> You could do that but 802.3ad (aka multi-link trunking/link aggregation)
> would probably work better. You double up the available bandwidth but
> it would continue to work at reduced capacity if a link fails.
But thats only between one switch and the router. As in your diagram
below, I'd want at least two switches connected to the router; a
partial mesh network topology at the very least.
> do most of the work. Use iptables if you want funkier allow/deny
> firewalling functionality between VLANs. Logically it should look
> equivalent to a router box with a heap of ethernet ports although
> I've never built anything with more than 4.
Yes for full access, the ip routing is enough. But there will be
restrictions, one vlan will be public wireless, so only internet
access. There will be a couple voip vlans - they all need to reach
the phone system, but have no reason to reach each other. There will
be a dmz for webservers. Etc. Pretty easy with iptables.
> OTOH, if you wanted to do something like this for redundant physical
> paths, STP could be helpful:
>
> If the cable between the core and switch 2 were severed, there is still a
> separate physical path via switch 1. The link between sw1 and sw2 would
> activate if the direct link between cr and sw2 were severed.
>
> Any or all of the link could be multi-link trunks (in theory).
Exactly.
> OpenBSD has emulated most of the 802.Nx for many years, some of that
> documentation may help explain the concepts and get some of the right
> jargon to find the Linux analogue. Sorry I can be more help, I've
> never played with the bridging functions under Linux.
I've never liked the openbsd userspace, so I never use it.
Received on Tue Jun 3 17:46:42 2008
This archive was generated by hypermail 2.1.8 : Tue Jun 03 2008 - 17:46:44 CST