I use LEAF Distro. The 802.1q VLAN package in that support multiple VLANs on the same MAC address.
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jeremie le-hen Sent: Saturday, March 01, 2003 9:06 PM To: [EMAIL PROTECTED] Subject: [Bridge] Bridging VLANs Hi, I currently have one rack with about 30 public addressed servers, which are on the same IP subnet in order to make routing configuration easier, therefore they are on the same Ethernet segment. The gateway also acts as a firewall, which protects servers from potential external attacks. But if only one of the servers is compromised, then attacking the other servers will be far more simple. Indeed, the attacker can use ARP cache poisoning and then use Man-In-The-Middle attacks. In order to avoid this situation, the idea is to make one DMZ for each server. We can simply use 30 differents LANs, but it's expensive and it wastes ressources, money, ... There is a simpler solution: use a manageable switch and set one VLAN for each server. The firewall will act as a bridge, being completly invisible, and filtering packets between servers. But my problem is that the switch I use (HP ProCurve 4000M) doesn't support to have the same MAC address on multiple VLAN, and unfortunatelly, that's what's happening while bridging between multiple VLANs. In my opinion, there is two solution: * first is to run some kind of Ethernet Address Translation, like NAT does for IP addresses, but without port multiplexing, * or find some switch which allows to have the same MAC address on multiple VLANs. Unfortunatelly, commercial datasheets don't talk about this kind of details. A third solution is to create a pseudo-VLAN, which uses ARP proxying, but I'd like to avoid it. So does anyone have an idea about this problem ? And do switches supporting the same MAC address on multiple VLAN exist ? Comments are of course welcome. Thanks. -- Jeremie aka T{ata,t}Z [EMAIL PROTECTED] _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
