The first thing I noticed is that SK0 is only at half duplex and you have "duplex full" on the switch port. This can cause similar problems to what you are describing. I've found it always best to set the speed & duplex on both devices (switch and PC) when creating trunks. HTH
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heinrich Rebehn Sent: Tuesday, April 04, 2006 12:13 PM To: misc@openbsd.org Subject: VLAN-Problems Hi all, i am currently setting up a new firewall for our department. I already set up an OpenBSD Firewall and i am very satisfied with it :-) The new machine is set up to use dot1q vlans in order to save on interfaces and ports in our Cisco switch. This is the first time i am using dot1q and i am experiencing strange problems, which are not easy to describe, but i will try: Generally, operation is *very* slow, if i try to ping one of the machine's interfaces, one ping is echoed, then it pauses for a minute, then another ping comes though. ssh'ing into the box is possible after some 20 seconds delay (no, it is not reserve dns lookup), i can type commands and see the outputs, interspersed with occasional delays. As soon as i do a "tcpdump" on the interface that i used to login, the connection is dead. Logging in and working locally works w/o problems. Routing is very sluggish, close to unusable. Some questions (could not find answers with google or mailinglist): - Do the physical interfaces need an ip address (i guess not) - Can i filter on the physical interfaces in pf / do i have to explicitly pass them (does not seem to make a difference) If i change the configuration to non-vlan operation everything runs fine :-) I am attaching ifconfig and dmesg output. The physical interface, sk0 is shown as having "no carrier", this is because i had to pull the plug while taking the information because another machine (our old firewall) was running with the same address. I have googled and looked in the mailing list, but did not find such problems mentioned. Does anybody have an idea? If i cannot get this to work, someone else will probably set up a linux firewall, which i would rather try to avoid.. I am not sure what type of switch is on the other end, here is some output that the admin mailed me: vlan 86 name WLAN ! vlan 182 name BackBone ! interface FastEthernet6/19 description k307 n2340-19a switchport trunk encapsulation dot1q switchport trunk allowed vlan 16,86,182,231,232 switchport mode trunk duplex full Thanks for any hints, Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax : -3341 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff000000 sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:13:d4:de:cf:88 media: Ethernet autoselect (1000baseT half-duplex) status: no carrier xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0a:5e:61:7a:2d media: Ethernet autoselect (none) status: no carrier xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0a:5e:61:7a:04 media: Ethernet autoselect (none) status: no carrier pflog0: flags=0<> mtu 33224 pfsync0: flags=0<> mtu 1348 enc0: flags=0<> mtu 1536 vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 16 parent interface: sk0 groups: vlan inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255 vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 231 parent interface: sk0 groups: vlan vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 182 parent interface: sk0 groups: vlan egress inet 134.102.186.20 netmask 0xffffff00 broadcast 134.102.186.255 vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:13:d4:de:cf:88 vlan: 86 parent interface: sk0 groups: vlan inet 172.21.1.8 netmask 0xffff0000 broadcast 172.21.255.255 OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006 [EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD Powernow: FID VID TTP TM STC real mem = 536125440 (523560K) avail mem = 459415552 (448648K) using 4278 buffers containing 26910720 bytes (26280K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc0000/0xb000 0xcb000/0x800 0xcb800/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00 pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10 skc0: Marvell Yukon Lite (0x9) sk0 at skc0 port A: address 00:13:d4:de:cf:88 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 10, address 00:0a:5e:61:7a:2d exphy0 at xl0 phy 24: 3Com internal media interface xl1 at pci0 dev 14 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address 00:0a:5e:61:7a:04 exphy1 at xl1 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility drive at pciide1 channel 0 drive 0 not configured pciide1: channel 0 disabled (no drives) pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00 "VIA VT8233 AC97" rev 0x60 at pci0 dev 17 function 5 not configured pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb8 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 isa0 at pcib0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffe5 netmask ffed ttymask ffef rd0: fixed, 49152 blocks pctr: user-level cycle counter enabled uhub5 at uhub4 port 4 uhub5: Prolific Technology Inc. USB Embedded Hub, rev 2.00/1.00, addr 2 uhub5: 1 port with 0 removable, self powered, single transaction translator uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 1 configuration 1 interface 1 uhidev1: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1 uhidev1: 4 report ids ums0 at uhidev1 reportid 1: 16 buttons and Z dir. wsmouse0 at ums0 mux 0 uhid0 at uhidev1 reportid 2: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 4: input=3, output=0, feature=0 umass0 at uhub5 port 1 configuration 1 interface 0 umass0: Prolific Technology Inc. USB Mass Storage Device, rev 2.00/1.00, addr 3 umass0: using ATAPI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: <Corsair, Flash Voyager, 1.00> SCSI0 0/direct removable sd0: 124MB, 124 cyl, 64 head, 32 sec, 512 bytes/sec, 253952 sec total dkcsum: sd0 matches BIOS drive 0x80 root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 OpenBSD 3.8-stable (ANT) #2: Thu Mar 30 16:59:00 CEST 2006 [EMAIL PROTECTED]:/root/flashboot-0.9beta1/obj/ANT cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD Powernow: FID VID TTP TM STC real mem = 536125440 (523560K) avail mem = 459415552 (448648K) using 4278 buffers containing 26910720 bytes (26280K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc0000/0xb000 0xcb000/0x800 0xcb800/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00 pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10 skc0: Marvell Yukon Lite (0x9) sk0 at skc0 port A: address 00:13:d4:de:cf:88 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 10, address 00:0a:5e:61:7a:2d exphy0 at xl0 phy 24: 3Com internal media interface xl1 at pci0 dev 14 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address 00:0a:5e:61:7a:04 exphy1 at xl1 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility drive at pciide1 channel 0 drive 0 not configured pciide1: channel 0 disabled (no drives) pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00 "VIA VT8233 AC97" rev 0x60 at pci0 dev 17 function 5 not configured pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb8 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 isa0 at pcib0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffe5 netmask ffed ttymask ffef rd0: fixed, 49152 blocks pctr: user-level cycle counter enabled uhub5 at uhub4 port 4 uhub5: Prolific Technology Inc. USB Embedded Hub, rev 2.00/1.00, addr 2 uhub5: 1 port with 0 removable, self powered, single transaction translator uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 1 configuration 1 interface 1 uhidev1: Logitech USB Receiver, rev 1.10/17.21, addr 2, iclass 3/1 uhidev1: 4 report ids ums0 at uhidev1 reportid 1: 16 buttons and Z dir. wsmouse0 at ums0 mux 0 uhid0 at uhidev1 reportid 2: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 4: input=3, output=0, feature=0 umass0 at uhub5 port 1 configuration 1 interface 0 umass0: Prolific Technology Inc. USB Mass Storage Device, rev 2.00/1.00, addr 3 umass0: using ATAPI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: <Corsair, Flash Voyager, 1.00> SCSI0 0/direct removable sd0: 124MB, 124 cyl, 64 head, 32 sec, 512 bytes/sec, 253952 sec total dkcsum: sd0 matches BIOS drive 0x80 root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
