Jon wrote:
Clint Pachl wrote:
Jon wrote:
Greetings everybody,
So I've set up what I thought should be a proper vlan configuration
however something is clearly still not correct. Traffic passes fine
to the vlan devices from the external side of the router (I can ping
them) however traffic does not seem to pass bewteen the vlan devices
and their parent device - I cannot ping stuff connected to the vlans
on the switch.
Is the switch VLAN-aware? Are the end-nodes in each VLAN VLAN- and
tag-aware?
The switch is vlan aware and the hosts connected to it are plugged
into ports which are assigned to vlans configured on the switch with
the same numbers that I am putting in the /etc/hostname.vlan* vlan
option fields. I'm not sure what you mean by end-nodes being vlan
and tag-aware though. Have I made an incorrect assumption that this
vlan thing is something that happens transparently to the individual
hosts in the cluster (excluding the switch and the firewall)?
he might mean other switches connected to the one with vlan tagging
enabled. if you want to pass tagged packets between several switches you
need to make sure the vlan setting match across the switches and that
the ports linking them accept tagged packets. the hosts that are on
switch ports that are NOT tagged and have a certain vlan assigned to
them will "transparently" end up in the right vlan.
Using tcpdump on the vlan parent device DOES show
all kinds of arp requests and such noise marked as 802.1Q coming
from the hosts on the various vlans (mostly unanswered arp requests
for the vlan device which is their gateway) and using tcpdump on the
various vlan devices on the router shows only unanswered arp requests
for the various other hosts.
* I've uncommented net.inet.ip.forwarding=1 in /etc/sysctl.conf
* packetfilter is off
* hostname.em0: inet 172.18.1.2 255.255.255.0 NONE (external side of
the router, local to my desktop lan - pings go through this to the
vlan devices and return just fine)
* hostname.em1: up mtu 1518 (the mtu 1518 part is just cause a man
page seemed to be suggesting I should set it to this)
The 802.1Q protocol will increase the frame by 4 bytes, but if your
destination cannot interpret the VLAN protocol ID, the packet will be
dropped.
So in this case that isn't just the switch and the firewall? I'm
confused. :( I thought the wrapping and unwrapping of the network
packets in the vlan protocol packets was handled solely by the switch
and firewall. You're telling me this is not the case?
see above. the 4 byte tag is only applied when packets need to pass to a
tagged port on the switch, AFAIK. if you have an untagged port that is
assigned to a vlan and the traffic passes to a tagged port, the tag will
be applied to the traffic going out the tagged port.
i am no authority on vlans but i have them setup and working throughout
the company network at my workplace.
cheers,
jake
* hostname.vlan0: inet 172.17.1.1 255.255.255.0 172.17.1.255 vlan 1
vlandev em1
* hostname.vlan1: inet 172.17.2.1 255.255.255.0 172.17.2.255 vlan 2
vlandev em1
* hostname.vlan2: inet 172.17.3.1 255.255.255.0 172.17.3.255 vlan 3
vlandev em1
* hostname.vlan3: inet 172.17.4.1 255.255.255.0 172.17.4.255 vlan 4
vlandev em1
