ASL can do tagged VLANs on a Ethernet interface. That should allow you to run up to 16 subnets out of the ASL box through one NIC. You will need ASL v5 to do this, since the Ethernet interface license limitation in ASL v4 also applies to VLANs.
The catch is, that you can not use the NIC for ordinary, baseband Ethernet at the same time. If you run tagged VLANs on it, that is all you can use it for.
The second catch is, that to distribute the tagged VLANs back into individual baseband Ethernets, you need an intelligent, managable switch connected to the ASL box, such as a Cisco 1900 (10BaseT), Cisco 2900 (100BaseTX), 3Com SSII 1100 (10BaseT) or 3Com SSII 3300 (100BaseTX). There are others that will do the trick, but those four models are the most common ones in the 2nd hand market. If you use eBay, the 3Com units are generally the cheapest ones to get your hands on. They also have a very nice built in web server, which makes configuring the VLANs a breeze.
....you could just add an additional IP address to a standard ethernet interface,which will give it the ability to talk to several different subnets, and not have to worry about the complexity of VLANS.
I'm not sure why you want to add two different subnets to one interface, but it is usually better from a secirty and performance viewpoint to seperate subnets with a router, and only have one subnet per interface.
....you could just add an additional IP address to a standard ethernet interface,which will give it the ability to talk to several different subnets, and not have to worry about the complexity of VLANS.
I'm not sure why you want to add two different subnets to one interface, but it is usually better from a secirty and performance viewpoint to seperate subnets with a router, and only have one subnet per interface.
[ QUOTE ] ....you could just add an additional IP address to a standard ethernet interface,which will give it the ability to talk to several different subnets, and not have to worry about the complexity of VLANS.
[/ QUOTE ] If you have multiple addresses bound to the same Interface, and these addresses are not in the same subnet range, then you are violating the TCPIP specs. I would recommend that you do not do that. On any given baseband Ethernet segment, there should be a single net number, and a single broadcast address.
The only way you can trunk multiple subnet over one Ethernet interface and one patch cord, other than by running them inside VPN tunnels, is to run tagged VLANs on the connection. ASL has been designed to do this. It is an industry standardi methodology, known as the 802.1Q standard. A used 24-port 3Com 3300 switch, which can handle the other end of the tagged VLAN connection, is around $100 on eBay these days. An implementation is therefore not particularly expensive. It ends up being cheaper than buying four quad port Ethernet cards for the ASL box.
Logically, ASL is capable of routing between a large number of subnets. However, it is very difficult to install, say, 10 to 15 NICs in the type of PCs that are usually used to run ASL. By using VLANs, you can easily bring out that many separate routed subnets from an ASL box. This is primarily usefull for low traffic subnets, since they all share the bandwidth limitation of the single physical Ethernet connection that they are running on.
Having multiple IPs bound to 1 physical interface does not break standards, even on different subnets . You can test this on your Win2k, WinXP, Linux box..along with Cisco routers and a multitude of other devices. Also, I have tested this on 4.022 and ASL has no problems with creating the alias, the MASQ rule, or the PF rules to allow full flow of traffic from the aliased netblock.
I assume that it can have two broadcast addresses, and if it breaks so many standards, why does linux, windows and many others allow you to do it easily?
That aside, its not a very elegant solution, which was why i questioned in the first place. Its true that a VLAN is a better solution, but thats not what he originally asked for, and there might be factors that we don't know about that prevent VLANS being used [:)]
[/ QUOTE ]When you use the TCPIP protocol, every local broadcast domain has a network number. That network number can be calculated by doing a logical AND between a local IP address and the netmask. As an example, if your PC has the IP address 192.168.10.123, with the netmask 255.255.255.0, then the number of the network segment is 192.168.10.0
[ QUOTE ] Having multiple IPs bound to 1 physical interface does not break standards, even on different subnets . You can test this on your Win2k, WinXP, Linux box..along with Cisco routers and a multitude of other devices. Also, I have tested this on 4.022 and ASL has no problems with creating the alias, the MASQ rule, or the PF rules to allow full flow of traffic from the aliased netblock.
[/ QUOTE ]Just because it is possible to misconfigure equipment by binding two completely unrelated IP addresses to the same interface, that does not prove anything. My car will let me drive on the wrong side of the road. That does not prove anything either.
The basic configuration standard for TCPIP networks is that any given network segment (broadcast domain), has a single network number and a single broadcast address. To comply with this, you need to do the following:
1. The netmask must be the same on all systems connected to the segment.
2. The network number (the bits that remain when you do a logical AND between the assigned address and the netmask) must be the same for all systems connected to the segment.
It is real easy to break these two simple rules, since the equipment will let you. It does not do a validity check on the numbers you enter. It is up to the human administrator to make sure that IP address asignments are technically sound, and not configured on a "meatball engineering" basis, simply because it was possible.
