|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] XCP 1.1 Management VLAN
>The trick to have the management interface work on this setup is to have your >switch port configured with a native non-tagged vlan. A slight security issue, >just make sure you restrict your vm's to only the tagged interfaces. There's >even an example on the manual for this. Hope this helps. >-Javier Thanks I'll try this. I am curious about the security issue though. What is it? My management vlan, is the highest security domain in the network. It can reach any lower level security domain, but next to nothing can get INTO the management vlan if it didn't start there. If I make that VLAN untagged on the switch port that XCP is plugged into, and set the PVID (default vlan) to the same, then XCP can 'natively' be on that vlan. Then I can also send tagged vlans to that same interface, so I can have VMs using other vlans over the same interface. Is that right? Finally, if I want to make a "management" VM, couldn't I just tie it to the physical interface, instead of one of my VLANs, and then it would be on the management VLAN as well? Would this work? Is there a security risk involved? Thanks for your help Brett Westover _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |