|
|
Is your SH4 VLAN capable..? If not I guess you'll need "something else" to route between the VLAN's (if you have need for an inter-VLAN traffic) and/or the ISP link.
It's years since I did it, but I never had any trouble running VLAN's over LA's. From memory the way one enacts it varies amongst vendors: Either one creates the LA from the physical links and gets a kind of "virtual" interface (swicth port) each end, then bind the VLAN's to such "virtual" LA endpoints, or one does it "the other way around" and binds the VLAN's to the physical ports ("trunk" ports) of the soon-to-be LA, then bind the physical interfaces into the LA. IIRC some kit essentially "ignores" the "secondary" ports when you bind up an LA and clones the VLAN participation (and trunk/hybrid/simple) state from the "first" port in the group however that may be defined. I guess some RTM is required.
On my trunked (VLAN carrying) links, LA or not, I prefer not to have any "untagged" traffic so all traffic across the trunk bears a VLAN tag, but I know some kit insists on there being an untagged VLAN bound to a trunk (such as PVID.) I used to create a "dummy" VLAN (a "black hole") VLAN for the untagged traffic so in effect it all got dropped and I only had to onward direct tagged traffic. Thusly I can always be 100% certain I never got any traffic on the "wrong" VLAN: at the ingress on any trunked port into any switch (or router) - if traffic is tagged, I know where it came from, if it's untagged, I shouldn't be receiving it in the first place so I just drop it.
I've never had my hands on one, but I rather like the concept in a lot of modern (enterprise) routers that they can support VLAN's so one no longer needs a separate physical interface for each VLAN one wants to route between. One just creates a whacking great trunked LA with sufficient physical links to avail redundancy and capacity, then in the "software" of the router, break out the physical link into multiple "virtual" interfaces, one for each subnet, then route/firewall/ACL etc between the vitrual interfaces (subnets) as one did traditionally.
I used to do something similar in a laptop for testing/diagnostics - a lot of OS's and endstation NIC's are now VLAN aware/capable. So my (Windows) laptop would have a load of virtual NIC's bound to the physical NIC - one for each subnet I might be interested in, (without any routing between them,) using static IP addresses so I don't have to "worry" about DHCP complicating things, then I used to create a "test/diagnostic" port on my switch carrying all the VLAN's I might be interested in. Whence fiddling with things or problem solving, I connect up my lappy to this "diagnostic" port, thence open up loads of CMD windows and continuous ping things on each subnet so I can keep an eye on it and make sure I've not killed the network whilst I'm fiddling with the plumbing (physical or config) elsewhere. Perhaps you might find that a useful tool. |
|
Author: Scott28
2-12-2019 04:36:12