On Wednesday, 07/06/2005 at 12:56 EST, Alan Schilla <[EMAIL PROTECTED]> wrote: > No I think I have the terminology correct. I run multiple virtual VLANs > accessed via redundant zVM VSWITCHs connected to redundant Cisco 3550 trunk > ports using HSRP. Each host within a VLAN has its own VLAN interface associated > via eth0 with the VSWITCH virtual devices and the Cisco 3550 contains multiple > vlan interfaces for default gateways. This allows me to separate production, > test, development, whatever servers and services into their own broadcast > domains. At least that works with SLES8. I have had some trouble cloning SLES9 > from a guest lan master. I hope to get back to working with the SLES9 and I > thought I would get the list thoughts.
Your terminology *is* a bit ambiguous. IEEE VLAN technology works on both Guest LANs and Virtual Switches. It sounds as if you are converting from a Guest LAN to a VSWITCH. On the VSWITCH you also want to bring multiple VLANs on board using a single physical interface (I won't talk about using VLANs on a Guest LAN - it's not interesting and there isn't any enforcement mechanism.) Most hosts on a VLAN are not aware that they are on a VLAN and their configurations do not include any notion of VLANs. These kinds of hosts connect to ACCESS ports on the switch. The rare host on a VLAN that *is* aware of the VLAN is acting as a VLAN router (just like the router inside the switch) or wants to provide services to multiple VLANs using a single physical interface. These kinds of hosts connect to TRUNK ports on the switch and their IP configurations include VLAN ID specifications. (BTW, this is also how switches talk to one another.) Where possible, let the physical switch do all the routing. If you need access to a single VLAN, then the VSWITCH can be "VLAN-unaware" and MUST be plugged into an ACCESS port on the switch. No VLAN specification is used; allow DEFINE VSWITCH to use its defaults - don't specify the VLAN keyword. All guests that connect to such a VSWITCH are also VLAN-unaware and all are in the same LAN segment. The VSWITCH acts as a "hub" and does not enforce any VLAN associations. If you need access to multiple VLANs, then the VSWITCH must operate "VLAN-aware" and MUST be plugged into a TRUNK port on the switch. The VSWITCH becomes VLAN-aware when it is configured with a default VLAN ID (Alan's suggestion: VLAN 1). In this mode, guests can either remain VLAN-unaware on virtual access ports, or be VLAN-aware using virtual trunk ports and an IP configuration that includes VLAN ID specifications. CP will enforce the VLAN authorizations. When converting from Guest LAN to VSWITCH, the suggested configuration is to leave the guests VLAN-unaware and simply make the router's IP address in the switch the same as the IP address of your [former] virtual router. No fuss, no muss. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
