Hi all,
i am currently setting up a new firewall for our department. I already
set up an OpenBSD Firewall and i am very satisfied with it :-)
The new machine is set up to use dot1q vlans in order to save on
interfaces and ports in our Cisco switch.
This is the first time i am using dot1q and i am experiencing strange
problems, which are not easy to describe, but i will try:
Generally, operation is *very* slow, if i try to ping one of the
machine's interfaces, one ping is echoed, then it pauses for a minute,
then another ping comes though.
ssh'ing into the box is possible after some 20 seconds delay (no, it is
not reserve dns lookup), i can type commands and see the outputs,
interspersed with occasional delays. As soon as i do a "tcpdump" on the
interface that i used to login, the connection is dead.
Logging in and working locally works w/o problems.
Routing is very sluggish, close to unusable.
Some questions (could not find answers with google or mailinglist):
- Do the physical interfaces need an ip address (i guess not)
- Can i filter on the physical interfaces in pf / do i have to
explicitly pass them (does not seem to make a difference)
If i change the configuration to non-vlan operation everything runs fine
:-)
I am attaching ifconfig and dmesg output. The physical interface, sk0 is
shown as having "no carrier", this is because i had to pull the plug
while taking the information because another machine (our old firewall)
was running with the same address.
I have googled and looked in the mailing list, but did not find such
problems mentioned. Does anybody have an idea? If i cannot get this to
work, someone else will probably set up a linux firewall, which i would
rather try to avoid..
I am not sure what type of switch is on the other end, here is some
output that the admin mailed me:
vlan 86
name WLAN
!
vlan 182
name BackBone
!
interface FastEthernet6/19
description k307 n2340-19a
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 16,86,182,231,232
switchport mode trunk
duplex full
Thanks for any hints,
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:13:d4:de:cf:88
media: Ethernet autoselect (1000baseT half-duplex)
status: no carrier
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0a:5e:61:7a:2d
media: Ethernet autoselect (none)
status: no carrier
xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0a:5e:61:7a:04
media: Ethernet autoselect (none)
status: no carrier
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 1348
enc0: flags=0<> mtu 1536
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:13:d4:de:cf:88
vlan: 16 parent interface: sk0
groups: vlan
inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:13:d4:de:cf:88
vlan: 231 parent interface: sk0
groups: vlan
vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:13:d4:de:cf:88
vlan: 182 parent interface: sk0
groups: vlan egress
inet 134.102.186.20 netmask 0xffffff00 broadcast 134.102.186.255
vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:13:d4:de:cf:88
vlan: 86 parent interface: sk0
groups: vlan
inet 172.21.1.8 netmask 0xffff0000 broadcast 172.21.255.255
OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006
[EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD Powernow: FID VID TTP TM STC
real mem = 536125440 (523560K)
avail mem = 459415552 (448648K)
using 4278 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xb000 0xcb000/0x800 0xcb800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10
skc0: Marvell Yukon Lite (0x9)
sk0 at skc0 port A: address 00:13:d4:de:cf:88
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 10,
address 00:0a:5e:61:7a:2d
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci0 dev 14 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address
00:0a:5e:61:7a:04
exphy1 at xl1 phy 24: 3Com internal media interface
pciide0 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel
0 configured to compatibility, channel 1 configured to compatibility
drive at pciide1 channel 0 drive 0 not configured
pciide1: channel 0 disabled (no drives)
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
"VIA VT8233 AC97" rev 0x60 at pci0 dev 17 function 5 not configured
pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb8 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffe5 netmask ffed ttymask ffef
rd0: fixed, 49152 blocks
pctr: user-level cycle counter enabled
uhub5 at uhub4 port 4
uhub5: Prolific Technology Inc. USB Embedded Hub, rev 2.00/1.00, addr 2
uhub5: 1 port with 0 removable, self powered, single transaction translator
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 1 configuration 1 interface 1
uhidev1: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1
uhidev1: 4 report ids
ums0 at uhidev1 reportid 1: 16 buttons and Z dir.
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 4: input=3, output=0, feature=0
umass0 at uhub5 port 1 configuration 1 interface 0
umass0: Prolific Technology Inc. USB Mass Storage Device, rev 2.00/1.00, addr 3
umass0: using ATAPI over Bulk-Only
scsibus0 at umass0: 2 targets
sd0 at scsibus0 targ 1 lun 0: <Corsair, Flash Voyager, 1.00> SCSI0 0/direct
removable
sd0: 124MB, 124 cyl, 64 head, 32 sec, 512 bytes/sec, 253952 sec total
dkcsum: sd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006
[EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD Powernow: FID VID TTP TM STC
real mem = 536125440 (523560K)
avail mem = 459415552 (448648K)
using 4278 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xb000 0xcb000/0x800 0xcb800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10
skc0: Marvell Yukon Lite (0x9)
sk0 at skc0 port A: address 00:13:d4:de:cf:88
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 10,
address 00:0a:5e:61:7a:2d
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci0 dev 14 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address
00:0a:5e:61:7a:04
exphy1 at xl1 phy 24: 3Com internal media interface
pciide0 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel
0 configured to compatibility, channel 1 configured to compatibility
drive at pciide1 channel 0 drive 0 not configured
pciide1: channel 0 disabled (no drives)
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
"VIA VT8233 AC97" rev 0x60 at pci0 dev 17 function 5 not configured
pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb8 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffe5 netmask ffed ttymask ffef
rd0: fixed, 49152 blocks
pctr: user-level cycle counter enabled
uhub5 at uhub4 port 4
uhub5: Prolific Technology Inc. USB Embedded Hub, rev 2.00/1.00, addr 2
uhub5: 1 port with 0 removable, self powered, single transaction translator
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 1 configuration 1 interface 1
uhidev1: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1
uhidev1: 4 report ids
ums0 at uhidev1 reportid 1: 16 buttons and Z dir.
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 2: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 4: input=3, output=0, feature=0
umass0 at uhub5 port 1 configuration 1 interface 0
umass0: Prolific Technology Inc. USB Mass Storage Device, rev 2.00/1.00, addr 3
umass0: using ATAPI over Bulk-Only
scsibus0 at umass0: 2 targets
sd0 at scsibus0 targ 1 lun 0: <Corsair, Flash Voyager, 1.00> SCSI0 0/direct
removable
sd0: 124MB, 124 cyl, 64 head, 32 sec, 512 bytes/sec, 253952 sec total
dkcsum: sd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
