Priscilla Oppenheimer wrote:
> The picture got a bit munged. I think I understand it, though. The > router-on-a stick is the Linux box and it's supposed to be on the right > side of the drawing? What do you mean by ix86? It's not a 486 machine is > it? Ugh. > :-) Sorry for the wraparound problem - yes, you understand the configuration correctly. The router-on-a-stick is an Intel 686 running Linux. The four local networks are oreilly, colophon, zoo, and safari. safari is connected into a 3600 with a loopback address of 10.0.0.5, which in turn goes out to the rest of the network. The 3600's interface has an address on safari.net. The rest of your questions are answered below, inline. I don't think it's the fault of the linux box, though. Note that pings make it to the wire between oreilly.net and the switch, but not onto the trunk wire. That was a good suggestion to recheck the MAC address of the ping packets. The MAC destination addresses on the oreilly.net packets are the MAC of the linux router, as expected. It looks like the switch is not forwarding the packets to the router for some reason, even though it does forward packets for other 10.0.0.X addresses. Something I don't understand in IOS is the role of secondary IP addresses on a switch. In looking into this problem, I've set several, but they don't appear to have any effect, and I can't even do a "show ip interface secondary" kind of command to find out what the secondary addresses are now. I wouldn't think that a secondary IP address should have an effect on whether the switch forwards packets to the router, though. > >> >> |--------------| |--------------| >> | oreilly.net |------|vlan5 | >> |--------------| | | >> | | >> |--------------| | | >> | colophon.net |------|vlan6 s | >> |--------------| | 2 w | 802.1Q | one >> interface >> | 9 i |============| >> "router-on-a-stick" >> |--------------| | 5 t | vlan5-8 | ix86 >> running linux >> | zoo.net |------|vlan8 0 c | >> |--------------| | h | >> | | >> |--------------| | | >> | safari.net |------|vlan7 | >> |--------------| |--------------| >> | >> ----- >> 3600 router >> loopback address >> 10.0.0.5 >> ----- >> | | | >> big >> network >> cloud >> > > What is the MAC destination address in these pings from the oreilly.net > box? The sniffer on the vlan 5 wire shows the destination MAC is the MAC of the linux router interface, as it should be. > What is the box on oreilly.net using for its default gateway? It > sounds like it should be using the Linux router-on-a-stick. Maybe it's > not? Yes, it is properly set up. The default gateway for the oreilly.net box is the linux router. The default gateway for the linux router is the safari.net interface address of the 3600. Other packets route properly. > I hate to say it, but to debug the problem we would have to see the config > of the Linus router-on-a-stick too. You say it's doing 802.1Q? I didn't > know it could do that. :-) Recent kernels have 802.1Q built in. As noted below, ethernet drivers may need to be patched to handle large packets. > Are you sure it's a stable and standard > implementation? The kernel proper is probably pretty solid. The ethernet card driver had to be patched, though, so that it could handle large vlan packets. The unpatched driver would drop packets larger than the MTU size, before the kernel's 802.1Q code could strip off the vlan tag. With the patch, the router appears to be handling trunked packets properly. > Does it have subinterfaces like a "real" router would have > and an address on all the subnets? Yes. Each subinterface is designated eth0.N where N is the vlan number. Each eth0.N has a unique address in the local network address space of the vlan'd local network. If you speak Linux (or for you lurkers who do) note that eth0.N is not the same as the notation for an aliased network, which would be eth0:N. > Is the Linux box running a firewall that could be blocking traffic? No. Neither iptables nor ipchains is running on this box. > Does the Linux box have some troubleshooting tools you could use to see > what traffic it's handling?? The sniffer tcpdump is all I'm using. Are there other tools besides a sniffer that would be good to have? >> but another sniffer sees nothing on the >> 802.1Q trunk >> wire and, of course, the ping is not successful. On the other >> hand, when a >> box on oreilly.net pings 10.0.0.5, it does so successfully. >> Wierd. > > Is that its own subnet, though? That you might expect to work. 10.0.0.0/24 is unique in this network to the routers and switches, and is used for administration. The local networks don't know about 10.0.0.0/24. Local networks all have addresses that start with 192. > > Well, good luck with the puzzle. Let us know what else you find out. > Thanks. > > Priscilla > >> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64010&t=63789 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
