Networking :: Layer 2 Switch - VLAN Router To Network
May 15, 2009
Our ISP provides us with Layer 2 hardware (Modem?/Switch? (Hatteras)) for our leased line and internet access. I have been told that I should set up a VLAN capable router to separate the internet traffic from the internal traffic. I found that linux is capable of VLAN routing. Nice!
I have setup opensuse 10.3 put in two NICs and did the following
vconfig add eth0 10
vconfig add eth0 20
ifconfig public.ip.add.ress netmask 255.255.255.252 eth0.10 up
ifconfig 192.168.0.1 netmask 255.255.255.0 eth0.20 up
Plugged this NIC into the HATTERAS hardware (with a straight cable), and thought that this way I should be able to ping the public gateway or any ip out on the internet. My ISP is telling me that I should create a VLAN trunk to be able to 'use the internet', but as I understand in linux if I create any number of VLANs on one NIC they are already trunked. I also got the info, that the traffic is tagged, and I can separate the traffic reading the tags. I already read that some NICs are not able to VLAN because they are not able to handle the increased packet size.
Also that the MTU setting is important (dono' the exact value though, only that its important). I thought that a linux machine can act as a router and firewall in such a case, because proprietary switches/routers use linux as embedded os. This is my first meeting with VLAN so if this whole post does not make any sense or you think that I just need to RTFM more then tell me! I also have some (3) Dlink 3226 Layer2 switches around, but I think it would be waste to use a 24 port switch on this subject.
Before going to vlan topic I have basic question. I have a gateway as 10.209.108.1/22 if I am connecting gateway to cisco 3750 switch port 1 can I use remaining ports to connect via above gateway? I mean suppose I am connecting NIC to port 2 and IP 10.209.111.200 can i ping 10.209.108.1? Is this valid without configuring any vlan or anything on switch?
I'm looking for a way (kernel patches, configuration, etc) to bond multiple network interfaces together but for limited purposes. Here's the setup. Machines A, B, C, and D each have 4 NICs, each of which are on separate unmanaged switches. The connections are made in a corresponding way. e.g. eth0 of each machine are connected via switch 0, eth1 are connected via switch 1, etc. There are also other machines which have only one NIC and are connected to switch 0 only. All NICs for A/B/C/D and the switches are gigabit speed. The remaining machines have a low traffic level. Machines A/B/C/D need the extended bandwidth. And this bandwidth need usually involves only one connection at a time.
E.g. machine A transferring files to machine C with no other traffic going on. The speed need is to cut the transfer times from several hours to few hours (such as 8 hours to 2 hours). Transfers of up to a few terabytes at a time are involved. IEEE 802.1AX won't accomplish this. It requires special support from a single switch that all connection go to (raising costs and reducing reliability). Also, from technical details of 802.1AX, it appears that a decision process is made for which traffic goes over which physical link based on destination information. It's unclear what impact this will have, but it looks like at least a single TCP connection cannot use all physical links.
And possibly all traffic from host A to host B is limited to a physical link (not any better than a round robin of crossover cables). What I am looking for is something that works entirely on an end-to-end basis within a LAN. If it works at the link layer, that could be OK as long as it doesn't have the limitations of 802.1AX. Working at the IP layer would be OK, too (as I can already envision the logic of how to make that work). This might be an experimental patch to the Linux kernel if anyone has tried it. I have not dug into kernel source to see what might be in there, yet, but will eventually do that if there isn't a patch already available.
im trying to send pages of 4096 bytes from kernel layer of server to kernel layer of client over a network. previously i tried the foll. code , for data less than a 100 bytes it worked fine , but for something larger than that the computer hangs......(even the dmesg's wont say why) i also wanted to know how we could use the 'sendpage' function to solve this problem.
I have a laptop connected to the the net thru an adsl modem, when I switch off the laptop network interface,(thru system-config-network) the light of the laptop network card plugged in the router stays on ( green) where as in my pc, when i do the same thing , the light of my pc network card goes off in the modem
Using Fedora 10, can anyone tell me how to setup the network scripts to create two network interfaces for vlan x and y. Both interfaces should obtain an ip from dhcp and both interfaces should run over eth0.
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
EDIT: I found a sample configuration, sadly without any comments, where there are defined some interfaces named vlan1:0 trough vlan1:3. Could that be the option I've been looking for.However in the definition of the vlan1 device it is configured with the subnetmask 255.0.0.0 . I would like to know the mechanics of that option, too.
2. In the wlan part of the network I want to have a dhcp server distributing ip addresses. However I want hosts the server 'knows' (by mac address) to be in a different vlan than those unknown. Is there any way to achieve that? If yes, do I need special wlan access points or can I do it by my configurable switch or by the server?
I have two laptops and a desktop. At any given moment I would like the desktop to be able to download a file over WAN at maximum speed while one laptop does the same over wireless and the other laptop shares files either wired through a gigabit switch or wireless over wireless G or N. Is this too much to ask from a router/switch/wireless AP combo unit with a single processor? I'm thinking it's at least a lot. What if I ran the modem into the WAN connection of a good router. Then connected a separate wireless G/N access point and gigabit switch to the LAN connections of the router? That seems to me like it would relieve some of the bottle necks I would encounter with the scenario described above AND allow me to upgrade each unit as needed.
I have a wireless router with a 4-port switch built in. The router is a Linksys WRT310N. I have more than 4 devices that I would like to connect through wired connections...so I have an 8 port switch that I connect into one of the 4 ports on the back of the router. Whenever I do this, the wireless functionality stops working! To get wireless back, I just have to unplug the gigabit switch (and unplug/plug in the router) and wireless is back up and running.
It doesn't seem to matter which port I plug the switch into so that isn't the cause of this. Also, I can connect up 4 devices where none of them is a switch (i.e. 4 computers) and wireless still works just fine -- so it doesn't seem to be a problem that there are 4 devices attached. when the switch is connected to my router, the devices behind it work just fine. However, the wireless devices all obtain 169.254.*.* addresses so clearly the clients are failing to obtain an address from the router (the DHCP server).
I'm having trouble getting my network set up the way that I want it/had it. You see, when I first set up my network, I just had my cable modem going directly to my standard wired router (A D-Link DI-604), which had DHCP,and was connected to all of the computers on my network. I had one switch hooked up to one of the ports of the router, but this was a regular switch, and it would not try to assign IP addresses, it would just pass through the DHCP info as I wanted.
Now however, my network setup has changed. My room mate and I both got laptops, and we decided that we wanted to have wireless access so we didn't have to constantly plug in to the router.
Now my network is set up like this: The modem is hooked up to the router(DI-604), which is hooked up on the LAN side to our computers, our switch (which is hooked up to 3 more computers), and to a wireless router card (A Gigabyte GN-BC01).
The wireless router card has two jacks for ethernet. One for WAN, and one for LAN. The LAN side we have plugged only into the computer in which the card is installed.
Now the problem is this: The wireless router card comes with DHCP by default, and it's assigning addresses to the laptops and to the computer hat it's in, and worse, the IP addresses are on a different subnet than that of the main dlink router. The Main (dlink) router assigns addresses from 192.168.0.1 (itself) to 192.168.0.254, while the wireless router card assigns addresses from 192.168.1.1 to 192.168.1.254 (itself).
Because of this, I cannot access services on the wireless network from my wired network or vice versa. The first thing I tried was setting the card to assign addresses from 192.168.0.12 to 192.168.0.253, however it just said "internal error" when I tried to do this. I decided that this may be because it sees that it was being assigned an address on it's WAN side on the same subnet. So the next thing I tried was disabling DHCP and setting the "LAN IP Address" to 192.168.0.12, hoping that the DHCP would just go through the card, like a switch. I would have set the LAN IP address to be assigned by DHCP, but this was not an option, so I decided that'd be the best thing to set it to.
Once again however, setting the LAN ip address to an address on the same subnet as that of the IP assigned to it's WAN side caused it to report an "internal error". I verified that this was the issue by setting the LAN address to several other private IP addresses to test (I.E. 10.0.0.1, 192.168.3.1, 192.168.5.12).
My question then really is: How do I set up both routers so that I can access services and computers from each network from the other network. Should I set them with different subnets and set the gateway on the wireless network to the main router? To the wireless router card? Should I put them on the same subnet? Will it know how to communicate?
Here is a link to (picture) my network diagram. Network Diagram
I want to know the IPsec-Advantages and Disadvantages that arise because of its location on the network layer in the OSI-Model. I read rfc2401 and rfc4301 specifications to find out the advantages and disadvantages of IPsec being located on the network layer in the OSI-Model (equivalent to Internet layer in the TCP/IP protocol stack). I really could not find enough good reasons for the advantages and disadvantages of IPsec being located on network layer. Here are some of them that I could think of:Advantage: - No application-specific implementation is needed (in comparison to SSL/TLS) - The ability to connect two subnets on the internet (tunneling mode) - Ability to encrypt the traffic between two end-points (transport mode)Disadvantage: - Complex implementation of ipsec itself - High computation performance when AH and ESP both activated - No encryption for the packets to the destination if it is arrived on the subnet on the other side when tunneling mode is activated.
(the network traffic is no more encrypted inside the subnet)What else can you guys add more to these advantages and/or disadvantages? The focus is IP-sec location on the network layer. (it is a kind of comparison to ssl/tls which is upper layer protocol)I would be grateful to any responses.P.S: I hope that this thread has landed in its right place.
basing on the research and trial and error which am still on the trial stage with errors here's the scenario We have 5 VLAN's with and existing Windows DHCP Server, that serves 5 Scopes for the 5 VLAN's 192.168.100.x and 192.168.200.x IP Addressess evrything works well on our Windows DHCP server, what i want to do is replace our windows dhcp server with a linux box , with one NIC , ive read about VLAN on linux 802.xx something and VLAN Tagging am already confused on what to do.. what i want to ask you guys is an assistance implementation the vLAN on linux then the dhcpd.conf
I am thinking of moving the router behind a server and connecting the server directly to the internet via a modem. Are there any security issues related to doing this? or other things I should be aware of. Iptables are implemented on the server blocking access on unused ports.
I want to implement a cross layer approach. I want to pass the network information such as delay from the MAC layer to Network layer. Can you tell me the way I am new to this. I am using linux (fedora). I think some system call will do the trick. Correct me if I am wrong. (I want to implement QoS matrices)
The module e1000e is loaded into system. At addition VLAN the system hangs at a stop VLAN or configure other devices (sound, video). In OpenSuSe 11.3 it worked correctly. MB: ASUS P5Q-ME DO / NetCard: Intel 82567LM-3
We have an old Zonet 10/100 switch in our home network that locks up whenever there's a power glitch longer than about a microsecond. (OK. It's not that bad but if the lights flicker, I usually end up going down to the basement to see if the switch is hung.) None of the computers or peripherals are affected by the glitches, BTW. Power-cycle the switch and everything starts working again. After putting up with this for months I finally picked up a Netgear 8-port 10/100/1000 switch to replace the Zonet. Unfortunately, when the Netgear switch is in the network, everything slows to a crawl before completely freezing up. Pinging other systems barely worksname would not work.Pinging another system by its IP address worked a little but packet losses of 70%-80% were the best I saw. At first. Then it gets to where the loss is 100%.
All systems were rebooted after the Netgear switch was inserted into the network. The systems that were capable of gigabit connections autosensed the new switch and set their port speed accordingly. And that's about all that works when the Netgear switch is present. (The Zonet is back in the network now.)One thing I have not tried is forcing the port speed on the gigabit-capable systems to 100Mb and re-inserting the Netgear switch into the network to see if the problem if due to running some of the ports at 1000Mb.The systems on the network are running various versions of Linux (with different kernel versions, of course). Most are due for upgrades to get them current but I was planning on hitting the systems that had gigabit-capable ethernet interfaces thinking that a.) 100Mb speeds have been around forever and no problems have been seen when everything was running at 100Mb in the past and b.) the gigabit support for the older kernels should be better (one system only supports an MTA of 1500 max at 1000Mb).
I installed the CentOS v5.4 on a virtual machine vmware server v1.0. I put the the vmware ethernet on bridged mode and now I have an ip address, subnet mask and dns from my dhcp server from the the office where I am. I edit the file /etc/sysconfig/network and I put there the gateway ip. Now is okay but not at my home where I have another gateway ip. a script who switch between my gateways ?
When there is a power failure at my university for about 30 minute, my computer stays up because of a UPS, but the switch it is connected to via ethernet is reset. After this, my machine loses network connectivity until I manually select the network using nm-applet.
In System -> Preferences -> Network Connections, the network has the "Connect automatically" box checked.
However, in /etc/NetworkManager/nm-system-settings.conf, there is a line that says:
Code: no-auto-default=00:30:48:b0:11:07, and that is the MAC address of the ethernet card.
I'm trying to get online on my laptop, I just installed Ubuntu 10.04 (Side by side with Windows 7.) I'm looking over the networking help files, as well as the troubleshooting and nothing seems to be working. [URL]. From this troubleshooting guide it tells me to open the terminal and type the command "sudo lshw -C network" and when I do, it asks me for my password but when I try to type it, nothing comes up. So I run it without typing sudo. It says "*-network DISABLED" which in the troubleshooting guide means that my router is off, but I'm clearly online on this computer as of right now.