Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I am trying to get a home network ridiculously secure for educational purposes. In the past I've seperated a few networks and created virtual interfaces on the internal eth0 network, I now have eth0, eth0:1 and eth0:2. These have clients with different subnets on it, 192.168.0.0/24 1.0/24 and 2.0/24. Now I have this cheap wifi accesspoint that supports vlan and multiple ssid and I'd like to make use of that to be able to isolate the traffic on the "guest" network so it can only reach the server and then on the server be able to control the traffic with iptables.
the network looks like:
-computer1 -guest devices
Because the debian 6 server is able to cope with vlan tagged packets and because the accesspoint supports this I'd like to mix vlan tagged and untagged packets, this way my trusted computer1 is seperated from the guests not only by IP.
What I'd like to know is if it's possible to use both kinds of traffic on the unmanaged switch that doesn't support vlan tagging.
And if I'm right about the theory, would anyone on the guest wifi network be able to sniff any traffic from the trusted network if the trusted network is not tagged? I don't mind the trusted network being able to mess things up, therefore it's trusted.
If the switch is just dumb, then it will not see the 802.1q data in the tagged traffic, so it will be switched as if it were normal traffic, on MAC addresses as usual.
The traffic is no more or less sniffable than untagged data. It will be sent down that cable if the MAC address in the destination header in the frame is believed to be on the other end of it, tag or no tag. With a tagged switch that port will simply not be able to be used for the tagged traffic if not configured to be able to do so.
so I can just combine the traffic and make the debian side of this accept both untagged and tagged traffic?
the switch is a dumb gb switch, I also have a cisco 2950 that supports vlans to play with but it's only 100 mb and that is too much of a performance impact.
so I can just:
Your switches *SHOULD* be 802.1q capable, but in reality it doesn't matter when it comes to getting traffic through the device. If you have two tag aware servers connected to it, they can talk on a tagged interfaces as much as they can on an untagged one.
I'm not clear what this conflict is though, what's not making sense?
OK, so if a DHCP request is broadcast without a tag when it hits the DHCP server from wifi, but is tagged if it came from a wired client on its eth0.2 interface, for example, then they would need to be received on the server by different interfaces, logical or physical. You're clearly getting a bit mucky in terms of proper design and happy accidents / hacks here. I have looked to do slightly similar things, and found that whilst the machine could receive easily enough on eth0 and eth0.2, however as they will have come to the same MAC address on the NIC, it can't intelligently know how to send a response back, probably always sending it out on eth0 only. You *MIGHT* have success if you were to add a physical NIC, and then bridge the eth0.2 to eth1 (eg) and put your 2 subnet address on the resulting br0 interface. Leaves a pretty bad taste though.