Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [vlan]

Group of hosts with a common set of requirements connected as if on the same broadcast domain despite physical location

VLAN, short for virtual local area network or virtual LAN, is where a group of hosts sharing the same set of requirements are connected to each other as if they were on the same broadcast domain regardless of their actual physical location.

See also

1259 questions
151
votes
2 answers

How do VLANs work?

What are VLANs? What problems do they solve? I'm helping a friend learn basic networking, as he's just become the sole sysadmin at a small company. I've been pointing him at various questions/answers on Serverfault relating to various networking…
Murali Suriar
  • 10,296
  • 8
  • 41
  • 62
82
votes
7 answers

OpenVPN vs. IPsec - Pros and cons, what to use?

Interestingly I have not found any good search results when searching for "OpenVPN vs IPsec". So here's my question: I need to set up a private LAN over an untrusted network. And as far as I know, both approaches seem to be valid. But I do not know…
jens
  • 1,001
  • 1
  • 10
  • 10
29
votes
3 answers

What happens when a consumer switch receives a VLAN-tagged Ethernet frame?

Suppose you connect a trunk port from a VLAN capable network switch to a (VLAN incapable) consumer-grade network switch via a direct cable. Now the former switch send the later switch a 802.1Q-tagged Ethernet frame. What should the later switch do?…
netvope
  • 2,123
  • 5
  • 25
  • 35
27
votes
4 answers

Why do people tell me not to use VLANs for security?

As per title, why do people tell me not to use VLANs for security purposes? I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links…
jtnire
  • 817
  • 2
  • 8
  • 16
26
votes
7 answers

How many VLANs are too few and too many?

We're currently running a netwok of 800+ PCs and 20+ servers, the network infrastucture is along the lines of Core Switch 10Gb-> Area Switch 2GB-> Local Switch 1GB-> Desktop. All running 3Com equipment(1). We have 3 Area switches for four areas (A,…
Tubs
  • 1,204
  • 3
  • 12
  • 19
22
votes
4 answers

Duplicate MAC address on the same LAN possible?

Let's say someone is on the same network as me and spoofs their MAC address to match mine: Is this possible? Can two or more clients with the same MAC address be on the same network at the same time and stay consistently connected? When this…
Aaron
  • 722
  • 2
  • 10
  • 19
17
votes
7 answers

Why does a VLAN have an IP address?

A dumb question for the majority, but I am interested to know "why does a VLAN have an IP address?" Is this address different from the default gateway? Or is this address, same as broadcast address for this VLAN? IP address 192.168.4.100…
RainDoctor
  • 4,422
  • 3
  • 23
  • 25
16
votes
3 answers

Phones on some switches cannot complete DHCP process

Background I have a Windows DHCP server (Server 2008 R2) handing out addresses for several scopes. One of those scopes is for some Mitel IP Phones. The phones are configured to use dhcp option 125 to get configuration information. When a phone…
Joel Coel
  • 12,932
  • 14
  • 62
  • 100
16
votes
1 answer

VLAN tags not shown in packet capture (Linux) via tcpdump

I am adding a tagged VLAN onto eth0: #ip link add link eth0 name eth0.20 type vlan id 20 This results in: #ip link 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 9c:c7:a6:95:65:1c brd…
Marki
  • 2,854
  • 3
  • 28
  • 45
16
votes
1 answer

Connect to multiple AP with one Wifi adapter under Linux/FreeBSD?

How can I connect to more than one Wifi access point simultaneously using a single wireless adapter? I'm currently using pfSense as my home router and I want it to connect to multiple APs wirelessly. Do you know if it's possible? Alternatively, how…
netvope
  • 2,123
  • 5
  • 25
  • 35
14
votes
4 answers

Best way to segment traffic, VLAN or subnet?

We have a medium-sized network of around 200 nodes and are currently in the process of replacing old daisy-chained switches with stack-able or chassis style switches. Right now, our network is broken up via subnets: production, management,…
thebird
  • 163
  • 1
  • 1
  • 5
14
votes
3 answers

How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually…
hobodave
  • 2,840
  • 2
  • 24
  • 34
13
votes
2 answers

Multiple VLANs, multiple subnets, single DHCP server?

At my job we are prepping to transition from multiple LANs connected over slow VPN connections to a single MAN connected over fiber, and I've got a few questions. First of all, we are planning on making each physical site its own VLAN, but we would…
EightQuarterBit
  • 243
  • 1
  • 2
  • 7
13
votes
3 answers

tcpdump: capture one of several vlans

I want tcpdump to capture VLAN 1000 or VLAN 501. man pcap-filter says: The vlan [vlan_id] expression may be used more than once, to filter on VLAN hierarchies. Each use of that expression increments the filter offsets by 4. When I do: tcpdump…
bstpierre
  • 431
  • 1
  • 3
  • 14
12
votes
2 answers

Encryption over gigabit carrier ethernet

My conclusion to this was to pipe VLAN trunks through EoIP tunnels and encapsulate those in hardware assisted IPSec. Two pairs of fairly inexpensive Mikrotik RB1100AHx2 routers proved capable of saturating a 1 Gbps connection while adding…
Roy
  • 4,376
  • 4
  • 36
  • 53
1
2 3
83 84