vlan/bridging broken in 4.8-release?

Maxim Konovalov maxim at macomnet.ru
Thu May 15 00:48:07 PDT 2003 

Hi,

On 20:48+0200, May 14, 2003, Marco Wertejuk wrote:

> Hello,
>
> I'm trying to get bridging working on vlans, and it seems as
> if packet destined for the other side of the bridge
> don't get forwarded from the vlan-if to the phys-if and
> vice versa.
>
> An example: there are two hosts (foo[10.1.2.1/24],
> bar[10.1.2.2/24]) and the bridge doh. All 4.8-RELEASE.
>
> foo is crosslinked to doh's fxp1, bar is on a hp procurve
> switch in vlan 11. doh uses fxp0 to the switch and has
> vlans enabled, see ifconfig on doh:
>
> fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         ether 00:d0:b7:9a:1a:0e
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         ether 00:d0:b7:9a:1a:0f
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         ether 00:d0:b7:9a:1a:0e
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 11 parent interface: fxp0
>
> Bridging is enabled between vlan0 and fxp1.
>
> Now, when bar tries to ping foo (traffic goes
> from vlan0 to fxp1) this happens on doh:
> (tcpdump -tni fxp0):
> 802.1Q vlan#11 P0 arp who-has 10.1.2.1 tell 10.1.2.2
> 802.1Q vlan#11 P0 arp reply 10.1.2.1 is-at 0:d0:b7:b:1e:92
> 802.1Q vlan#11 P0 10.1.2.2 > 10.1.2.1: icmp: echo request
> (tcpdump -tni vlan0):
> arp who-has 10.1.2.1 tell 10.1.2.2
> arp reply 10.1.2.1 is-at 0:d0:b7:b:1e:92
>
> The icmp echo request is not passed to the vlan-if
> because it's not to a broadcast packet and so it is
> not bridged.
>
> Is there a trick to get this working or do you need
> more debug info?

I am trying to solve some bugs in bridging code in -current.  I
believe we have the same bugs in -stable as well.  First of all, do
not use bridge.ko, use 'options BRIDGE' in your kernel config file
instead.  Second, try to play with net.inet.ip.check_interface sysctl.

HTH

-- 
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org

More information about the freebsd-hackers mailing list