Re: revenge of stupid vlan questions

Wed, 09 May 2007 14:14:54 -0700 

Clint Pachl wrote:

Jon wrote:

Greetings everybody,

So I've set up what I thought should be a proper vlan configuration
however something is clearly still not correct.  Traffic passes fine
to the vlan devices from the external side of the router (I can ping
them) however traffic does not seem to pass bewteen the vlan devices
and their parent device - I cannot ping stuff connected to the vlans
on the switch.
Is the switch VLAN-aware? Are the end-nodes in each VLAN VLAN- and tag-aware? 

The switch is vlan aware and the hosts connected to it are plugged
into ports which are assigned to vlans configured on the switch with
the same numbers that I am putting in the /etc/hostname.vlan* vlan
option fields.  I'm not sure what you mean by end-nodes being vlan
and tag-aware though.  Have I made an incorrect assumption that this
vlan thing is something that happens transparently to the individual
hosts in the cluster (excluding the switch and the firewall)?




  Using tcpdump on the vlan parent device DOES show
all kinds of arp requests and such noise marked as 802.1Q coming
from the hosts on the various vlans (mostly unanswered arp requests
for the vlan device which is their gateway) and using tcpdump on the
various vlan devices on the router shows only unanswered arp requests
for the various other hosts.

* I've uncommented net.inet.ip.forwarding=1 in /etc/sysctl.conf
* packetfilter is off
* hostname.em0: inet 172.18.1.2 255.255.255.0 NONE (external side of the router, local to my desktop lan - pings go through this to the vlan devices and return just fine) * hostname.em1: up mtu 1518 (the mtu 1518 part is just cause a man page seemed to be suggesting I should set it to this)
The 802.1Q protocol will increase the frame by 4 bytes, but if your destination cannot interpret the VLAN protocol ID, the packet will be dropped. 

So in this case that isn't just the switch and the firewall?  I'm
confused.  :(   I thought the wrapping and unwrapping of the network
packets in the vlan protocol packets was handled solely by the switch
and firewall.  You're telling me this is not the case?
* hostname.vlan0: inet 172.17.1.1 255.255.255.0 172.17.1.255 vlan 1 vlandev em1 * hostname.vlan1: inet 172.17.2.1 255.255.255.0 172.17.2.255 vlan 2 vlandev em1 * hostname.vlan2: inet 172.17.3.1 255.255.255.0 172.17.3.255 vlan 3 vlandev em1 * hostname.vlan3: inet 172.17.4.1 255.255.255.0 172.17.4.255 vlan 4 vlandev em1

Reply via email to