Iptables and vlan interfaces

[Aseem Rastogi]

Okay.

Does it mean that if I connect my machine ethernet port to another 
machine and configure a vlan interface with that port as physical port 
and then add route to another machine through that vlan interface (I 
need to do this to use vlan interface right ? ), then all packets sent 
out of it will be tagged by whatever tag i mention in vconfig?

I did't know about vlan support in linux. This can be a good testing 
platform for L2 applications without requiring special boxes.

Henrik Nordstrom wrote:

> On Mon, 3 Oct 2005, Aseem Rastogi wrote:
>
>> i have been following this post rather keenly. it now seems to have 
>> died down. but still i am not able to understand what is a vlan 
>> interface.
>
>
> VLANs is IEEE 802.1Q, dividing Ethernet into 4097 virtual Ethernet 
> networks. (the normal untagged network + 4096 .1q tagged networks = 4097)
>
> VLAN is normally only used within and between switches, but it is also 
> possible to use between the switch and a server/host allowing the 
> server to participate in multiple VLANs on the switch.
>
> This is configured on the Linux side using vconfig, creating one 
> vritual network interface per such virtual Ethernet being used between 
> the server and the switch. The virtual interfaces created by vconfig 
> is true virtual interfaces and can even have a different MAC address 
> than the physical interface if you like (defaults to use the same MAC 
> however). These virtual interfaces is named like 
> physicalinterface.vlannumber (i.e. eth0.45 for the VLAN with the .1q 
> tag 45 on the eth0 physical connection).
>
> More information on the VLAN support in Linux can be found from 
> http://www.candelatech.com/~greear/vlan.html. The needed software is 
> also available in most distributions (the kernel driver is available 
> in the kernel since many years back). \




>
>
>> can somebody please give me some pointer where i can read about this. 
>> vlan i thought is a l2 concept and should have nothing to do with l3.
>
>
> vlan is indeed purely a l2 concept, using a slightly different 
> Ethernet frame format than normal Ethernet allowing for multiple 
> virtual Ethernet networks to be transported over the same cable.
>
> IP-aliases on the other hand is purely a l3 concept, allowing you to 
> have more than one IP address on the same interface, optionally 
> labelled with a name (interface:name) for administrative purposes. The 
> (optional) label on an IP-alias has no significant meaning other than 
> as a reminder to the administrator, and to produce confusing results 
> when using ifconfig (ifconfig has the odd habit of displaying the 
> named ip-aliases as if they were separate interfaces).
>
> Regards
> Henrik
>


-- 
The end is always good. If it's not good, it's not the end.