|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Secure VLANs
On Wed, Jan 5, 2011 at 5:21 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote: > So in the context of Xen, given that a trunk port on the switch would > connect to Dom0, all I have to make sure is that the DomUs arn't connected > to a bridge in the Dom0 with a VLAN ID the same as the native VLAN ID of the > switch trunk port? On Linux, VLAN and bridge functionalities are separate things. regarding VLANs: you have your physical interface (eth0), and then add VLAN interfaces to it: vconfig add eth0 12 creates a new interface that you can see with ifconfig, probably called vlan12. traffic on this new interface will come out tagged via eth0, and (if the rest of the network is ok), will be able to communicate only with devices on VLAN 12. so, in your startup scripts you should add all the vlan interfaces you need, it will be just as if you had a lot of ethernet NICs regarding bridges: linux's sowftware bridges don't manage VLANs, it's not like physical bridges where you have one bridge and configure each port. so, what you do is create several bridges, one for each VLAN, and then add only one vlan interface to each bridge. for example, to prepare for VLAN 12: vconfig add eth0 12 brctl addbr br12 brctl addif br12 vlan12 now you have a bridge called br12 that is connected to your external VLAN 12 and nothing else. then just add the DomU's interface to this bridge if they need to connect to VLAN 12 -- Javier _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |