VLAN-silta
(TODO)
- brctl
- vconfig
- ebtables
aptitude install bridge-utils vlan ebtables
Esimerkki VLAN-siltauksesta
- VLAN 111 - LAN 192.168.0.0/24
- VLAN 222 - WLAN 192.168.1.0/24
- VLAN 333 - Pelkkä ADSL-modeemi kytkimessä
- VLAN 444 - Koneet, jotka pääsevät suoraan nettiin VLAN:in 333 kautta
Kytkinasetukset:
PVID = VLAN-tagi, jolla ko. portin liikenne merkitään.
Procurve #1
Port | Frame Type | PVID | Kommentti |
---|---|---|---|
1 | All | 111 | Jokin LAN-kone |
2 | All | 111 | Jokin LAN-kone |
3 | All | 111 | Jokin LAN-kone |
4 | All | 111 | Jokin LAN-kone |
5 | Tagged | None | Linux-reititin eth0 |
6 | Tagged | None | Linux-reititin eth1 |
7 | All | 333 | ADSL Modem |
8 | Tagged | None | Procurve #2 |
VLAN ID | VLAN Member port(s) |
---|---|
1 | None |
10 | 8 |
111 | 1,2,3,4,5,8 |
222 | 5,8 |
333 | 6,7 |
444 | 5,8 |
Procurve #2
Port | Frame Type | PVID | Kommentti |
---|---|---|---|
1 | Tagged | None | Procurve #1 |
2 | All | 222 | WLAN-reititin |
3 | All | 444 | Kone, mikä on suorassa nettiyhteydessä |
4 | All | 111 | Jokin LAN-kone |
5 | All | 111 | Jokin LAN-kone |
6 | All | 111 | Jokin LAN-kone |
7 | All | 111 | Jokin LAN-kone |
8 | All | 111 | Jokin LAN-kone |
VLAN ID | VLAN Member port(s) |
---|---|
1 | None |
10 | 1 |
111 | 1,4,5,6,7,8 |
222 | 1,2 |
333 | 1,3 |
Linux-reitittimen asetukset:
/etc/network/interfaces:
auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 allow-hotplug eth1 iface eth0 inet static iface eth1 inet static auto vlan111 auto vlan222 auto vlan333 auto vlan444 auto br0 auto br1 auto br2 # LAN iface vlan111 inet static vlan_raw_device eth0 # WLAN iface vlan222 inet static vlan_raw_device eth0 # ADSL Modem iface vlan333 inet static vlan_raw_device eth1 # Internet iface vlan444 inet static vlan_raw_device eth0 # LAN bridge iface br0 inet static address 192.168.0.1 netmask 255.255.255.0 bridge_ports eth0.111 bridge_stp on # Internet bridge iface br1 inet static address x.x.x.x netmask x.x.x.x gateway x.x.x.x bridge_ports eth1.333 eth0.444 bridge_stp on post-up iptables -t nat -A POSTROUTING -o br1 -j MASQUERADE pre-down iptables -t nat -D POSTROUTING -o br1 -j MASQUERADE # WLAN bridge iface br2 inet static address 192.168.1.1 netmask 255.255.255.0 bridge_ports eth0.222 bridge_stp on
/etc/sysctl.conf Lisää tai muokkaa rivi muotoon
net.ipv4.conf.default.forwarding=1