[VLAN] broadcasts go where?
Carlos Carvalho
carlos at fisica.ufpr.br
Fri May 19 18:03:26 PDT 2006
James Harper (james.harper at bendigoit.com.au) wrote on 20 May 2006 10:22:
>I assume you have done some policy routing stuff to make the routing
>work?
No, not necessary, just a simple list of routes.
>That should be a clue that what you have done is a bit of a hack.
Well, Ben, Peter and James are unanimous even in the wording :-)
I agree the cleanest way is to use separate IP networks but I'm using
about 65 vlans for now, and it may increase in the future. This means
I cannot do it without using invalid addresses so I preferred the other
way.
I'll have a look at bridging all vlans and using iptables/ebtables to
control traffic. It might be feasible if the number of rules doesn't
get too large.
As for explaining what I'm doing, I think you've all understood it but
maybe you don't believe it :-) It's really just the opposite of the usual:
instead of having each machine be able to talk to every other (this is
what the switch does), restrict communication to each machine <-> servers
only, plus some groups.
Thanks a lot for the good answers.
More information about the Vlan
mailing list