turnbulld
asked on
Fundamental VLAN question
If I choose to implement multiple VLANs on a switch connected to a stack of Linux server (RHEL or SLES), do I need to configure VLAN interfaces on each server as well or do I only need to configure the VLANs on the switch?
For example, suppose I have a stack (call it 10) of Linux servers connected by two interfaces each to the same 48-port Gigabit switch. The first NIC on each server belongs to 192.168.10.0/24 and the second to 192.168.20.0/24. Traffic is not to be routed between these networks; both are connected primarily to provide higher overall station -to-station bandwidth. We can't use trunking since the stack may need the full bandwidth of both NICs between two individual nodes rather than between a server and many clients.
Up to this point, I would just connect the cables to the switch and rely on the switch to properly handle the presence of both networks. They do this quite well (Catalyst 4948's, Dell 5448's, SMC 8848's, and so forth) without setting up VLAN tagging. However, I have a minority of partners who are convinced that we require VLAN tagging to make this work properly. Despite having a couple hundred configurations in the field proving otherwise, I've agreed to look into the consequences of configuring the VLANs.
SO, if I do the following:
-setup VLAN 10 and VLAN 20 on the switch
-assign the access mode for the switch ports connected to NICs on the 192.168.10.0/24 network to VLAN 10
-assign the access mode for the switch ports connected to NICs on the 192.168.20.0/24 network to VLAN 20
Do I have to establish the vlan interface aliases with vconfig or ifconfig as well or is configuring the switch enough? If I don't configure the vlan interfaces in the OS, how is the VLAN tag added to the packets?
Thanks!
For example, suppose I have a stack (call it 10) of Linux servers connected by two interfaces each to the same 48-port Gigabit switch. The first NIC on each server belongs to 192.168.10.0/24 and the second to 192.168.20.0/24. Traffic is not to be routed between these networks; both are connected primarily to provide higher overall station -to-station bandwidth. We can't use trunking since the stack may need the full bandwidth of both NICs between two individual nodes rather than between a server and many clients.
Up to this point, I would just connect the cables to the switch and rely on the switch to properly handle the presence of both networks. They do this quite well (Catalyst 4948's, Dell 5448's, SMC 8848's, and so forth) without setting up VLAN tagging. However, I have a minority of partners who are convinced that we require VLAN tagging to make this work properly. Despite having a couple hundred configurations in the field proving otherwise, I've agreed to look into the consequences of configuring the VLANs.
SO, if I do the following:
-setup VLAN 10 and VLAN 20 on the switch
-assign the access mode for the switch ports connected to NICs on the 192.168.10.0/24 network to VLAN 10
-assign the access mode for the switch ports connected to NICs on the 192.168.20.0/24 network to VLAN 20
Do I have to establish the vlan interface aliases with vconfig or ifconfig as well or is configuring the switch enough? If I don't configure the vlan interfaces in the OS, how is the VLAN tag added to the packets?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are correct in that if you do not want a servers traffic to go outside of its subnet then you do not need to specify the gateway.
You can setup vlans on the switch for the two different networks which is just going isolate them, but then again if you are not applying a gateway on the servers now it would seem they would be isolated to their own subnet anyway.
You can setup vlans on the switch for the two different networks which is just going isolate them, but then again if you are not applying a gateway on the servers now it would seem they would be isolated to their own subnet anyway.
ASKER
They would indeed. Now, if only we could convince everyone else involved that this is true I could avoid fiddling with this altogether :) Thanks!
ASKER
Thanks again!
ASKER
If I don't want a gateway, meaning I don't want traffic from any of these servers to be able to travel outside of the subnets to which they are connected, do I need to establish a gateway for each VLAN?
In other words, traffic from each of my 10 servers should be able to talk to any server on the 192.168.10.0/24 and the 192.168.20.0/24 nets but not on any others. I have an 11th server that has a NIC on each of these networks and also a NIC on the corporate LAN that users access for connecting to the services that ultimately come from the 10 servers underneath. The 10 servers are a clustered stack of database servers that have a common interface installed on the 11th.
As a result, I generally do not define a default gateway on the 10 servers and they do not have the ability to talk outside of the networks directly cabled to them.
Or am I misunderstanding the term gateway in this context?