6. Configuration (b.) - VLAN's and switches

For this configuration I used a Cisco Catalyst 2900 XL switch. I am on Bell Sympatico ADSL with SpeedStream 5360 Ethernet ADSL modem, which is actually only a bridge. It turned out that it does not matter how I configured the port of the Cisco Catalyst, it did not detect the SpeedStream. Finally, I gave up and used one small 5 port TrendNet TE100-SS/CA switch in between them. Since all SpeedStream 5360's are gone nowadays, you probably will not have this problem. DSL modems nowadays are actually routers and have integrated PPPoE support and for this configuration it is only necessary to VLAN the switch and eth0. I used a Cisco Catalyst (which is actually not so bad) only because this is what I managed to borrow, but if you are thinking of buying a switch look for something better.

I configured two additional VLAN's on it:
I configured two additional VLAN's on it:
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5,
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/13,
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/20,
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002                         active    Fa0/9, Fa0/10, Fa0/11, Fa0/12
3    VLAN0003                         active    Fa0/17, Fa0/18, Fa0/19

Port FA01 is a tagged port. I am not giving the detailed commands to set it up, since they will depend on whatever switch model you have.

From the side of Linux it is really easy; type the commands:
ifconfig eth0
(to remove the IP address from eth0)
ip link add link eth0 name eth0.1 type vlan id 1
ip link add link eth0 name eth0.2 type vlan id 2
ifconfig eth0.1 up
ifconfig eth0.2 up

Of course in "vlan id NN" the NN will have to be replaced with your VlanID. In my case the new IP addresses are set back like this:
ifconfig eth0.1
ifconfig eth0.2 netmask

If you like you can go with something more traditional like for your future default gateway. I used eth0.1 as the uplink. If you want your physical wireless and wired networks to be in the same network, to mimic the behavior of the commercial routers, you can bridge eth0.2 and wlan0. Check configuration (c.) below for help with bridging. The only real reason you may want this is to use Microsoft ™workgroup network, though in this case you should consider installing Samba as a master browser on the Aspire.

In my case I had to setup PPPoE by running the pppoe-setup script. This will not be necessary for most people, but if it is for you than pay attention to the last question (asked by the pppoe-setup script) and answer it depending on the firewall management you choose. You may encounter additional MTU auto discovery problems with Internet providers such as Bell Sympatico. If it turns out that you are able to ping external machines, but browsing barely works if at all, you will have to use some commands like the next one in your firewall script:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
In case you decide to use the Firewall Builder, it is only a matter of checking the check box "Clamp MSS to MTU" in firewall settings. If you want to know more about this problem check "Linux Advanced Routing & Traffic Control HOWTO".

I implemented the configuration with a manageable switch rather than the one with the USB to Ethernet converter, since to start with I have no such device. The second problem with such devices is actually making them work. Finally I have difficulties believing the advertised speeds of all USB to Ethernet converters that the manufacturers claim.