[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bridging between vlans
- To: misc@openbsd.org
- Subject: Re: Bridging between vlans
- From: "Sebastian Schmitzdorff" <sebastian.schmitzdorff@ina-germany.de>
- Date: Wed, 1 Sep 2004 23:14:52 +0200 (CEST)
- References: <1093949263.3450.144.camel@mxpx> <1093965644.1887.53.camel@wolfpack.ljm.dom> <1133.62.109.102.40.1093976032.squirrel@intranet.ina-germany.de> <1093977056.1887.67.camel@wolfpack.ljm.dom> <1094024834.3441.181.camel@mxpx> <Pine.BSO.4.58.0409011133350.20559@zigzag.sentia.nl> <1094035784.3458.214.camel@mxpx> <Pine.BSO.4.58.0409011527250.20559@zigzag.sentia.nl>
- User-Agent: SquirrelMail/1.4.2
Now I followed the instructions from Andrew Eaton
http://www.benzedrine.cx/pf/msg02069.html.
Also I configured the two ports of the bridge/firewall as vlt ports
(virtual lan trunk). Also I removed the 3com 3c905 nic in favour of an
intel nic.
After facing that this setup still didnt have any effect I tried a solution
where I had to patch if_ethersubr.c and if_bridge.c. Patching, compiling
and installing the kernel went fine. Still it didnt make any difference.
So maybe I was right and bridging vlans doesnt work on the "3com
SuperStack II Desktop Switch"? Unfortunatly I dont have another free vlan
capable switch for debugging.
I will post my current configuration.
thx everyone so far for the useful tips/hints I have received
greets
Sebastian
# brconfig -a
bridge0: flags=41<UP,RUNNING>
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
Interfaces:
vlan1 flags=3<LEARNING,DISCOVER>
port 10 ifpriority 128 ifcost 55
vlan0 flags=3<LEARNING,DISCOVER>
port 8 ifpriority 128 ifcost 55
Addresses (max cache: 100, timeout: 240):
bridge1: flags=41<UP,RUNNING>
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
Interfaces:
vlan3 flags=3<LEARNING,DISCOVER>
port 11 ifpriority 128 ifcost 55
vlan2 flags=3<LEARNING,DISCOVER>
port 9 ifpriority 128 ifcost 55
Addresses (max cache: 100, timeout: 240):
#
# cat /etc/bridgename.bridge[01]
add vlan0
add vlan1
up
add vlan2
add vlan3
up
#
# cat /etc/hostname.fxp0
up
#
!ifconfig \$if media 10baseT mediaopt full-duplex
!ifconfig vlan0 vlan 2 vlandev \$if
!ifconfig vlan2 vlan 3 vlandev \$if
# cat /etc/hostname.fxp2
up
#
!ifconfig \$if media 10baseT mediaopt full-duplex
!ifconfig vlan1 vlan 2 vlandev \$if
!ifconfig vlan3 vlan 3 vlandev \$if
#
OpenBSD 3.5 (BRIDGE) #0: Wed Sep 1 22:10:52 CEST 2004
root@dmzbridge.ina-germany.de:/usr/src/sys/arch/i386/compile/BRIDGE
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 728 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 536453120 (523880K)
avail mem = 491315200 (479800K)
using 4278 buffers containing 26927104 bytes (26296K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/10/03, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfc320/208 (11 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0200
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x200 0xc8800/0x4000 0xcc800/0x1800
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
pci1 at pchb1 bus 2
fxp0 at pci1 dev 14 function 0 "Intel 82557" rev 0x05: irq 14, address
00:a0:c9:cc:89:53
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
ppb0 at pci0 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x01
pci2 at ppb0 bus 1
ahc1 at pci2 dev 6 function 0 "Adaptec AIC-7880" rev 0x02: irq 5
scsibus0 at ahc1: 8 targets
cd0 at scsibus0 targ 5 lun 0: <NEC, CD-ROM DRIVE:466, 1.06> SCSI2 5/cdrom
removable
aac0 at pci0 dev 2 function 1 "Dell PERC 2/Si" rev 0x01: irq 14
aac0: i960RX 100MHz, 64MB, no battery support (5) Kernel 2.8-0
scsibus1 at aac0: 64 targets
sd0 at scsibus1 targ 0 lun 0: <Adaptec, Container #00, > SCSI2 0/direct fixed
sd0: 17351MB, 2212 cyl, 255 head, 63 sec, 512 bytes/sec, 35535780 sec total
fxp1 at pci0 dev 4 function 0 "Intel 82557" rev 0x0c: irq 11, address
00:02:b3:c0:df:aa
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
fxp2 at pci0 dev 8 function 0 "Intel 82557" rev 0x08: irq 10, address
00:b0:d0:79:55:3f
inphy2 at fxp2 phy 1: i82555 10/100 media interface, rev. 4
vga1 at pci0 dev 14 function 0 "ATI Mach64 GY" rev 0x7a
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x50
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4060 netmask 4c60 ttymask 4ce2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: sd0 matched BIOS disk 80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
#
# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:a0:c9:cc:89:53
media: Ethernet 10baseT full-duplex
status: active
inet6 fe80::2a0:c9ff:fecc:8953%fxp0 prefixlen 64 scopeid 0x1
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:02:b3:c0:df:aa
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.32.198 netmask 0xffffff00 broadcast 192.168.32.255
inet6 fe80::202:b3ff:fec0:dfaa%fxp1 prefixlen 64 scopeid 0x2
fxp2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:b0:d0:79:55:3f
media: Ethernet 10baseT full-duplex
status: active
inet6 fe80::2b0:d0ff:fe79:553f%fxp2 prefixlen 64 scopeid 0x3
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
vlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:a0:c9:cc:89:53
vlan: 2 parent interface: fxp0
inet6 fe80::2a0:c9ff:fecc:8953%vlan0 prefixlen 64 scopeid 0x8
vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:a0:c9:cc:89:53
vlan: 3 parent interface: fxp0
inet6 fe80::2a0:c9ff:fecc:8953%vlan2 prefixlen 64 scopeid 0x9
vlan1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:b0:d0:79:55:3f
vlan: 2 parent interface: fxp2
inet6 fe80::2b0:d0ff:fe79:553f%vlan1 prefixlen 64 scopeid 0xa
vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:b0:d0:79:55:3f
vlan: 3 parent interface: fxp2
inet6 fe80::2b0:d0ff:fe79:553f%vlan3 prefixlen 64 scopeid 0xb
bridge0: flags=41<UP,RUNNING> mtu 1500
bridge1: flags=41<UP,RUNNING> mtu 1500
#
>
>
> On Wed, 1 Sep 2004, sebastian schmitzdorff wrote:
>> What exactly have you patched in if_ethersubr.c?
>
> I attached the patch on the previous mail. In if ethersubr.c the
> processing of vlan and bridge is reversed (vlan decap first, the bridge).
>
>> Could you also tell me what your bridge config looks like?
>> I am glad about every extra information I can get.
>
> Bridge looks like this:
> bridge0: flags=3141<UP,RUNNING,PROMISC,LINK0,LINK1>
> Configuration:
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> Interfaces:
> vlan114 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 45 ifpriority 128 ifcost 55
> vlan112 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 44 ifpriority 128 ifcost 55
> vlan110 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 43 ifpriority 128 ifcost 55
> vlan108 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 42 ifpriority 128 ifcost 55
> vlan107 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 41 ifpriority 128 ifcost 55
> em3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 4 ifpriority 128 ifcost 55
> em2 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 3 ifpriority 128 ifcost 55
> em1 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 2 ifpriority 128 ifcost 55
> vlan105 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 39 ifpriority 128 ifcost 55
> vlan104 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 38 ifpriority 128 ifcost 55
> vlan103 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 37 ifpriority 128 ifcost 55
> vlan102 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 36 ifpriority 128 ifcost 55
> vlan59 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 35 ifpriority 128 ifcost 55
> vlan56 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 34 ifpriority 128 ifcost 55
> vlan54 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 33 ifpriority 128 ifcost 55
> vlan53 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 32 ifpriority 128 ifcost 55
> vlan52 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 31 ifpriority 128 ifcost 55
> vlan24 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 30 ifpriority 128 ifcost 55
> vlan23 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 29 ifpriority 128 ifcost 55
> vlan22 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 28 ifpriority 128 ifcost 55
> vlan21 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 27 ifpriority 128 ifcost 55
> vlan20 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 26 ifpriority 128 ifcost 55
> vlan18 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 25 ifpriority 128 ifcost 55
> vlan17 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 24 ifpriority 128 ifcost 55
> vlan16 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 23 ifpriority 128 ifcost 55
> vlan15 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 22 ifpriority 128 ifcost 55
> vlan14 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 21 ifpriority 128 ifcost 55
> vlan13 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 20 ifpriority 128 ifcost 55
> vlan12 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 19 ifpriority 128 ifcost 55
> vlan11 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 18 ifpriority 128 ifcost 55
> vlan10 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 17 ifpriority 128 ifcost 55
> vlan9 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 16 ifpriority 128 ifcost 55
> vlan8 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 15 ifpriority 128 ifcost 55
> vlan7 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 14 ifpriority 128 ifcost 55
> vlan6 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 13 ifpriority 128 ifcost 55
> vlan5 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 12 ifpriority 128 ifcost 55
> vlan4 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 11 ifpriority 128 ifcost 55
> vlan3 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 10 ifpriority 128 ifcost 55
> vlan2 flags=7<LEARNING,DISCOVER,BLOCKNONIP>
> port 9 ifpriority 128 ifcost 55
> Addresses (max cache: 100, timeout: 3600):
> 00:0d:9d:7f:37:c0 vlan24 1 flags=0<>
> 00:0d:56:48:c9:05 vlan104 1 flags=0<>
> 00:0f:1f:67:07:8a vlan103 1 flags=0<>
> 00:0f:1f:69:36:9d vlan104 1 flags=0<>
> 00:0d:56:fd:8e:4e vlan8 1 flags=0<>
> <snip>
>
> Where em1 is connected to switch 1, em2 to switch 2 and em3 to switch 3.
>
> Vlans are configured like this:
> camield@fwh1:/home/camield $ more /etc/hostname.em2
> up
> ###
> !ifconfig vlan52 vlan 52 vlandev \$if
> !ifconfig vlan53 vlan 53 vlandev \$if
> !ifconfig vlan54 vlan 54 vlandev \$if
> !ifconfig vlan56 vlan 56 vlandev \$if
> !ifconfig vlan59 vlan 59 vlandev \$if
>
> On the switches (HP Procurve 2626) the links to the firewall are
> configured as "trunks" (802.1q encapsulation).
>
> This way, incoming frames are decapsulated, bridged, then encapsulated
> again (if destination interface is a vlan interface).
>
>
> --
> Cam