Re: OpenBSD - Vlans - CISCO

Michael Lockhart Fri, 08 Dec 2006 13:38:52 -0800

Also, here's the ifconfig output.  And I didn't mean a switch running
OpenBSD, we have a gateway system running 3.2 connected to a cisco
switch ;)


vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:a5:13:8f:3b
        vlan: 12 parent interface: fxp1
        inet 172.16.4.1 netmask 0xfffffe00 broadcast 172.16.5.255
vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:a5:13:8f:3b
        vlan: 3 parent interface: fxp1
        inet 172.16.6.1 netmask 0xfffffe00 broadcast 172.16.7.255
vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:a5:13:8f:3b
        vlan: 4 parent interface: fxp1
        inet 172.16.8.1 netmask 0xfffffe00 broadcast 172.16.9.255
vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:a5:13:8f:3b
        vlan: 5 parent interface: fxp1
        inet 172.16.10.1 netmask 0xfffffe00 broadcast 172.16.11.255
vlan6: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:a5:13:8f:3b
        vlan: 11 parent interface: fxp1
        inet 172.16.12.1 netmask 0xfffffe00 broadcast 172.16.13.255


our dhcpd.conf is like this:

-- snip --
shared-network vlan2 {
        option domain-name "*******.net";
        option domain-name-servers 172.16.4.1;
        subnet 172.16.4.0 netmask 255.255.254.0 {
                option routers 172.16.4.1;
                range 172.16.4.15 172.16.5.254;
        }
}
shared-network vlan3 {
        option domain-name "*******.net";
        option domain-name-servers 172.16.6.1;
        subnet 172.16.6.0 netmask 255.255.254.0 {
                option routers 172.16.6.1;
                range 172.16.6.15 172.16.7.254;
        }
}
shared-network vlan4 {
        option domain-name "*******.net";
        option domain-name-servers 172.16.8.1;
        subnet 172.16.8.0 netmask 255.255.254.0 {
                option routers 172.16.8.1;
                range 172.16.8.15 172.16.9.254;
        }
}
shared-network vlan5 {
        option domain-name "*******.net";
        option domain-name-servers 172.16.10.1;
        subnet 172.16.10.0 netmask 255.255.254.0 {
                option routers 172.16.10.1;
                range 172.16.10.15 172.16.11.254;
        }
}
shared-network vlan6 {
        option domain-name "*******.net";
        option domain-name-servers 172.16.12.1;
        subnet 172.16.12.0 netmask 255.255.254.0 {
                option routers 172.16.12.1;
                range 172.16.12.15 172.16.13.254;
        }
}
-- snip --


So you can see that with the switch config, the proper vlan setup on the
interfaces, and a good dhcpd.conf, you shouldn't have any issue no
matter what version of OBSD you're running.  Just make sure your kernel
has a correct number of vlan dev's, not sure what the default limit is
on a vanilla kernel, all ours are custom built. 


Regards,
Mike Lockhart
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Lockhart        [Systems Engineering & Operations]
StayOnline, Inc
http://www.stayonline.net/
mailto: [EMAIL PROTECTED]
GPG: 8714 6F73 3FC8 E0A4 0663  3AFF 9F5C 888D 0767 1550
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Michael Lockhart
Sent: Friday, December 08, 2006 3:05 PM
To: [email protected]
Subject: Re: OpenBSD - Vlans - CISCO

Here is a working configuration for one of our switches running OpenBSD
3.2 with 4 vlans on Cisco devices:

!
config-register 0xF
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ***_***
!
enable secret 5 **************************
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport access vlan 3
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 4
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 5
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 11
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 12
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 150
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 150
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 150
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 150
 spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 150
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 150
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport mode trunk
 switchport protected
 spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 150
!
interface FastEthernet0/21
switchport access vlan 150
!
interface FastEthernet0/22
switchport access vlan 150
!
interface FastEthernet0/23
switchport access vlan 150
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet0/24
switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface Vlan1
 ip address 10.***.***.*** 255.255.255.192
 no ip route-cache
!
ip default-gateway 10.***.***.***
ip http server
snmp-server community ******* RW
!
line con 0
line vty 0 4
 password *****
 login
line vty 5 15
 password *****
 login

Regards,
Mike Lockhart
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Lockhart        [Systems Engineering & Operations]
StayOnline, Inc
http://www.stayonline.net/
mailto: [EMAIL PROTECTED]
GPG: 8714 6F73 3FC8 E0A4 0663  3AFF 9F5C 888D 0767 1550
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of michel bidard
Sent: Friday, December 08, 2006 9:26 AM
To: [email protected]
Subject: OpenBSD - Vlans - CISCO

Hi,

I have connected my OpenBSD box to a CISCO switch model 2924.  I decided

to setup vlans and I did the configuration on the CISCO. There is one 
port where all the trafic goes on the CISCO switch. This is what I did 
on the firewall:

# ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0

# ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0

# ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0

# ...

All the configs on the CISCO device have been done. All the hosts on the

vlan 2 are able to ping each other and to surf. However, the remaining 
vlans aren't working. I have tried to ping the ip's of the vlans but 
that doesn't work. I've created an alias on the interface for a specific

vlan but that doesn't work either. I have the same rules in /etc/pf.conf

for all the vlans. Is there something I'm missing? The vlans have been 
done using 802.1q.

Thanks,


Mik

Re: OpenBSD - Vlans - CISCO

Reply via email to