router has 4 interfaces, eth1 for uplink 1, eth2 for uplink 2,
>>> eth3 for uplink 3 and eth0 for the LANs.
>>>       
>> Just so I understand you correctly.  You have four physical ethernet
>> interfaces in the system, but eth3 and eth0 are connected to the same
>> ethernet network (broadcast domain)?
>>
>> (Presuming that the above understanding is correct.)  Why do you have
>> eth0 (LANs) and eth3 (uplink 3) connected to the same ethernet network?
>>   Rather why not have them be different networks from each other?
>>
>>     
>>> The problem I have is that, without a constant time or reason,
>>> sometimes I detect latences between uplink 3 and the router, and
>>> other times between the router and LAN hosts.
>>>       
>> Ok...
>>
>> Can we have some information about the IP addresses used for each
>> network?  Do all four networks have IP addresses in different subnets /
>> networks?  Can we ask what they are (sanitized if need be) for the sake
>> of discussion?
>>
>>     
>>> I think that I need to configure something in eth3 config files
>>> (/proc/sys/net/ipv4/conf/eth3) to disallow local frames and allow
>>> only the router and uplink 3 gateway comunication, but I don't found
>>> anything that help me.
>>>       
>> I can't say one way or the other for sure until I know what IP addresses
>> you have where.  However as a general rule of thumb you don't need to do
>> that.  I'd be wondering if you don't have a hardware resource / IRQ
>> conflict depending on how much data (amount and / or size of packets).
>>
>>     
>>> I tried with arp_filter, rp_filter, and many of them, but without
>>> success (I don't found many documentation about it, and I review
>>> lartc and googled about that parameters).
>>>
>>> I think that only allowing arp traffic betwen eth3 and uplink 3
>>> gateway (using arptables) will solve this, but I don't know if
>>> arptables will be the solution or not.
>>>       
>> With out knowing your IP addressing scheme better it's hard to say.
>>
>>
>>
>> Grant. . . .
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>>     
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>   

how about doing something to work around the problem

eg

http://computers.search.ebay.com.au/dual-port_Network-Interface-Cards_W0QQdfspZ1QQsacatZ20318

care needed to find one driven by linux. :-)

regards

Brian

Re: Help with multiple IP networks over an ethernet one

[Grant Taylor]

On 09/10/08 02:51, ArcosCom Linux User wrote:
> Thanks for the response, I explain a bit more.

*nod*

> The 3 uplinks have 3 public IP addressess (one per uplink), and are 
> "ADSL" links, one public ip per interface.

Ok.

> eth1 and eth2 have, each one, their direct connect to their ADSL 
> gateway.

Ok.

> eth3 (public IP) and eth0 (private IP) share the same ethernet 
> network.

This confirms what I was thinking.  However I ask why they are sharing 
the same ethernet network?  Why is the uplink 3 connection on the same 
ethernet network as your LANs?  Is there as reason that this is the case 
rather than just putting uplink 3 directly on eth3 with out putting it 
across the LANs network segment?

> Physically, this shared ethernet have many wireless bridges (using 
> STP) to link all the buildings we need to link.

Ok.  This should not matter.

> The test I done to see the latences are send 2 pings to the same 
> physical place to diferent defices from the linux box.

Ok...

> One ping from router to adsl gateway (eth3->uplink3 gateway) and, at 
> the same time, one ping from router to a workstation (eth0->LAN).
> 
> Physically the two pings go trought the same physicall path and end 
> in the same switch where the uplink3 gateway and the test workstation 
> are.

So the uplink 3 gateway is on the LAN and on the local side of a WAN link?

> In router:
> 
> a) I MASQUERADE the IP by interface (-j MASQUERADE), because I need 
> to have all ougoing frames control.

Is this the only reason that you have both eth0 and eth3 connected to 
the same ethernet network?

> b) I balance the routers (as described in lartc and use magle to 
> allow the responses from the incomming interface where they arrives.

I believe this should be able to be done independent of the physical 
interface that packets are leaving.

> c) I use tc (using HTB qdiscs) for the QoS (the problem became with 
> QoS disabled too, don't think this were the problem).

Ok.

> Yesterday, I found a local kernel text file called 
> /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ip-sysctl.txt 
> (internet is not all) where I see a very usefull information about ip 
> parameters and appears that tweaking some of them will solve some 
> problems with ARP, but really I don't know many of these parameters 
> and only appears to be usefull for me some of them: arp_filter, 
> arp_accept, arp_ignore, rp_filter.

With out knowing for sure what the problem is or what is causing it I 
can't say what to adjust.  However I suspect your problem has something 
to do with the fact that (if I recall correctly) Linux will by default 
respond to ARP queries on any interface for an IP that may be bound to a 
different interface.  In short IPs are more or less bound to the box not 
the interface, thus any interface can get you to the box.  There are a 
couple of /proc entries that will adjust the kernel's ARP behavior to 
make it only respond to ARP queries if they are bound to an IP that is 
bound to the interface that it is coming in on, rather if the 
interface's IP is in the subnet pertinent to the ARP query.

I'm just guessing (with out seeing some TCPDumps of traffic) that 
systems on either eth0 or eth3 are needing to ARP for either of the IPs 
of eth0 or eth3 and the wrong interface is replying, or both are 
replying.  If both interfaces are replying at the same time or if they 
are flip flopping back and forth I can see how your layer 2 ethernet 
network / switch would be getting confused as well as devices wanting to 
talk to said IPs.



Grant. . . .

Re: Help with multiple IP networks over an ethernet one

[ArcosCom Linux User]

Thanks for the response, I'll answer the questions below:

El Mie, 10 de Septiembre de 2008, 16:15, Grant Taylor escribió:
> On 09/10/08 02:51, ArcosCom Linux User wrote:
>> Thanks for the response, I explain a bit more.
>
> *nod*
>
>> The 3 uplinks have 3 public IP addressess (one per uplink), and are
>> "ADSL" links, one public ip per interface.
>
> Ok.
>
>> eth1 and eth2 have, each one, their direct connect to their ADSL
>> gateway.
>
> Ok.
>
>> eth3 (public IP) and eth0 (private IP) share the same ethernet
>> network.
>
> This confirms what I was thinking.  However I ask why they are sharing
> the same ethernet network?  Why is the uplink 3 connection on the same
> ethernet network as your LANs?  Is there as reason that this is the case
> rather than just putting uplink 3 directly on eth3 with out putting it
> across the LANs network segment?
>

Because I cant have another uplink in the router place and I need to put
that in another building that can have another uplink.

>> Physically, this shared ethernet have many wireless bridges (using
>> STP) to link all the buildings we need to link.
>
> Ok.  This should not matter.
>
>> The test I done to see the latences are send 2 pings to the same
>> physical place to diferent defices from the linux box.
>
> Ok...
>
>> One ping from router to adsl gateway (eth3->uplink3 gateway) and, at
>> the same time, one ping from router to a workstation (eth0->LAN).
>>
>> Physically the two pings go trought the same physicall path and end
>> in the same switch where the uplink3 gateway and the test workstation
>> are.
>
> So the uplink 3 gateway is on the LAN and on the local side of a WAN link?
>

Yes.

>> In router:
>>
>> a) I MASQUERADE the IP by interface (-j MASQUERADE), because I need
>> to have all ougoing frames control.
>
> Is this the only reason that you have both eth0 and eth3 connected to
> the same ethernet network?
>

Ah, no, this is not the reason. It's a "logistic" reason only.

>> b) I balance the routers (as described in lartc and use magle to
>> allow the responses from the incomming interface where they arrives.
>
> I believe this should be able to be done independent of the physical
> interface that packets are leaving.
>

Yes, I think so too, only put here to put more information.

>> c) I use tc (using HTB qdiscs) for the QoS (the problem became with
>> QoS disabled too, don't think this were the problem).
>
> Ok.
>
>> Yesterday, I found a local kernel text file called
>> /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ip-sysctl.txt
>> (internet is not all) where I see a very usefull information about ip
>> parameters and appears that tweaking some of them will solve some
>> problems with ARP, but really I don't know many of these parameters
>> and only appears to be usefull for me some of them: arp_filter,
>> arp_accept, arp_ignore, rp_filter.
>
> With out knowing for sure what the problem is or what is causing it I
> can't say what to adjust.  However I suspect your problem has something
> to do with the fact that (if I recall correctly) Linux will by default
> respond to ARP queries on any interface for an IP that may be bound to a
> different interface.  In short IPs are more or less bound to the box not
> the interface, thus any interface can get you to the box.  There are a
> couple of /proc entries that will adjust the kernel's ARP behavior to
> make it only respond to ARP queries if they are bound to an IP that is
> bound to the interface that it is coming in on, rather if the
> interface's IP is in the subnet pertinent to the ARP query.
>
> I'm just guessing (with out seeing some TCPDumps of traffic) that
> systems on either eth0 or eth3 are needing to ARP for either of the IPs
> of eth0 or eth3 and the wrong interface is replying, or both are
> replying.  If both interfaces are replying at the same time or if they
> are flip flopping back and forth I can see how your layer 2 ethernet
> network / switch would be getting confused as well as devices wanting to
> talk to said IPs.
>

Yes, that appears to be the problem (seeing tcpdumps in each interface).

Do you have any suggestion about that parameters on that interfaces?
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Help with multiple IP networks over an ethernet one

[Grant Taylor]

On 09/10/08 14:13, ArcosCom Linux User wrote:
> Thanks for the response, I'll answer the questions below:

You are welcome.

> Because I cant have another uplink in the router place and I need to 
> put that in another building that can have another uplink.

Ok... Let me see if I (now) understand you right.  You have your router 
in question along with uplinks 1 and 2 (and their associated modems / 
routers) in one location and uplink 3 (and it's associated modem / 
router) and (part of) the LAN are located in another building?  Further 
you can't make an additional connection between the buildings to connect 
uplink 3 to the router?

> Ah, no, this is not the reason. It's a "logistic" reason only.

*nod*  (Logistics being proximity and / or cabling)

> Yes, that appears to be the problem (seeing tcpdumps in each 
> interface).

*nod*

> Do you have any suggestion about that parameters on that interfaces?

I don't recall the option(s) that need to be set off hand, but I think 
you are looking for the the ARP /proc entries that tell the system to 
only reply to ARP queries if they come in an interface that has an IP in 
the subnet that the query is for.  Thus when you receive ARP queries on 
eth0 and eth3, the system should only reply from eth0 or eth3 depending 
on what IP is being ARPed for (the uplink 3 or LAN IP).

Something else to consider is VLAN trunking across the connection from 
eth0 to the LAN(s).  Heck, you might consider putting all six networks 
on its own VLAN: u1, u2, u3, l1, l2, and l3.  If you trunk across the 
connection between buildings, you can access the uplink modems any where 
you can connect to the VLAN.  I've successfully had a cable modem (that 
was connected to its own VLAN) at the opposite end of a campus from the 
router with out any problems at all.



Grant. . . .



Grant. . . .

Re: Help with multiple IP networks over an ethernet one

[ArcosCom Linux User]

Thanks again, I'll answer below:

El Mie, 10 de Septiembre de 2008, 22:34, Grant Taylor escribió:
> On 09/10/08 14:13, ArcosCom Linux User wrote:
>> Thanks for the response, I'll answer the questions below:
>
> You are welcome.
>
>> Because I cant have another uplink in the router place and I need to
>> put that in another building that can have another uplink.
>
> Ok... Let me see if I (now) understand you right.  You have your router
> in question along with uplinks 1 and 2 (and their associated modems /
> routers) in one location and uplink 3 (and it's associated modem /
> router) and (part of) the LAN are located in another building?  Further
> you can't make an additional connection between the buildings to connect
> uplink 3 to the router?
>

I can't, there's no visible line between builds.

>> Ah, no, this is not the reason. It's a "logistic" reason only.
>
> *nod*  (Logistics being proximity and / or cabling)
>
>> Yes, that appears to be the problem (seeing tcpdumps in each
>> interface).
>
> *nod*
>
>> Do you have any suggestion about that parameters on that interfaces?
>
> I don't recall the option(s) that need to be set off hand, but I think
> you are looking for the the ARP /proc entries that tell the system to
> only reply to ARP queries if they come in an interface that has an IP in
> the subnet that the query is for.  Thus when you receive ARP queries on
> eth0 and eth3, the system should only reply from eth0 or eth3 depending
> on what IP is being ARPed for (the uplink 3 or LAN IP).
>

Appears that, between e-mail and e-mail, I have a workaround changing arp
parameters to the interfaces.

Many thanks!!

> Something else to consider is VLAN trunking across the connection from
> eth0 to the LAN(s).  Heck, you might consider putting all six networks
> on its own VLAN: u1, u2, u3, l1, l2, and l3.  If you trunk across the
> connection between buildings, you can access the uplink modems any where
> you can connect to the VLAN.  I've successfully had a cable modem (that
> was connected to its own VLAN) at the opposite end of a campus from the
> router with out any problems at all.
>

Uhmm ... VLANs ... sound fine!!

Do you know any URL to begin with VLANs?

Thanks!!

>
>
> Grant. . . .
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Help with multiple IP networks over an ethernet one

[Grant Taylor]

On 9/10/2008 5:48 PM, ArcosCom Linux User wrote:
> Appears that, between e-mail and e-mail, I have a workaround changing 
> arp parameters to the interfaces.

Good.  :)

> Many thanks!!

You are welcome.

> Uhmm ... VLANs ... sound fine!!
> 
> Do you know any URL to begin with VLANs?

Um, no, I can't say as I do know of a URL / web page to start reading. 
Fell free to reply and ask questions either to the mailing list, or if 
we get too far off topic (Net Filter) email me directly and I'll try to 
help.

In short, VLAN (802.1q) , or Virtual Local Area Network, is a way to 
take an ethernet frame and use some of the previously unused bits in the 
ethernet frame header to indicate which virtual LAN that the given frame 
belongs to.  If memory serves correctly the VLAN number space can hold 
4096 unique VLANs.  VLAN tagging / trunking is the method to pass 
ethernet frames between switches and / or computers so that one can tell 
the other what VLAN the frame belongs to on a single connection.  This 
means that you can have one connection to a router with a separate VLAN 
for each department, floor, building, what ever.

Most server / router grade operating systems / equipment do (and have 
for a long time) support VLANs.  Thus you can have a Linux router with 
multiple VLAN interfaces that correspond to a given VLAN in a network. 
With what I was suggesting previously, you could create a separate VLAN 
for all your uplinks as well as your three LANs.  This would reduce the 
amount of (broadcast) traffic in each LAN as well as providing long 
reach ethernet ports in routers.  If you put all your uplinks and LANs 
in their own VLAN and trunked between switches and your router you could 
freely move your router / server(s) any where so long as they can trunk 
in to a switch and access the VLAN.



Grant. . . .