Re: Vlans using a trunk device
Two ideas come to mind: Either use one interface for each VLAN, or create VLAN interfaces on each ethernet interface and then trunk all the VLAN interfaces assigned to the same VLAN. Dustin Lundquist Axton Grams wrote: While working with the trunk and vlan features of OpenBSD, I ran into one thing that I do not understand. In order to use a trunk device for multiple vlan's, the trunk device must have an ip address assigned. Let me illustrate my configuration (vlan ids do not match, but it's not relavent, see ifconfig for exact info): ++ +-+ +---+ | router | |modem| |servers| ++ +-+ +---+ | || +---+-+-+-+ | |vlan2|vlan3|vlan4| | trunk |inet |lan |dmz | +---+-+-+-+ switch| ++ |workstations| ++ ifconfig reads like this: # ifconfig lo0: flags=8049 mtu 33192 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 gem0: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 hme0: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc4%hme0 prefixlen 64 scopeid 0x2 hme1: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc5%hme1 prefixlen 64 scopeid 0x3 hme2: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc6%hme2 prefixlen 64 scopeid 0x4 hme3: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc7%hme3 prefixlen 64 scopeid 0x5 pflog0: flags=141 mtu 33192 pfsync0: flags=0<> mtu 1460 enc0: flags=0<> mtu 1536 trunk0: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkproto roundrobin trunkport hme0 active trunkport hme1 active trunkport hme3 active trunkport hme2 active trunkport gem0 master,active groups: trunk media: Ethernet autoselect status: active inet 10.1.1.1 netmask 0xff00 broadcast 10.1.1.255 inet6 fe80::203:baff:fe04:b21d%trunk0 prefixlen 64 scopeid 0xa vlan10: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 10 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan10 prefixlen 64 scopeid 0xb inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255 vlan2: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 2 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0xc inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255 vlan3: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 3 priority: 0 parent interface: trunk0 groups: vlan egress inet6 stripped%vlan3 prefixlen 64 scopeid 0xd inet x.x.x.x netmask 0x broadcast z.z.z.z vlan30: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 30 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan30 prefixlen 64 scopeid 0xe inet 10.180.17.1 netmask 0xff00 broadcast 10.180.17.255 The switch is configured such that the ports for the nodes are untagged and every vlan sends tagged packets to the trunk. When the trunk interface does not have an ip address assigned, no traffic moves through the vlans. This is what I am not understanding. I assigned 10.1.1.1 to the trunk interface since I am not using that subnet. How should I handle this subnet in my pf rules? The route tables show 10.1.1/24 as a routable subnet because it is assigned to the trunk interface: # route -n show Routing tables Destination Gateway Flags RefsUse Mtu Interface default x.x.x.x UGS 0 725698 - vlan3 10.1.1/24 link#10 UC 0 0 - trunk0 10.107.208/24 link#12 UC 0 0 - vlan2 10.180.16/24 link#11 UC 0 0 - vlan10 10.180.17/24 link#14 UC 0 0 - vlan30 x.x.x.x/y link#13 UC 0 0 - vlan3 127/8 127.0.0.1 UGRS 0 0 33192 lo0 127.0.0.1 127.0.0.1 UH 0 0 33192 lo0 224/4 127.0.0.1 URS 0 0 33192 lo0 Also, anything that looks off in the config
Re: Vlans using a trunk device
Stuart Henderson wrote: > On 2006/10/08 15:31, Axton Grams wrote: >> While working with the trunk and vlan features of OpenBSD, I ran into >> one thing that I do not understand. In order to use a trunk device for >> multiple vlan's, the trunk device must have an ip address assigned. > > Your ifconfig output is from when it's working, isn't it? Start from > not-working and diff the two (ifconfig > /tmp/broken; ifconfig trunk0 \ > 10.1.1.1; ifconfig | diff -u /tmp/broken -) and see what changed. > > You'll probably see that before you added the address it wasn't > configured "UP". If that's the case, you just need to add the word > "up" on a line in /etc/hostname.trunk0 > >> Read some postings about changing mtu on vlan devices, but don't know >> enough to know what to do. > > If changing mtu makes a difference to vlans, you're probably better > off searching for better NICs. > > Stuart, Thanks for the info. It must have been some other config problem that I misinterpreted as the trunk interface needing an ip. Altered the hostname.trunk0 with the appropriate parameters (no ip, just up and trunkdevs) and all is well. Started this this morning and changed a lot in that time frame. Works like a charm. Axton Grams
Re: Vlans using a trunk device
On 2006/10/08 15:31, Axton Grams wrote: > While working with the trunk and vlan features of OpenBSD, I ran into > one thing that I do not understand. In order to use a trunk device for > multiple vlan's, the trunk device must have an ip address assigned. Your ifconfig output is from when it's working, isn't it? Start from not-working and diff the two (ifconfig > /tmp/broken; ifconfig trunk0 \ 10.1.1.1; ifconfig | diff -u /tmp/broken -) and see what changed. You'll probably see that before you added the address it wasn't configured "UP". If that's the case, you just need to add the word "up" on a line in /etc/hostname.trunk0 > Read some postings about changing mtu on vlan devices, but don't know > enough to know what to do. If changing mtu makes a difference to vlans, you're probably better off searching for better NICs.
Vlans using a trunk device
While working with the trunk and vlan features of OpenBSD, I ran into one thing that I do not understand. In order to use a trunk device for multiple vlan's, the trunk device must have an ip address assigned. Let me illustrate my configuration (vlan ids do not match, but it's not relavent, see ifconfig for exact info): ++ +-+ +---+ | router | |modem| |servers| ++ +-+ +---+ | || +---+-+-+-+ | |vlan2|vlan3|vlan4| | trunk |inet |lan |dmz | +---+-+-+-+ switch| ++ |workstations| ++ ifconfig reads like this: # ifconfig lo0: flags=8049 mtu 33192 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 gem0: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 hme0: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc4%hme0 prefixlen 64 scopeid 0x2 hme1: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc5%hme1 prefixlen 64 scopeid 0x3 hme2: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc6%hme2 prefixlen 64 scopeid 0x4 hme3: flags=8b63 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkdev trunk0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::a00:20ff:feca:7dc7%hme3 prefixlen 64 scopeid 0x5 pflog0: flags=141 mtu 33192 pfsync0: flags=0<> mtu 1460 enc0: flags=0<> mtu 1536 trunk0: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d trunk: trunkproto roundrobin trunkport hme0 active trunkport hme1 active trunkport hme3 active trunkport hme2 active trunkport gem0 master,active groups: trunk media: Ethernet autoselect status: active inet 10.1.1.1 netmask 0xff00 broadcast 10.1.1.255 inet6 fe80::203:baff:fe04:b21d%trunk0 prefixlen 64 scopeid 0xa vlan10: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 10 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan10 prefixlen 64 scopeid 0xb inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255 vlan2: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 2 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0xc inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255 vlan3: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 3 priority: 0 parent interface: trunk0 groups: vlan egress inet6 stripped%vlan3 prefixlen 64 scopeid 0xd inet x.x.x.x netmask 0x broadcast z.z.z.z vlan30: flags=8843 mtu 1500 lladdr 00:03:ba:04:b2:1d vlan: 30 priority: 0 parent interface: trunk0 groups: vlan inet6 fe80::203:baff:fe04:b21d%vlan30 prefixlen 64 scopeid 0xe inet 10.180.17.1 netmask 0xff00 broadcast 10.180.17.255 The switch is configured such that the ports for the nodes are untagged and every vlan sends tagged packets to the trunk. When the trunk interface does not have an ip address assigned, no traffic moves through the vlans. This is what I am not understanding. I assigned 10.1.1.1 to the trunk interface since I am not using that subnet. How should I handle this subnet in my pf rules? The route tables show 10.1.1/24 as a routable subnet because it is assigned to the trunk interface: # route -n show Routing tables Destination Gateway Flags RefsUse Mtu Interface default x.x.x.x UGS 0 725698 - vlan3 10.1.1/24 link#10 UC 0 0 - trunk0 10.107.208/24 link#12 UC 0 0 - vlan2 10.180.16/24 link#11 UC 0 0 - vlan10 10.180.17/24 link#14 UC 0 0 - vlan30 x.x.x.x/y link#13 UC 0 0 - vlan3 127/8 127.0.0.1 UGRS 0 0 33192 lo0 127.0.0.1 127.0.0.1 UH 0 0 33192 lo0 224/4 127.0.0.1 URS 0 0 33192 lo0 Also, anything that looks off in the config provided, please chime in. Read some postings about changing mtu on vlan devices, but don't know enough to know what to do. I do know that vlan ids are 12-bit numbers, so not sure if an mtu of 1503 is appropriate or not. Tha
