Can someone direct me to HOWTO information for virtual LAN (VLAN) configuration? I know that features and commands depend on the network parts deployed, but I'm trying to learn the concepts to make sure that what I want to do is reasonable. Also, I don't want to make stupid hardware choices.

I have a tree of CAT-6 as my home office LAN:

{4port residential gateway} ==Z== {8port managed switch #1},{hosts}

{8port managed switch #1} ==Z== {8port managed switch #2},{#3}

{8port managed switch #2},{#3} ==Z== {CAT-6 runs}

{CAT-6 runs} ==Z== {8port managed switch #4}...{#N} ==Z== {hosts}

I'm trying to create three separated VLANs from the gateway to the host nodes. Eventually I want some specific traffic on one VLAN and everything else on the other. The third is "the real office" so I want it to have its own, mostly isolated, path.

I know that I can create VLANs by port using my managed switches.
My switches also do "packet sniffing."

• Does this mean that they can learn which protocols are running and send specific traffic through a specific VLAN?
• How do I discover which protocols are used for the traffic I'm interested in controlling (steering)?

I really don't want a degree in network black magic, white magic, or other serious tinker-until-done knowledge.

I believe that my gateway has some VLAN features, but I'm still researching over there. (Digging into here is phase-II.)

Thanks in advance,
~~~ 0;-Dan

A virtual lan is best seen as a series of network tunnels which have to be programmed into devices. It has no real place in a home as most of us know it. Without knowing what equipment you want to use, there's little more anyone can say. But my advice would be not to bother.

1 members found this post helpful.

According to AT&T® U-Verse™ support, they want to run their video parts on separate wires from the rest of the data network. On investigation, the "separate wire" requirement is a throw-away line. It seems that there are broadcast and multi-cast packet storms that are frequent between their gateway and their set boxes. "Separate wire" lets them avoid the technical details to let video play nicely with other data resources. I thought that virtual lan deployment would let me avoid pulling more CAT-6 so that AT&T can be lazy.

I think that I know how to configure port-to-port VLAN through my switches.

{AT&T gateway} ==Z== {VLAN1 port} ... {VLAN1 port} ==Z== {AT&T box}

{AT&T gateway} ==Z== {VLAN2 port} ... {VLAN2 port} ==Z== {data box}

However, port-to-port does not seem to isolate the packet storms.

I have a small business as a technical writer in my home. I operate a LAN with medium complexity -- a couple of linux-based servers, linux-based workstations and linux-based laptops. Since it is my home, the LAN also services win-dose and Mac™ workstations and laptops as well as various Android™ and iOS™ tablets and handsets.

My gateway is AT&T's Motorola® NVG589 connected to Netgear® GS108T Managed switches. The topology is a tree -- {gateway}, {switch}, {switch}+{switch}, {switch} ... {switch}.

Thanks in advance,
~~~ 0;-Dan

Opps, Weird linked posts.



If everything is good quality. A vlan can do a lot for some types of systems. It helps limit broadcast packets. It reduces arp and other types of chatter. It can help speed up backplane issues since higher end switches can allocate resources to that function independently of the other switch ports. If any of the devices are not up to par then it could all be useless.

Think of a vlan as a set of switches and wires. If you have one real switch and you make three vlans then you have for most uses three switches. To get from vlan to vlan you may or may not have ways to connect out of them. It's usually user config. Vlans could be private within a home or business much like a vpn. Generally you set the ability to exit the vlan within the switch/modem/router. One can also exit via a computer for that vlan segment.

1 members found this post helpful.

Opps, Weird linked posts.



If everything is good quality. A vlan can do a lot for some types of systems. It helps limit broadcast packets. It reduces arp and other types of chatter. It can help speed up backplane issues since higher end switches can allocate resources to that function independently of the other switch ports. If any of the devices are not up to par then it could all be useless.

Think of a vlan as a set of switches and wires. If you have one real switch and you make three vlans then you have for most uses three switches. To get from vlan to vlan you may or may not have ways to connect out of them. It's usually user config. Vlans could be private within a home or business much like a vpn. Generally you set the ability to exit the vlan within the switch/modem/router. One can also exit via a computer for that vlan segment.

1 members found this post helpful.

It can be switch config, firewall config, or router config. But I don't let my users do that on their own!

And we used to call a VLAN an collision domain or broadcast domain. Its just a way of carving up one switch into many LANs.

1 members found this post helpful.

If your switches have a decent interface, you can do it. There's even videos on youtube telling you how to do it with Cisco equipment, which has unix-like cisco OS and command lines. The guys I was at College with would google down all the network exercises we were given, and come out with "A" marks despite not having been in class :-((. Lecturers are making their own for next year

1 members found this post helpful.

It appears that there are at least two layers of configuration:

1. create the VLAN -- looks like its a name for reference purposes
2. define filters that direct specific traffic to appropriate connections

My Netgear GS108T switches can filter on several different aspects of the traffic. I don't find a way to use service names but need magic numbers. I'm struggling with finding which magic numbers that I really care about.

• Can someone direct me to good things to read so that I can learn more?
• Can someone tell me which linux-based tool(s) will let me watch the traffic on the wire and get some idea about what my traffic is?

I would prefer readings that are not vendor specific, but I'll read whatever you recommend.

I would prefer tool(s) that someone with novice network knowledge can deploy.
This implies that they need reasonable docs and user interface.

I'm usually able to dig through the details but I'm confused by what I read about VLAN configuration. The main trouble lies with what I call, "you just gotta know" syndrome. Specifically, if you know what you are doing, the docs and howto make sense. Otherwise, one can't see the trees for all of the dusty details, much less have any view of the forest.

Whatever I learn, I will post back here and elsewhere so that others will benefit from whatever help you give to me.

Lots of effort. Not much progress ... yet.
~~~ 8d;-/ Dan

Try this.https://www.candelatech.com/~greear/vlan.html 'Configure' is always a good word to find in a search engine.

I would put a real router - some linux box, not the silly things they hang onto modems. I would put 2 or even three nics in it, and have one for the internet connection, and preferably one for the 2 vlans that AT & T require. If they both are to go down the same wire, you only need two nics.

Take an A3 page, and draw everything for yourself, leaving room for numbers and IPs, and in the words of Jon Luc Picard "Make it so!"

1 members found this post helpful.

I tend to use wireshark. Some switches and other devices may also show various types of data. Some linux gui apps may show local lan data. Remember that switches won't send full data to all clients. That is their job.

If you don't get any good web help, might go to cisco pages. While it is for a switch or router the facts are all the same for the most part. Even many of the terms.

1 members found this post helpful.

I followed the link and found a short page. There were links on that page, but many of them were broken for me. Specifically, I could not get beyond the original page. When I would flyover these other links, I could see other places listed on the status bar. However, I could never navigate to those places.

I'll keep playing to see if I can sort out what's going on.
~~~ 0;-Dan

Sorry iof it wasn't good. It looked tjhe part, but apparently those functions are all in the kernel now. Have you grepped the kernel /Documentation/networking area for vlan? Several helpful files there.

1 members found this post helpful.

After discussion, here, and much reading, I have the following plan of attack.
Regardless of my long term results, I'm certain to learn something.

Proposal #1

1. Connect my gateway to a switch.
2. Connect one set box to the same switch.
3. Connect a linux laptop to the same switch.
4. Run 'wireshark' on the laptop to observe the traffic and identify the video aspects of the packets.
5. Configure one VLAN to "tag" and "filter" the video traffic
6. Configure one VLAN to "tag" and "filter" everything else
7. Connect parts to each VLAN as appropriate
8. Run 'wireshark' and monitor the results
9. tinker as required

Proposal #2

1. Connect another switch upstream of the original switch
2. Configure the same two VLAN segments
3. Connect parts to the VLANs as appropriate
4. Run 'wireshark' and monitor the results
5. tinker as required

Just FYI, there's a field in the IP header for TOS (type of service) and in some equipment you can write firewall rules based on TOS

1 members found this post helpful.

Does anyone know if AT&T U-Verse and similar tag their IPTV data with a unique type of service?

~~~ 0;-Dan

I would definitely expect them to.

Video & audio get priority over things like email. A 10 seconds lag in delivery of an email is nothing, but it leaves you hanging on audio/video.

1 members found this post helpful.