[leaf-user] The vlan project

[Scott]

Here is my project:

This building has 1 internet connection (DSL line). There are 12 tenants who want to share this line. My job is to give them access to the DSL but keep them separate from each other. I am endeavouring to do this with vlan tagging.

Beware, lots of information to follow.

-=PART I=-

First,

I need an eepro100.o or tulip.o driver compiled with and mtu > 1500. Searching this list and others has turned up many references to patches, but no drivers. Has anyone compiled these drivers with a mtu > 1500 for the purposes of 802.1q vlan tagging? If you have, can you provide a link to where it is available, please? If no one has a compiled driver, but has the capability and know-how to create them, here's the most recent url (that I could find) for the patches: http://www.candelatech.com/~greear/vlan/cisco_howto.html. The tulip and eepro patches are half way down.

-=PART II=-

I'm new to 802.1q vlan tagging. Here's my set up. If it doesn't make sense to you, that's because it doesn't make sense to me. I'm 100% sure about the tag/untag settings of the vlan. Nevertheless, does this look feasible?

Here's a schematic of my setup:

2 vlans: vlan11, vlan12
vlan11: 192.168.1.0/24
vlan12: 192.168.2.0/24

switch: (IP 192.168.1.254)

vlan11: 802.1q tag = 11
ports: 1,2
port 1: untag
port 2: tag

vlan12: 802.1q tag = 12
ports: 1,3
port 1: untag
port 3: tag

switch has a ping utility. I Can ping 192.168.1.5 (test on port 2), but not 192.168.1.1 (router on port 1).

Port 1 is my router. Ports 2+ are for each individual vlan.

internet---router---802.1q switch
...1.1 ...1.254 \--(192.168.1.0/24) -- 192.168.1.5(test comp)
...2.1 |-(192.168.2.0/24)
...3.1 |-(192.168.3.0/24)
...etc.1 |-(etc...)


Here are some relevant files. I can supply anything else upon request. I made some of my own comments in the files, mostly for my own purposes.
########################
>> cat /etc/network/interfaces:

# /etc/network/interfaces -- configuration file for LEAF network
# J. Nilo, April 2002
#
# Loopback interface.
auto lo
iface lo inet loopback

# Step 1: configure external interface
# uncomment/adjust one of the following 4 options
# Option 1.1 (default): eth0 / dynamic IP from pump/dhclient
auto eth0
iface eth0 inet dhcp

# Makes no difference if eth1 is defined or not. I read in a post
# somewhere that it had to be defined for the vlan devices
# to work.
auto eth1
iface eth1 inet static
address 192.168.0.1
masklen 24
broadcast 192.168.0.255

auto eth1.11
iface eth1.11 inet static
address 192.168.1.1
masklen 24
broadcast 192.168.1.255

auto eth1.12
iface eth1.12 inet static
address 192.168.2.1
masklen 24
broadcast 192.168.2.255
########################

>> cat /etc/network/if-pre-up.d/vlan

#!/bin/sh

# You don't usually need to touch this file at all, the full
# configuration of the bridge can be done in a standard way on
# /etc/network/interfaces.

# Have a look at /usr/share/doc/bridge-utils/README.Debian.gz if you
# want more info about the way on wich a bridge is set up on Debian.

#if [ -z "$IF_VLAN_RAW_DEVICE" ]
#then
# exit 0
#fi

if [ ! -x /sbin/vconfig ]
then
exit 0
fi

case "$IFACE" in
vlan0*)
vconfig set_name_type VLAN_PLUS_VID
VLANID=`echo $IFACE|sed "s/vlan0*//g"`
;;
vlan*)
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
VLANID=`echo $IFACE|sed "s/vlan0*//g"`
;;
eth*)
vconfig set_name_type DEV_PLUS_VID_NO_PAD
VLANID=`echo $IFACE|sed "s/eth[0-9][0-9]*\.0*//g"`
IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\.[0-9]*//g"`
;;
esac

# This following 'if' statement produces
# a seemingly harmless error on boot.
if ! ip link show dev $IF_VLAN_RAW_DEVICE > /dev/null
then
echo "$IF_VLAN_DEVICE does not exist"
exit 1
fi

ip link set up dev $IF_VLAN_RAW_DEVICE
vconfig add $IF_VLAN_RAW_DEVICE $VLANID
########################

>> ip addr show

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:42:c9:22 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:5c:28:de brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
5: eth0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue
link/ether 00:90:27:42:c9:22 brd ff:ff:ff:ff:ff:ff
6: eth1.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
link/ether 00:90:27:5c:28:de brd ff:ff:ff:ff:ff:ff
7: eth1.11: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:90:27:5c:28:de brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1.11
8: eth1.12: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:90:27:5c:28:de brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global eth1.12
########################

-Scott



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html