www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

VLAN tag tunnelling question?

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Thu Mar 12, 2009 5:08 am    Post subject: VLAN tag tunnelling question? Reply with quote
Hello all: I have a need to tunnel several VLAN's between 2 Zeroshell using 1.0Beta11.

I have a Lan-2-lan VPN up and I can access the remote location as a test. The following is the test environment:

LAN1 (10.1.0.0/24) ===(Zeroshell)<VPN00>(Zeroshell)===LAN2 (192.168.0.0/24).

the switch ports that the Zeroshell Internal interface is connected to is setup to send Vlan Tagg information (similar to Cisco Trunked interfaces). This is a HP procurve, so they don't use the Trunk terminology. HP just taggs VLAN # on each port that needs to see the 802.1q taggs.

I am needing to have the following VLAN Tags carried between each location. (essentially bridging each VLAN between the VPN00)
VLAN 10
VLAN 20
VLAN 30

My question is: I notice that every interface (including the VPN interface) gives the user the ability to create VLANs. Do I creat the VLANs on both my Internal Interfaces and the VPN00 interface?

Thanks in advance for any direction.

Regards,

Kou

ps.. this is my first weekend with Zeroshell.. and this is Awesome. Bravo! Fulvio!!
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
PostPosted: Thu Mar 12, 2009 10:24 am    Post subject: Reply with quote
(If my understanding is correct...)

The internal interface should have vlans 10,20,30 enabled definitely.
Now you should have 3 VPNs one for each VLAN that is enabled, you cannot pass dot1q information over vpn.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Thu Mar 12, 2009 3:48 pm    Post subject: Confused! Reply with quote
Base on this link: http://www.zeroshell.net/eng/faq/network/#net.faq8 I am interpreting that it does support VLAN tunneling?

Please correct me.

Kou
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 997
PostPosted: Thu Mar 12, 2009 4:40 pm    Post subject: Reply with quote
Yes, you can tag a VPN LAN-2-LAN with 802.1q VLAN trunking protocol. This methos is better that using 3 separated VPN (1 for each VLAN) because has less overhead.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Thu Mar 12, 2009 5:25 pm    Post subject: thanks Reply with quote
Will I also need to create the VLAN on the ETH00? I assume that it is needed to maintain the VLAN information from the Switch through the ETH00 and passing it to the VPN00 interface.

Thanks for the quick help.

Kou
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 997
PostPosted: Thu Mar 12, 2009 5:37 pm    Post subject: Reply with quote
If you create the bridge interface BRIDGE00(ETH00,VPN00) you just need to create the VLAN on BRIDGE00. The tags are automatically appended to ETH00 and VPN00.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group