Hi, Just to be clear... I think we are talking about different things... when defining a port at the switch level you can define 1 or more VLANs in trunk mode and 0-1 VLAN in access mode. I called the access mode VLAN as the native VLAN... z/OS was working in access mode (not VLAN 1) before z/VM came into the picture... when z/VM arrived new VLANs were added to the port in trunk mode... VSWITCHs are only working with VLAN tagging... no host is using VLAN 1 (as defined in all of our switches). Do you still think an accident waiting to happen? If so please elaborate some more...
Thanks! Offer Baruch -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Alan Altmark Sent: Wednesday, June 02, 2010 6:30 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: z/VM and z/OS sharing OSAs? On Wednesday, 06/02/2010 at 09:49 EDT, Offer Baruch <offerbar...@gmail.com> wrote: > I am sharing 2 OSA with 4 z/OS and 2 z/VMs. > Each z/VM is using its own VLAN using VLAN tagging and the z/OS is using its > own VLAN as a native VLAN. In general, host traffic should not use the native VLAN. There are switch-switch protocols that travel on the native VLAN and any host with native VLAN access can potentially corrupt them if they are active. Some protocols always use VLAN 1, some use the native VLAN. If you've disabled all the management protocols, fine, but IMO is still a Bad Idea. An accident waiting to happen. Any first-level entity connected to a trunk port needs to be tagging frames unless it is specifically doing switch-switch management stuff. Not only is it safer, it's more obvious that you are connected to a network switch with more than the usual privilege. One of the reasons I like to define a VSWITCH with VLAN 666 (for example) is that the default VLAN and the native VLAN are different. This ensures that CP will always tag the frames, even if you fail to explicitly authorize the guest to a VLAN. When the default VLAN and native VLAN are the same, all guest traffic on the default VLAN goes out untagged. As an aside, watch out for switches that have had the native VLAN changed to something other than 1 - the value for DEFINE VSWITCH .. NATIVE x must match. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
