My plan is to have separate VSWITCHes for each type of network (trusted, private and public). All three will be defined on the first level system. Each VSWITCH will have their own TCPIP stack. The applications (webservers) have the TCPIP stack to be used in their configuration files...
The guest systems will also have 3 tcpip stacks. The applications within those guests will utilize the TCPIP stack that is appropriate. Each guest system will have the following for each network type. NICDEF aaa TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx1 NICDEF bbb TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx2 NICDEF ccc TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx3 Your statement "Do not casually connect a single guest to multiple VLANs." means this should not be done? Presently I am testing the isolation of the 3 VSWITCHES on my production system using trusted IP addresses. That test will also be done on each of the guest systems. Once the isolation tests are completed, the network will be reconfigured to permit the 3 types of networks traffic to the mainframe. Presently my definition for the VSWITCH is: 'CP DEFINE VSWITCH xxxxx01 ', 'RDEV 503 603 ', 'CONNECT ', 'QUEUESTORAGE 8M ', 'CONTROLLER xxxxxx11 ', 'IP ', 'IPTIMEOUT 5 ', 'NONROUTER ', 'VLAN UNAWARE ', 'PORTNAME OSAxxx1 OSAxxx2' Once the network group changes the network topology, the definition for the VSWITCH will need to change to "VLAN AWARE"? Are there other defintions that will need to be changed? Thank you. Cecelia Dusha -----Original Message----- From: Alan Altmark [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:13 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: OSA configurations On Wednesday, 12/06/2006 at 05:41 GMT, "Dusha, Cecelia Ms. WHS/ITMD" <[EMAIL PROTECTED]> wrote: > How do I set up a port as a trunk port? Reference materials are > greatly appreciated. Physical port setup is handled by your network people. "Do not try this at home." A few things to remember: - Every VLAN represents a unique subnet - Routing between the subnets is controlled by your external switch/router. - Do not casually connect a single guest to multiple VLANs. This is where you can easily introduce security problems. - If you use the VSWITCH, you don't have to configure each guest to be VLAN-aware. CP will hide it. When you authorize a guest to a VSWITCH, you can set his VLAN ID. This is just like access ("regular") ports on the physical switch. They are typically assigned to a VLAN - you just don't know it and don't care, a.k.a. "the miracle in step 2". Alan Altmark z/VM Development IBM Endicott