|
Posted by Tomás Ó hÉilidhe on December 21, 2007, 3:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'm trying to read up on Virtual LAN's, and I keep coming across Virtual
Private Networks.
Are these the same thing?
As far as I understand, the purpose of a VLAN server is to provide an
outside host with a place on a LAN so it's as if the host in question is
actually sitting on the LAN's hub.
--
Tomás Ó hÉilidhe
|
 
| |
Posted by Albert Manfredi on December 21, 2007, 4:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I'm trying to read up on Virtual LAN's, and I keep coming across Virtual
> Private Networks.
>
> Are these the same thing?
>
> As far as I understand, the purpose of a VLAN server is to provide an
> outside host with a place on a LAN so it's as if the host in question is
> actually sitting on the LAN's hub.
No. VPNs are done sort of at layer 3, or actually just under layer 2,
where VLANs are done at layer 2.
The easiest way to differentiate them, although this is not 100
percent always the case, is to consider VPNs as being the product of
Multi-Protocol Label Switching (MPLS, RFC 2917) whereas VLANs result
from IEEE 802.1Q.
The effect is still to create differentiated pipes in a larger
network, but the scale is different.
Bert
|
|
Posted by Albert Manfredi on December 21, 2007, 4:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options >
> > I'm trying to read up on Virtual LAN's, and I keep coming across Virtual=
> > Private Networks.
>
> > Are these the same thing?
>
> No. VPNs are done sort of at layer 3, or actually just under layer 2,
> where VLANs are done at layer 2.
Sorry, I meant that the VPN is done just barely under Layer *3*, not
Layer 2. Typo.
The MPLS label is a device that allows routing without having to look
at IP addresses, once the path has been set up. It is a device that
evolved from ATM's VC concept, I believe, although you'll probably
find people who will dispute this vigorously.
Bert
|
|
Posted by Tomás Ó hÉilidhe on December 21, 2007, 4:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'm after setting up two completely separate LAN's in my house (let's
call them LAN1 and LAN2). Each LAN has exactly one router which provides
access to the internet (one has cable internet, the other has DSL).
I want to set up a VLAN server on LAN2 so that a machine on LAN1 can
log on to LAN2 over the internet and act as if it's actually sitting on
LAN2's ethernet cable, and therefore send frames such as ARP requests and
so forth.
I've gone into the router settings for the router on LAN2 and attempted
to set up a VLAN. First thing I haven't a clue about is whether to choose
"by-port" or "global" in the settings. I'm using the Netopia 2247NWG
wireless router that my ISP gave me.
On the LAN1 host I'm running Windows XP Pro SP2 and I've tired going
into "Network Connections" and "Connect to a VPN" but I haven't had any
look.
I still don't know the difference between a VPN and a VLAN so please
dumb down your explanation til I know what I'm talking about :)
--
Tomás Ó hÉilidhe
|
|
Posted by Albert Manfredi on December 21, 2007, 7:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> =A0 =A0 I'm after setting up two completely separate LAN's in my house (le=
t's
> call them LAN1 and LAN2). Each LAN has exactly one router which provides
> access to the internet (one has cable internet, the other has DSL).
>
> =A0 =A0 I want to set up a VLAN server on LAN2 so that a machine on LAN1 c=
an
> log on to LAN2 over the internet and act as if it's actually sitting on
> LAN2's ethernet cable, and therefore send frames such as ARP requests and
> so forth.
If you *want* the LAN1 and LAN2 hosts to have to use the Internet to
communicate with each other, then they would never be using ARP to
find each other directly. IEEE 802.1Q VLANs (or VPNs) do not change
this reality.
In principle, even if the two in-house LANs are made into two VLANs on
the same physical Ethernet, the same situation applies. To send
packets between the VLANs, you have to go through the router that
joins them. If the hosts in the two VLANs are on different IP subnets,
they don't ARP one another directly.
There are oddball ways of creating single IP subnets across different
routers, but I don't see that you'd have the option of using such odd
schemes. Because there's no way the different ISPs you are using would
support such tricks, I don't think.
A "possible" (not really) option would be to dual-home your in-house
network, assigning two IP addresses to each host. Then the hosts
themselves could decide how best to communicate with the each other.
But again, I doubt the two different ISPs you use would appreciate
such tricks. You'd have to know how to prevent you home net from
becoming a path between the two ISPs.
Here's a summary of VLANs vs VPNs.
VLANs
Consider a mesh of L2 switches, all interconnected together, with
routers to the Internet on the edges of this mesh. Think of a campus
network, for example. VLANs permit the hosts connected to interfaces
on many of these switches to be assigned to different IP subnets,
therefore often to different default routers. Maybe different
buildings want to belong to different IP subnets. Or maybe different
departments in each building want to belong to different IP subnets.
For example, the hosts connected to L2 switches 1,5,13, and 24 all
must belong to IP subnet 1. Hosts connected to L2 switches 2, 8, and
12 must belong to IP subnet 2. And so on. Or you can even
differentiate IP subnets between interfaces of a single L2 switch, by
assigning each L2 switch interface to a different VLAN.
VPNs
Consider a corporation with offices all over the country. These
offices are interconnected via the Internet. But you want traffic
within the corporation to remain separate from the greater Internet,
as if it were sent over dedicated, leased T3 telco links, for example.
MPLS allows Internet routers between the various corporate sites to
set up special "label-switched paths" to expedite traffic that remains
withing the corporation. And it allows that traffic to ONLY reach the
greater Internet by going through a specific subset of routers, so
that whatever filters, firewalls, etc. can be installed in these few,
well-known locations.
I just don't think either scheme can be used to do what you want,
given the fact that you are using two different ISPs.
Bert
|
| Similar Threads | Posted | | VLAN Help (for a Vlan newbie) | November 6, 2006, 12:09 pm |
| port-based vlan and tag-based vlan | October 21, 2008, 2:03 pm |
| port-based vlan and tag-based vlan | October 21, 2008, 2:03 pm |
| VLAN | December 13, 2005, 10:23 am |
| VLAN and VPN | January 17, 2007, 1:05 pm |
| VLAN | May 24, 2008, 2:08 am |
| mac vlan | September 29, 2008, 10:14 am |
| VLAN and Subnet | March 27, 2005, 1:31 pm |
| VLAN Configuration | October 20, 2005, 8:26 pm |
| Confused by VLAN... | January 31, 2006, 6:25 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map