We’ve been thinking through re-arranging our network and VLAN configuration. Here’s the situation. We already have our servers, VoIP phones, and printers on their own VLANs, but our problem lies with end user devices. There are just too many to lump on the same VLAN without being hammered with broadcasts! Our current segmentation strategy has them split into VLANs like this: Student iPads Staff iPads Student Macbooks Staff Macbooks Gaming devices Staff (Other) Student (Other) [...]

We’ve been thinking through re-arranging the end-user network and VLAN configuration. We’re currently doing things in a way that isn’t quite typical, but given that it is working, we’re hesitant to try things a different way. Our primary goal is limiting broadcast traffic, so we need to separate them into VLANs based on something. If we wanted to, we could probably do it based on the last character of the device’s MAC address… or the [...]

I’m not a network wizard, but I know my way around a TCP stack and have employed the help of Wireshark and tcpdump quite a few times. Now my company has been tasked to grant somebody else access to several machines in our DMZ via VPN. For the optimal protection of our infrastructure, I had the idea to allow access only to the required machines and not the whole network segment. For that, we could [...]

A company I work for has a number of virtual servers with ElasticHosts. They are setup in such a way that eth1 is on a private VLAN connecting them to each other. This is so backups sent between servers are not charged at the same rate as external data transfer. My understanding of how VLANs and network interfaces work is sketchy at best. How can I make ssh, rsync, etc. transfer data through the VLAN? [...]

I’m trying to configure a host in a way that the traffic is routed either via eth0 or vlan123@eth0, depending on the source address used. Both interfaces have access to the whole network and both have some ip assigned. For example: eth0 has 1.2.3.1/24 and vlan123 has 4.5.6.1/24. The default gateway is set via eth0. How can I make sure that if: packet comes in to 1.2.3.1 (will arrive untagged), the response will be sent [...]

I run a school network with switches in different departments. All is routed through to a central switch to access the servers. I would like to install WiFi access points in the different departments and have this routed through the firewall (an Untangle box that can captive-portal the traffic, to provide authentication) before it gets onto the LAN or to the Internet. I know that the ports that the APs connect to on the relevant [...]

Is bandwidth management over different VLANs possible with a switch that was manufactured by Cisco? If so how can i configure my switch to do so? In every document about VLANs say “VLAN is for better bandwidth management.” Is this because something else besides bandwidth management? Yes, quite possible, though something of a learning-curve. Basically you’ll be using the police and/or bandwidth commands, without knowing a lot more I can’t help you with the specific [...]

When creating Inter-VLAN Routing environments via Router-on-a-Stick method, why do we have to encapsulate sub-interfaces with dot1q vlan-number? What does that dot1q do and why do we have to type the same number as VLAN number? In order to have a router actually route anything, it should be connected to at least two network interfaces; so, without VLAN trunking, you would need a router with at least two Ethernet ports, connected to two switch ports [...]

Under Debian I need to bridge a vlan eth0.1 and tap tap0. Usually, when bridging a normal ethernet adapter with a tap I would include something along the lines of this in /etc/network/interfaces: auto br0 iface br0 inet static pre-up /usr/sbin/openvpn –mktun –dev tap0 pre-up /usr/sbin/brctl addbr br0 address 10.0.0.254 network 10.0.0.0 netmask 255.255.255.0 post-up /sbin/ip link set tap0 up post-up /usr/sbin/brctl addif br0 tap0 post-up /sbin/ip link set eth0 up post-up /usr/sbin/brctl addif br0 [...]