On my hardware, VLAN creation from within the vyatta shell seems to be flaky.
It always works if you do it from the command line first and then follow up in
the shell, but doesn't always work if you do it from the vyatta shell as
previously mentioned. I'm going to try it on another machine with just 2 NICs
instead of 4 when I get time.
Also, a bigger problem I've run into and have yet to work around is with DHCP
and VLANs. I'd read about the bug where you can't just have VLANS on an
interface, but also need a non-VLAN address so as not to confuse the shell
(hence the 192 address below). My VLANS and DHCP setup looks as follows:
#show interfaces ethernet eth1
address 192.168.10.1 {
prefix-length: 24
}
vif 25 {
address 172.31.25.1 {
prefix-length: 24
}
}
vif 26 {
address 172.31.26.1 {
prefix-length: 24
}
}
#show service dhcp-server
shared-network-name SNNETH1 {
subnet 192.168.10.0/24 {
}
subnet 172.31.25.0/24 {
start 172.31.25.10 {
stop: 172.31.25.254
}
dns-server 208.67.220.220
default-router: 172.31.25.1
}
subnet 172.31.26.0/24 {
start 172.31.26.10 {
stop: 172.31.26.254
}
dns-server 208.67.220.220
default-router: 172.31.26.1
}
}
The problem I sometimes see on clients is that the broadcast goes out properly,
but the DHCP server returns an address for the wrong subnet as follows:
Listening on LPF/eth0/5a:7f:34:8b:c9:be
Sending on LPF/eth0/5a:7f:34:8b:c9:be
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 172.31.25.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 172.31.25.1
bound to 172.31.26.254 -- renewal in 40083 seconds.
done.
The DHCP server listening on VLAN25 answers, but it returns an IP address that
is only valid for VLAN26. Anyone seen this before or know of a possible
solution?
----- "Stig Thormodsrud" <[EMAIL PROTECTED]> wrote:
> > 1. Is VIF support NIC specific? I have a test box, with one
> built-in
> > 100Mb/s forcedeth (NForce2) interface, and a couple of cheap
> Realtek
> 8169
> > PCI 1000Mb/s interfaces. All work fine without VIFs, but when I try
> to
> > add a VIF to the r8169 cards, the commit fails (and all subsequent
> commits
> > of any type until a reboot). Adding VIFs to the onboard Nforce NIC
> works
> > fine. Is there a list somewhere of what cards work with VIFs or is
> this
> > perhaps something else?
>
> Could you try the vif command from the linux shell instead to see if
> it
> gives you a error message on that nic. For example, try creating
> eth1.101
> with:
>
> vDUT-stig:~# vconfig add eth1 101
> Added VLAN with VID == 101 to IF -:eth1:-
> vDUT-stig:~# ifconfig eth1.101
> eth1.101 Link encap:Ethernet HWaddr 00:0C:29:EF:FC:25
> BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> > 2. Also, are there any plans for a web service interface as an
> > alternative to the CLI. The scenario would be wanting to control
> the
> > router(s) externally from another custom management app. For
> instance,
> > I'd like to be able to connect to the router via a secure channel
> from
> my
> > app, and create a new VIF and a few NAT and FW rules for it, etc. I
> can
> > see how this might be hacked by reverse engineering the inputs to
> xgcgi
> in
> > your existing web interface and feeding it with curl or something
> similar
> > over https, but a standard web services interface would be much
> nicer.
> > Does libxorp already have something like this?
>
> There is a web interface that can be enabled with "set service
> webgui".
> >
> > 3. After I get the VIFs working properly, I'm going to test the
> VRRP
> > stuff. One question that doesn't seem to be covered in the VRRP
> > documentation that I've been wondering about - do the configs auto
> update
> > between master and slave(s) or is the user responsible for manually
> > editing the configs on all machines in the group to keep things in
> sync?
>
> The standard vrrp feature as described by rfc2338 does not have any
> config
> sync'ing.
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
