[c-nsp] Question - VLAN tagging Catalyst 6500 to Linux Host

Security Team cisco at peakpeak.com
Mon Apr 5 12:10:13 EDT 2010 

I haven't ever tried to make this work before so this is a new application.

I want to use VLAN tagging so that I can create VLANs with numbers like 999,
1000, 1001 and send those VLANs (in different non-overlapping subnets) all
to a Linux machine over a bonded LACP link.

Here's a config snippet I am constructing, do any of you gurus see any
problems with this general approach?

I create 3 GigE interfaces wrapped into a single bonded interface
Port-channel32--LACP group id 32 (I'll call it bond0 on the Linux host).

My VLAN tagged subnets will be

VLAN 999    192.168.101.0/24
VLAN 1000   192.168.102.0/24
VLAN 1001   192.168.103.0/24

And the Linux Host will be at 10.1.1.2/24 in VLAN 309

Thanks for anyt criticism of my approach, tagged VLANs are new to me I've
always just done routed L3 ones.

I know that the LACP bonding works to the Linux bond0 interface, I think the
weak part here is the VLAN tagging I am using in the Catalyst.

Regards,
CJ


interface Vlan309
 description Linux Host
 ip address 10.1.1.1 255.255.255.0
!
interface Port-channel32
 desc LACP bonded 3 GigE interfaces
 switchport
 switchport access vlan 309
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 309,999,1000,1001
!
interface GigabitEthernet4/30
 description GigE 1
 load-interval 30
 speed 1000
 duplex full
 switchport
 switchport access vlan 309
 switchport trunk allowed vlan 309,999,1000,1001
 channel-group 32 mode active
 channel-protocol lacp
!
interface GigabitEthernet4/32
 description GigE 2
 load-interval 30
 speed 1000
 duplex full
 switchport
 switchport access vlan 309
 switchport trunk allowed vlan 309,999,1000,1001
 channel-group 32 mode active
 channel-protocol lacp
!
interface GigabitEthernet5/32
 description GigE 3
 load-interval 30
 speed 1000
 duplex full
 switchport
 switchport access vlan 309
 switchport trunk allowed vlan 309,999,1000,1001
 channel-group 32 mode active
 channel-protocol lacp
!
interface Vlan999
 description tagged vlan
 ip address 192.168.101.1 255.255.255.0
!
interface Vlan1000
 description tagged vlan
 ip address 192.168.102.1 255.255.255.0
!
interface Vlan1001
 description tagged vlan
 ip address 192.168.103.1 255.255.255.0

More information about the cisco-nsp mailing list