Subject: Re: Vlans
It might help to know that a packet "on the wire" with a VLAN tag has a special ethertype (0x8100) so it isn't going to be recognizable as any other type of traffic. You also need to know whether your Cisco switch ports are configured as "trunk" or "untagged". If your switch is VLAN-aware, as nearly all Cisco switches are, then a trunk port can handle all of your VLANs on the same wire.
To route *between* VLANs, either directly or with some functions added (like a firewall or NAT), your layer 3 routing device must have interfaces on all VLANs. There are two ways to do this:
1. The old way, which no one does anymore, is to have separate connections from your switch to your router for every VLAN. The switch ports are "access ports" (one VLAN with no tag) and the router ports are not VLAN aware.
2. The preferred way, is for the switch and router ports to both be running in "trunk" mode. Then on your router you have "subinterfaces" which are VLAN aware. For example:
GigabitEthernet1.123 would be on physical port GigabitEthernet1 and operating on VLAN 123
GigabitEthernet1.567 would be on physical port GigabitEthernet1 and operating on VLAN 567
Then you might assign 192.168.0.1 to Gi1.123, and 184.108.40.206 to Gi1.567, and do your routing as usual. This is referred to as a "one arm" routing device because it speaks to both (all) networks on the same cable.
Subject: Re: Vlans
Thanks for the answer. I am not sure if this is the way I'm going to go, or just figure out a way to multi-home the box with dual NICs - but I want to get started in understanding the differences between either approach.
The hardware and experience required to get the VLAN set up seems like a lot for my goals. But, currently, I have more immediate fish to fry - on to the Linux room and more questions...
2021-04-14 09:20 from IGnatius T Foobar
There is such a thing as "lawful intercept". If the data center
operator receives a warrant for something on your server, they are
typically not permitted to tell the server owner that data or network
traffic is being extracted.
This is true regardless of whether your server is "managed" or simply
As to whether the employees of the data center would snoop on customer
servers just for fun -- that is a matter of whether you are using a
reputable hosting company. At my data centers it is grounds for
termination, and we *will* find out; all access is logged and the
cameras are always rolling. But if you're using a mom-and-pop hosting
company with a 1000sqft data center, then yes, you can expect them to
poke around when they're bored.
I don't know how much they are paying you, but it is not nearly enough. If I were looking for a datacenter in which to host my servers loaded with nuclear launch codes, I would be calling your firm already :)
Wow, that comment reminded me of this thing:
My ex-boss got me one for Christmas. He wanted me to use it when I air-traveled.
I love that they compare themselves to the cheap Chinesium knockoffs.
"When you're about to unleash total nuclear annihilations on the population, only trust the very best!"
2021-04-15 13:50 from IGnatius T Foobar
If you have nuclear launch codes, let's talk :)
I have warez, a bunch bunch of PHP applications running for small local businesses, chat and email, all of it running in a server from the late 2000s because I am poor. What do ya' think?
I have codes. They dont work anymore but i have codes :P
Tue Apr 20 2021 14:57:31 EDT from IGnatius T FoobarThanks but no ... what I really need is nuclear launch codes. There are some pests I need to wave away.