On Thursday, 03/12/2009 at 01:44 EDT, Le Grande Valerie <[email protected]> wrote:
> I had the Novell SUSE 10 starter system (NOVSTART) up and running using > a layer 3 VSWITCH and it worked. Our networking team wants us to run the > VSWITCH as layer 2 with VLAN aware Linux guests, so I am trying to test > that. > I have the VSWITCH set up as follows: > > DEFINE VSWITCH VSWITCH1 RDEV 07D4 0794 ETH VLAN 998 PORTT TRUNK NATIVE > 999 > MODIFY VSWITCH VSWITCH1 GRANT NOVSTART I'm not a fan of default authorizations. It's too easy to get into trouble. I suggest: - VLAN xxx, where xxx is a VLAN specifcally set aside for misconfigured ports. The VLAN goes nowhere. If you forget to put a VLAN specification on the GRANT, this guest is authorized for VLAN xxx only. If the physical port is not authorized for VLAN xxx, then the packets really go nowhere at all. - PORTTYPE ACCESS (or don't specify PORTTYPE at all) - NATIVE zzz, where zzz is the default port VLAN ID associated with the switch port. - and MODIFY VSWITCH ... GRANT NOVSTART PORTTYPE TRUNK VLAN 998 999 (since VLAN is specified on the GRANT, the guest is NOT authorized to use VLAN xxx). This make it easy to simply use GRANT to set the port type and authorized VLAN ids for each guest. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
