Re: OpenBSD - Vlans - CISCO
michel bidard a icrit : Henning Brauer a icrit : * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-12-08 20:15]: you need on openbsd ifconfig vlan0 create ifconfig vlan0 vlan 2 vlandev rl0 up no. create is implicit. This is what I already did and tried for each port configured on the switch: 1- interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2-8 switchport mode trunk spanning-tree portfast no cdp enable 2- And then the ports for the vlans ... interface FastEthernet0/2 switchport access vlan 2 spanning-tree portfast no cdp enable I did the same for all the ports on the switch and then .. write memory. 3- This is what I have in my /etc/hostname.vlan0 10.0.0.1 255.255.255.0 vlan 2 vlandev rl0 And the same for all the vlans ... 4- Finally the config in /etc/pf.conf for natting ... nat on tun0 from 10.0.0.0/24 to any - tun0 And again the same for all the vlans ... So I'm using a Class C mask ... maybe I should change that ? Is there something I should add in /etc/pf.conf ? Thank you very much for your answers, Mik Ok ... here is the ifconfig -A ... # ifconfig -A lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ste0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:05:5d:07:9d:77 media: Ethernet autoselect (none) status: no carrier de0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:e8:0c:38:ea media: Ethernet autoselect (10baseT) status: active inet6 fe80::200:e8ff:fe0c:38ea%de0 prefixlen 64 scopeid 0x2 rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.253 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::248:54ff:fe80:d0ec%rl0 prefixlen 64 scopeid 0x3 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 pfsync0: flags=0 mtu 1460 enc0: flags=0 mtu 1536 vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 2 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 255.255.255.0 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 3 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9 inet 10.0.1.1 netmask 0xff00 broadcast 255.255.255.0 vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 4 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan2 prefixlen 64 scopeid 0xa inet 10.0.2.1 netmask 0xff00 broadcast 10.255.255.255 vlan3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 5 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan3 prefixlen 64 scopeid 0xb inet 10.0.3.1 netmask 0xff00 broadcast 10.255.255.255 vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 6 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan4 prefixlen 64 scopeid 0xc inet 10.0.4.1 netmask 0xff00 broadcast 10.255.255.255 vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 7 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan5 prefixlen 64 scopeid 0xd inet 10.0.5.1 netmask 0xff00 broadcast 10.255.255.255 tun0: flags=8011UP,POINTOPOINT,MULTICAST mtu 1492 groups: tun egress inet 65.94.2.93 -- 64.230.197.66 netmask 0x This is what I'm getting when I try to ping my own vlan from the firewall. As I said, the first vlan works but not the others: # pfctl -d pf disabled # ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1): 56 data bytes 64 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=1.016 ms 64 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=0.293 ms --- 10.0.0.1 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.293/0.654/1.016/0.362 ms # ping 10.0.1.1 PING 10.0.1.1 (10.0.1.1): 56 data bytes --- 10.0.1.1 ping statistics --- 6 packets transmitted, 0 packets received, 100.0% packet loss # pfctl -e pf enabled # ping 10.0.1.1 PING 10.0.1.1 (10.0.1.1): 56 data bytes ping: sendto: Host is down ping: wrote 10.0.1.1 64 chars, ret=-1 ping: sendto: Host is down ping: wrote 10.0.1.1 64 chars, ret=-1 --- 10.0.1.1 ping statistics ---
Re: OpenBSD - Vlans - CISCO
On 12/9/06, michel bidard [EMAIL PROTECTED] wrote: Ok ... here is the ifconfig -A ... # ifconfig -A [snip] vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 2 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 255.255.255.0 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 3 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9 inet 10.0.1.1 netmask 0xff00 broadcast 255.255.255.0 [...] Fix your subnet mask. 0xff00 puts all of your vlan interfaces on the same subnet. And it looks like your broadcast was set to what you wanted your netmask to be. DS
Re: OpenBSD - Vlans - CISCO
On 2006/12/09 08:47, michel bidard wrote: 3- This is what I have in my /etc/hostname.vlan0 10.0.0.1 255.255.255.0 vlan 2 vlandev rl0 two things: 1. you missed inet at the start of the line with the addresses 2. you should either list vlan 2 vlandev rl0 on a separate line, or include the broadcast address explicitly. Ok ... here is the ifconfig -A ... thanks, that makes things a lot easier.
Re: OpenBSD - Vlans - CISCO
Darren beat me to it... The hex value of 0xff00 = 255.0.0.0 in decimal. The hosts have a Class A subnet mask. I'm guessing that since you have a Class C broadcast address, you do not want to do this. Fix your mask on the vlan interfaces, then try again. On 12/9/06, Darren Spruell [EMAIL PROTECTED] wrote: On 12/9/06, michel bidard [EMAIL PROTECTED] wrote: Ok ... here is the ifconfig -A ... # ifconfig -A [snip] vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 2 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 255.255.255.0 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 3 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9 inet 10.0.1.1 netmask 0xff00 broadcast 255.255.255.0 [...] Fix your subnet mask. 0xff00 puts all of your vlan interfaces on the same subnet. And it looks like your broadcast was set to what you wanted your netmask to be. DS
Re: OpenBSD - Vlans - CISCO
Original message Date: Sat, 09 Dec 2006 08:47:42 -0500 From: michel bidard [EMAIL PROTECTED] Subject: Re: OpenBSD - Vlans - CISCO To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], misc@openbsd.org michel bidard a icrit : Henning Brauer a icrit : it was amusing to see henning's initial reply, which contained the solution, go totally ignored by the OP: so, let's see. vlan0 is in 10/8. vlan1 is in 10/8. vlan2 is in 10/8. vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. no surprise with overlapping address space. please pay closer attention, michel. vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 2 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 255.255.255.0 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 3 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9 inet 10.0.1.1 netmask 0xff00 broadcast 255.255.255.0 vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 4 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan2 prefixlen 64 scopeid 0xa inet 10.0.2.1 netmask 0xff00 broadcast 10.255.255.255 vlan3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 5 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan3 prefixlen 64 scopeid 0xb inet 10.0.3.1 netmask 0xff00 broadcast 10.255.255.255 vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 6 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan4 prefixlen 64 scopeid 0xc inet 10.0.4.1 netmask 0xff00 broadcast 10.255.255.255 vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 7 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan5 prefixlen 64 scopeid 0xd inet 10.0.5.1 netmask 0xff00 broadcast 10.255.255.255
Re: OpenBSD - Vlans - CISCO
Jacob Yocom-Piatt a icrit : Original message Date: Sat, 09 Dec 2006 08:47:42 -0500 From: michel bidard [EMAIL PROTECTED] Subject: Re: OpenBSD - Vlans - CISCO To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], misc@openbsd.org michel bidard a icrit : Henning Brauer a icrit : it was amusing to see henning's initial reply, which contained the solution, go totally ignored by the OP: so, let's see. vlan0 is in 10/8. vlan1 is in 10/8. vlan2 is in 10/8. vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. no surprise with overlapping address space. please pay closer attention, michel. vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 2 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 netmask 0xff00 broadcast 255.255.255.0 vlan1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 3 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan1 prefixlen 64 scopeid 0x9 inet 10.0.1.1 netmask 0xff00 broadcast 255.255.255.0 vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 4 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan2 prefixlen 64 scopeid 0xa inet 10.0.2.1 netmask 0xff00 broadcast 10.255.255.255 vlan3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 5 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan3 prefixlen 64 scopeid 0xb inet 10.0.3.1 netmask 0xff00 broadcast 10.255.255.255 vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 6 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan4 prefixlen 64 scopeid 0xc inet 10.0.4.1 netmask 0xff00 broadcast 10.255.255.255 vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:48:54:80:d0:ec vlan: 7 priority: 0 parent interface: rl0 groups: vlan inet6 fe80::248:54ff:fe80:d0ec%vlan5 prefixlen 64 scopeid 0xd inet 10.0.5.1 netmask 0xff00 broadcast 10.255.255.255 All right, thanks people ... it's working right now. You are right Jacob. Honestly, instead of looking at the output of ifconfig, I was looking at the file /etc/hostname. Sorry for that. Thanks again, Mik
OpenBSD - Vlans - CISCO
Hi, I have connected my OpenBSD box to a CISCO switch model 2924. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 # ... All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. I've created an alias on the interface for a specific vlan but that doesn't work either. I have the same rules in /etc/pf.conf for all the vlans. Is there something I'm missing? The vlans have been done using 802.1q. Thanks, Mik
Re: OpenBSD - Vlans - CISCO
# ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 ^ cisco switch port is set as trunk?
Re: OpenBSD - Vlans - CISCO
* michel b?dard [EMAIL PROTECTED] [2006-12-08 17:48]: Hi, I have connected my OpenBSD box to a CISCO switch model 2924. my condolences. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 so, let's see. vlan0 is in 10/8. vlan1 is in 10/8. vlan2 is in 10/8. vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. no surprise with overlapping address space. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBSD - Vlans - CISCO
On 12/8/06, michel bidard [EMAIL PROTECTED] wrote: All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. things to check that haven't been mentioned: -set switch vtp mode to transparent -set your native (non-tagged vlan) right on dot1q link on the switch -set allowed vlans correctly on the dot1q link on the switch post your results when you figure it out.
Re: OpenBSD - Vlans - CISCO
you need on openbsd ifconfig vlan0 create ifconfig vlan0 vlan 2 vlandev rl0 up Thomas On Friday 08 December 2006 15:25, you wrote: Hi, I have connected my OpenBSD box to a CISCO switch model 2924. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 # ... All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. I've created an alias on the interface for a specific vlan but that doesn't work either. I have the same rules in /etc/pf.conf for all the vlans. Is there something I'm missing? The vlans have been done using 802.1q. Thanks, Mik
Re: OpenBSD - Vlans - CISCO
On Fri, 2006-12-08 at 09:25 -0500, michel bC)dard wrote: Hi, I have connected my OpenBSD box to a CISCO switch model 2924. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 # ... All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. I've created an alias on the interface for a specific vlan but that doesn't work either. I have the same rules in /etc/pf.conf for all the vlans. Is there something I'm missing? The vlans have been done using 802.1q. Turn off spanning tree on the other VLANs: no spanning-tree vlan 3 no spanning-tree vlan 4 etc. Jeff [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenBSD - Vlans - CISCO
Here is a working configuration for one of our switches running OpenBSD 3.2 with 4 vlans on Cisco devices: ! config-register 0xF version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ***_*** ! enable secret 5 ** ! ip subnet-zero ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface FastEthernet0/1 switchport access vlan 3 switchport protected spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 4 switchport protected spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 5 switchport protected spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 11 switchport protected spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 12 switchport protected spanning-tree portfast ! interface FastEthernet0/6 switchport protected spanning-tree portfast ! interface FastEthernet0/7 switchport protected spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/9 switchport protected spanning-tree portfast ! interface FastEthernet0/10 switchport protected spanning-tree portfast ! interface FastEthernet0/11 switchport protected spanning-tree portfast ! interface FastEthernet0/12 switchport protected spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/14 switchport protected spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 150 spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 150 spanning-tree portfast ! interface FastEthernet0/19 switchport mode trunk switchport protected spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 150 ! interface FastEthernet0/21 switchport access vlan 150 ! interface FastEthernet0/22 switchport access vlan 150 ! interface FastEthernet0/23 switchport access vlan 150 speed 100 duplex full spanning-tree portfast ! interface FastEthernet0/24 switchport mode trunk speed 100 duplex full spanning-tree portfast ! interface Vlan1 ip address 10.***.***.*** 255.255.255.192 no ip route-cache ! ip default-gateway 10.***.***.*** ip http server snmp-server community *** RW ! line con 0 line vty 0 4 password * login line vty 5 15 password * login Regards, Mike Lockhart =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Lockhart[Systems Engineering Operations] StayOnline, Inc http://www.stayonline.net/ mailto: [EMAIL PROTECTED] GPG: 8714 6F73 3FC8 E0A4 0663 3AFF 9F5C 888D 0767 1550 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of michel bidard Sent: Friday, December 08, 2006 9:26 AM To: misc@openbsd.org Subject: OpenBSD - Vlans - CISCO Hi, I have connected my OpenBSD box to a CISCO switch model 2924. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 # ... All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. I've created an alias on the interface for a specific vlan but that doesn't work either. I have the same rules in /etc/pf.conf for all the vlans. Is there something I'm missing? The vlans have been done using 802.1q. Thanks, Mik
Re: OpenBSD - Vlans - CISCO
Also, here's the ifconfig output. And I didn't mean a switch running
OpenBSD, we have a gateway system running 3.2 connected to a cisco
switch ;)
vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:02:a5:13:8f:3b
vlan: 12 parent interface: fxp1
inet 172.16.4.1 netmask 0xfe00 broadcast 172.16.5.255
vlan3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:02:a5:13:8f:3b
vlan: 3 parent interface: fxp1
inet 172.16.6.1 netmask 0xfe00 broadcast 172.16.7.255
vlan4: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:02:a5:13:8f:3b
vlan: 4 parent interface: fxp1
inet 172.16.8.1 netmask 0xfe00 broadcast 172.16.9.255
vlan5: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:02:a5:13:8f:3b
vlan: 5 parent interface: fxp1
inet 172.16.10.1 netmask 0xfe00 broadcast 172.16.11.255
vlan6: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:02:a5:13:8f:3b
vlan: 11 parent interface: fxp1
inet 172.16.12.1 netmask 0xfe00 broadcast 172.16.13.255
our dhcpd.conf is like this:
-- snip --
shared-network vlan2 {
option domain-name ***.net;
option domain-name-servers 172.16.4.1;
subnet 172.16.4.0 netmask 255.255.254.0 {
option routers 172.16.4.1;
range 172.16.4.15 172.16.5.254;
}
}
shared-network vlan3 {
option domain-name ***.net;
option domain-name-servers 172.16.6.1;
subnet 172.16.6.0 netmask 255.255.254.0 {
option routers 172.16.6.1;
range 172.16.6.15 172.16.7.254;
}
}
shared-network vlan4 {
option domain-name ***.net;
option domain-name-servers 172.16.8.1;
subnet 172.16.8.0 netmask 255.255.254.0 {
option routers 172.16.8.1;
range 172.16.8.15 172.16.9.254;
}
}
shared-network vlan5 {
option domain-name ***.net;
option domain-name-servers 172.16.10.1;
subnet 172.16.10.0 netmask 255.255.254.0 {
option routers 172.16.10.1;
range 172.16.10.15 172.16.11.254;
}
}
shared-network vlan6 {
option domain-name ***.net;
option domain-name-servers 172.16.12.1;
subnet 172.16.12.0 netmask 255.255.254.0 {
option routers 172.16.12.1;
range 172.16.12.15 172.16.13.254;
}
}
-- snip --
So you can see that with the switch config, the proper vlan setup on the
interfaces, and a good dhcpd.conf, you shouldn't have any issue no
matter what version of OBSD you're running. Just make sure your kernel
has a correct number of vlan dev's, not sure what the default limit is
on a vanilla kernel, all ours are custom built.
Regards,
Mike Lockhart
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Lockhart[Systems Engineering Operations]
StayOnline, Inc
http://www.stayonline.net/
mailto: [EMAIL PROTECTED]
GPG: 8714 6F73 3FC8 E0A4 0663 3AFF 9F5C 888D 0767 1550
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Michael Lockhart
Sent: Friday, December 08, 2006 3:05 PM
To: misc@openbsd.org
Subject: Re: OpenBSD - Vlans - CISCO
Here is a working configuration for one of our switches running OpenBSD
3.2 with 4 vlans on Cisco devices:
!
config-register 0xF
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ***_***
!
enable secret 5 **
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 3
switchport protected
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 4
switchport protected
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 5
switchport protected
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 11
switchport protected
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 12
switchport protected
spanning-tree portfast
!
interface FastEthernet0/6
switchport protected
spanning-tree portfast
!
interface FastEthernet0/7
switchport protected
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 150
switchport protected
spanning-tree portfast
!
interface FastEthernet0/9
switchport protected
spanning-tree portfast
!
interface FastEthernet0/10
switchport protected
spanning-tree portfast
!
interface FastEthernet0/11
switchport protected
spanning-tree portfast
!
interface FastEthernet0/12
switchport protected
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 150
switchport protected
spanning-tree
Re: OpenBSD - Vlans - CISCO
Henning Brauer a icrit : * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-12-08 20:15]: you need on openbsd ifconfig vlan0 create ifconfig vlan0 vlan 2 vlandev rl0 up no. create is implicit. This is what I already did and tried for each port configured on the switch: 1- interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2-8 switchport mode trunk spanning-tree portfast no cdp enable 2- And then the ports for the vlans ... interface FastEthernet0/2 switchport access vlan 2 spanning-tree portfast no cdp enable I did the same for all the ports on the switch and then .. write memory. 3- This is what I have in my /etc/hostname.vlan0 10.0.0.1 255.255.255.0 vlan 2 vlandev rl0 And the same for all the vlans ... 4- Finally the config in /etc/pf.conf for natting ... nat on tun0 from 10.0.0.0/24 to any - tun0 And again the same for all the vlans ... So I'm using a Class C mask ... maybe I should change that ? Is there something I should add in /etc/pf.conf ? Thank you very much for your answers, Mik
