opz... thanks for clarification Alan, i will do it right on my new system :)
On Tue, Jan 25, 2011 at 3:16 PM, Alan Altmark <alan_altm...@us.ibm.com>wrote: > On Tuesday, 01/25/2011 at 11:15 EST, louis.gai...@its.ms.gov wrote: > > I am trying to create a vswitch with vlan capablitites I am using the > > osa-express implementatiion guide chapter 11 > > > > 1. I defined the switch ( define vswitch vsw3 rdev fa00 eth vlan 12 > portt > > trunk > > Welcome to z/VM. As a matter of Good Security Policy, I believe in > explicit authorization so as to avoid confusion and errors in the future. > > 1. Change VLAN 12 to VLAN 666 (or some > unused/unauthorized/not-valid-on-your-switch VLAN). Do NOT use the NATIVE > VLAN id for this value. > 2. Remove PORTTYPE TRUNK. PORTTYPE, like PORTNAME, is an Abomination, > never doing what anyone expects it to do. Never use either of those > options [I gesture in the manner of a Jedi Knight exerting influence on > your mind]. > 3. SET VSWITCH VSW3 GRANT <userid> VLAN 12 > 4. Do NOT configure the Linux guests to be VLAN-aware. That is, do not > use vconfig. > 5. If you have a guest that needs access to more than one VLAN on the > same VSWITCH, use SET VSWITCH VSW3 PORTTYPE TRUNK VLAN 12 13 14 and *do* > use vconfig. > 5. If a QUERY VSWITCH VSW3 ACCESS ever shows you a guest with VLAN 666, > you will know that you did not specify a "proper" VLAN id on the GRANT. A > very nice audit tool. > > Just so folks are aware, if I ever show up at your company to perform a > z/VM system management "health check", I will be looking at your VSWITCH > administration practices very closely. :-) > > Alan Altmark > > z/VM and Linux on System z Consultant > IBM System Lab Services and Training > ibm.com/systems/services/labservices > office: 607.429.3323 > alan_altm...@us.ibm.com > IBM Endicott >
