PROXY Arp and VLAN

Hi,

sorry if this is the wrong place to ask my questions. But
maybe you've got 
a minute to read which problem I've got and direct me to a
better place or 
even help me to solve my problem.

There is a subnet consisting of a PC, a box with an ethernet
interface, 
some IP phones and a router to another subnet with some IP
phones and the 
counterpart of the box..
The PC has two ethernet ports eth0 and eth1.
The PC is mainly used for VoIP using Asterisk on eth0.
The box is connected to eth1and PROXY ARPed to eth0 because
the box does 
not have a subnet mask or default gateway address.
I'm using CentOS3 kernel version is 2.4.21-50EL
Things are working fine and stable.

Now I must virtually separate VoIP data and data from the
box using 2 
VLANs. All IP phones support VLAN, the box does not support
VLAN.

Surfing the internet gave me some idea that VLAN, iptables
and bridging 
could do the job, but I can't figure out how to configurate
it.

Thanks 

On 07/18/07 01:13, Klaus.Frankselex-comms.com wrote:
> sorry if this is the wrong place to ask my questions.
But maybe you've got 
> a minute to read which problem I've got and direct me
to a better place or 
> even help me to solve my problem.

I think this question would be better asked on the EBTables
mailing 
list, but I'll give it a go any way.

> There is a subnet consisting of a PC, a box with an
ethernet interface, 
> some IP phones and a router to another subnet with some
IP phones and the 
> counterpart of the box..
> The PC has two ethernet ports eth0 and eth1.
> The PC is mainly used for VoIP using Asterisk on eth0.
> The box is connected to eth1and PROXY ARPed to eth0
because the box does 
> not have a subnet mask or default gateway address.
> I'm using CentOS3 kernel version is 2.4.21-50EL
> Things are working fine and stable.

Except for Proxy ARP verses Bridging, I think this scenario
is ok.

> Now I must virtually separate VoIP data and data from
the box using 2 
> VLANs. All IP phones support VLAN, the box does not
support VLAN.

Use trunking and bridging.

> Surfing the internet gave me some idea that VLAN,
iptables and bridging 
> could do the job, but I can't figure out how to
configurate it.

Add support for bridging (802.1d) and VLANs / trunking
(802.1q) to your 
kernel.  Then set up corresponding VLAN interfaces on all
your ethernet 
interfaces.  Once you have your VLAN interfaces set up, you
will be 
bridging them together.

So what was:

eth0
eth1

becomes:

eth0.001
eth0.002
eth1.001
eth1.002

With two bridges

bri1
    eth0.001
    eth1.001
bri2
    eth0.002
    eth1.002

Do this on both ends and your systems will now bridge the
data from the 
two different VLANs (respectively) across the systems while
maintaining 
the separation of data.



Grant. . . .