|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Bridging between vlans
From: Marco Matarazzo (marmata
libero.it)
Date: Thu Sep 02 2004 - 02:36:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Sebastian,
> Now I followed the instructions from Andrew Eaton
> http://www.benzedrine.cx/pf/msg02069.html.
> Also I configured the two ports of the bridge/firewall as vlt ports
> (virtual lan trunk).
This is the problem... that 3Com switch doesn't support 802.1q for VLANs,
but only the 3Com proprietary method called VLT. You can use VLT only on
other 3Com switches (it's like Cisco with their ISL protocol).
This doesn't affect only bridge, but also a simple routing firewall. The
switch simply won't pass the vlan information in a format that OpenBSD (or
any other operating system, from what I know) understand. I think you relly
have to change switch! ;)
Cheers,
]\/[arco
Also I removed the 3com 3c905 nic in favour of an
> intel nic.
> After facing that this setup still didnt have any effect I tried a
solution
> where I had to patch if_ethersubr.c and if_bridge.c. Patching, compiling
> and installing the kernel went fine. Still it didnt make any difference.
>
> So maybe I was right and bridging vlans doesnt work on the "3com
> SuperStack II Desktop Switch"? Unfortunatly I dont have another free vlan
> capable switch for debugging.
>
> I will post my current configuration.
>
> thx everyone so far for the useful tips/hints I have received
>
> greets
>
> Sebastian
>
> # brconfig -a
> bridge0: flags=41<UP,RUNNING>
> Configuration:
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> Interfaces:
> vlan1 flags=3<LEARNING,DISCOVER>
> port 10 ifpriority 128 ifcost 55
> vlan0 flags=3<LEARNING,DISCOVER>
> port 8 ifpriority 128 ifcost 55
> Addresses (max cache: 100, timeout: 240):
> bridge1: flags=41<UP,RUNNING>
> Configuration:
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> Interfaces:
> vlan3 flags=3<LEARNING,DISCOVER>
> port 11 ifpriority 128 ifcost 55
> vlan2 flags=3<LEARNING,DISCOVER>
> port 9 ifpriority 128 ifcost 55
> Addresses (max cache: 100, timeout: 240):
> #
>
> # cat /etc/bridgename.bridge[01]
> add vlan0
> add vlan1
> up
> add vlan2
> add vlan3
> up
> #
>
> # cat /etc/hostname.fxp0
> up
> #
> !ifconfig \$if media 10baseT mediaopt full-duplex
> !ifconfig vlan0 vlan 2 vlandev \$if
> !ifconfig vlan2 vlan 3 vlandev \$if
> # cat /etc/hostname.fxp2
> up
> #
> !ifconfig \$if media 10baseT mediaopt full-duplex
> !ifconfig vlan1 vlan 2 vlandev \$if
> !ifconfig vlan3 vlan 3 vlandev \$if
> #
>
> OpenBSD 3.5 (BRIDGE) #0: Wed Sep 1 22:10:52 CEST 2004
> rootdmzbridge.ina-germany.de:/usr/src/sys/arch/i386/compile/BRIDGE
> cpu0: Intel Pentium III ("GenuineIntel" 686-class) 728 MHz
> cpu0:
>
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,
FXSR,SSE
> real mem = 536453120 (523880K)
> avail mem = 491315200 (479800K)
> using 4278 buffers containing 26927104 bytes (26296K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 02/10/03, BIOS32 rev. 0
0xffe90
> pcibios0 at bios0: rev. 2.1 0xf0000/0x10000
> pcibios0: PCI IRQ Routing Table rev. 1.0 0xfc320/208 (11 entries)
> pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0200
> pcibios0: Warning, unable to fix up PCI interrupt routing
> pcibios0: PCI bus #1 is the last bus
> bios0: ROM list: 0xc0000/0x8000 0xc8000/0x200 0xc8800/0x4000
0xcc800/0x1800
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
> pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
> pci1 at pchb1 bus 2
> fxp0 at pci1 dev 14 function 0 "Intel 82557" rev 0x05: irq 14, address
> 00:a0:c9:cc:89:53
> inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
> ppb0 at pci0 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x01
> pci2 at ppb0 bus 1
> ahc1 at pci2 dev 6 function 0 "Adaptec AIC-7880" rev 0x02: irq 5
> scsibus0 at ahc1: 8 targets
> cd0 at scsibus0 targ 5 lun 0: <NEC, CD-ROM DRIVE:466, 1.06> SCSI2 5/cdrom
> removable
> aac0 at pci0 dev 2 function 1 "Dell PERC 2/Si" rev 0x01: irq 14
> aac0: i960RX 100MHz, 64MB, no battery support (5) Kernel 2.8-0
> scsibus1 at aac0: 64 targets
> sd0 at scsibus1 targ 0 lun 0: <Adaptec, Container #00, > SCSI2 0/direct
fixed
> sd0: 17351MB, 2212 cyl, 255 head, 63 sec, 512 bytes/sec, 35535780 sec
total
> fxp1 at pci0 dev 4 function 0 "Intel 82557" rev 0x0c: irq 11, address
> 00:02:b3:c0:df:aa
> inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
> fxp2 at pci0 dev 8 function 0 "Intel 82557" rev 0x08: irq 10, address
> 00:b0:d0:79:55:3f
> inphy2 at fxp2 phy 1: i82555 10/100 media interface, rev. 4
> vga1 at pci0 dev 14 function 0 "ATI Mach64 GY" rev 0x7a
> wsdisplay0 at vga1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: <PC speaker>
> sysbeep0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask 4060 netmask 4c60 ttymask 4ce2
> pctr: 686-class user-level performance counters enabled
> mtrr: Pentium Pro MTRR support
> dkcsum: sd0 matched BIOS disk 80
> root on sd0a
> rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
> #
>
> # ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
> fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:a0:c9:cc:89:53
> media: Ethernet 10baseT full-duplex
> status: active
> inet6 fe80::2a0:c9ff:fecc:8953%fxp0 prefixlen 64 scopeid 0x1
> fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> address: 00:02:b3:c0:df:aa
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 192.168.32.198 netmask 0xffffff00 broadcast 192.168.32.255
> inet6 fe80::202:b3ff:fec0:dfaa%fxp1 prefixlen 64 scopeid 0x2
> fxp2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:b0:d0:79:55:3f
> media: Ethernet 10baseT full-duplex
> status: active
> inet6 fe80::2b0:d0ff:fe79:553f%fxp2 prefixlen 64 scopeid 0x3
> pflog0: flags=0<> mtu 33224
> pfsync0: flags=0<> mtu 2020
> enc0: flags=0<> mtu 1536
> vlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:a0:c9:cc:89:53
> vlan: 2 parent interface: fxp0
> inet6 fe80::2a0:c9ff:fecc:8953%vlan0 prefixlen 64 scopeid 0x8
> vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:a0:c9:cc:89:53
> vlan: 3 parent interface: fxp0
> inet6 fe80::2a0:c9ff:fecc:8953%vlan2 prefixlen 64 scopeid 0x9
> vlan1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:b0:d0:79:55:3f
> vlan: 2 parent interface: fxp2
> inet6 fe80::2b0:d0ff:fe79:553f%vlan1 prefixlen 64 scopeid 0xa
> vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> address: 00:b0:d0:79:55:3f
> vlan: 3 parent interface: fxp2
> inet6 fe80::2b0:d0ff:fe79:553f%vlan3 prefixlen 64 scopeid 0xb
> bridge0: flags=41<UP,RUNNING> mtu 1500
> bridge1: flags=41<UP,RUNNING> mtu 1500
> #
>
> >
> >
> > On Wed, 1 Sep 2004, sebastian schmitzdorff wrote:
> >> What exactly have you patched in if_ethersubr.c?
> >
> > I attached the patch on the previous mail. In if ethersubr.c the
> > processing of vlan and bridge is reversed (vlan decap first, the
bridge).
> >
> >> Could you also tell me what your bridge config looks like?
> >> I am glad about every extra information I can get.
> >
> > Bridge looks like this:
> > bridge0: flags=3141<UP,RUNNING,PROMISC,LINK0,LINK1>
> > Configuration:
> > priority 32768 hellotime 2 fwddelay 15 maxage 20
> > Interfaces:
> > vlan114 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 45 ifpriority 128 ifcost 55
> > vlan112 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 44 ifpriority 128 ifcost 55
> > vlan110 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 43 ifpriority 128 ifcost 55
> > vlan108 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 42 ifpriority 128 ifcost 55
> > vlan107 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 41 ifpriority 128 ifcost 55
> > em3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 4 ifpriority 128 ifcost 55
> > em2 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 3 ifpriority 128 ifcost 55
> > em1 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 2 ifpriority 128 ifcost 55
> > vlan105 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 39 ifpriority 128 ifcost 55
> > vlan104 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 38 ifpriority 128 ifcost 55
> > vlan103 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 37 ifpriority 128 ifcost 55
> > vlan102 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 36 ifpriority 128 ifcost 55
> > vlan59 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 35 ifpriority 128 ifcost 55
> > vlan56 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 34 ifpriority 128 ifcost 55
> > vlan54 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 33 ifpriority 128 ifcost 55
> > vlan53 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 32 ifpriority 128 ifcost 55
> > vlan52 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 31 ifpriority 128 ifcost 55
> > vlan24 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 30 ifpriority 128 ifcost 55
> > vlan23 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 29 ifpriority 128 ifcost 55
> > vlan22 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 28 ifpriority 128 ifcost 55
> > vlan21 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 27 ifpriority 128 ifcost 55
> > vlan20 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 26 ifpriority 128 ifcost 55
> > vlan18 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 25 ifpriority 128 ifcost 55
> > vlan17 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 24 ifpriority 128 ifcost 55
> > vlan16 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 23 ifpriority 128 ifcost 55
> > vlan15 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 22 ifpriority 128 ifcost 55
> > vlan14 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 21 ifpriority 128 ifcost 55
> > vlan13 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 20 ifpriority 128 ifcost 55
> > vlan12 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 19 ifpriority 128 ifcost 55
> > vlan11 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 18 ifpriority 128 ifcost 55
> > vlan10 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 17 ifpriority 128 ifcost 55
> > vlan9 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 16 ifpriority 128 ifcost 55
> > vlan8 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 15 ifpriority 128 ifcost 55
> > vlan7 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 14 ifpriority 128 ifcost 55
> > vlan6 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 13 ifpriority 128 ifcost 55
> > vlan5 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 12 ifpriority 128 ifcost 55
> > vlan4 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 11 ifpriority 128 ifcost 55
> > vlan3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 10 ifpriority 128 ifcost 55
> > vlan2 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> > port 9 ifpriority 128 ifcost 55
> > Addresses (max cache: 100, timeout: 3600):
> > 00:0d:9d:7f:37:c0 vlan24 1 flags=0<>
> > 00:0d:56:48:c9:05 vlan104 1 flags=0<>
> > 00:0f:1f:67:07:8a vlan103 1 flags=0<>
> > 00:0f:1f:69:36:9d vlan104 1 flags=0<>
> > 00:0d:56:fd:8e:4e vlan8 1 flags=0<>
> > <snip>
> >
> > Where em1 is connected to switch 1, em2 to switch 2 and em3 to switch 3.
> >
> > Vlans are configured like this:
> > camieldfwh1:/home/camield $ more /etc/hostname.em2
> > up
> > ###
> > !ifconfig vlan52 vlan 52 vlandev \$if
> > !ifconfig vlan53 vlan 53 vlandev \$if
> > !ifconfig vlan54 vlan 54 vlandev \$if
> > !ifconfig vlan56 vlan 56 vlandev \$if
> > !ifconfig vlan59 vlan 59 vlandev \$if
> >
> > On the switches (HP Procurve 2626) the links to the firewall are
> > configured as "trunks" (802.1q encapsulation).
> >
> > This way, incoming frames are decapsulated, bridged, then encapsulated
> > again (if destination interface is a vlan interface).
> >
> >
> > --
> > Cam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]