Inter-vlan routing problem
Xavier HUMBERT
xavier.humbert at groumpf.org
Fri Aug 20 16:11:23 UTC 2010
Hi all,
I've got some trouble routing vlans through FreeBSD 8.1-RELEASE.
The core backbone of our network is a Nortel 5520-48T-PWR stack, configured
L2/L3, with 470-24T-PWR stacks in each building (5 including core), fiber
connected.
Since the company who built our network is unable to make the L3 routing work,
I installed a FreeBSD box, with vlans interfaces. First, the L2/L3 config of
the core switch :
------------------------------------------------------------------------
!
! *** VLAN ***
!
vlan configcontrol flexible
no auto-pvid
vlan name 1 "VLAN #1"
vlan create 10 name "Multimedia" type port
vlan create 20 name "Arcade" type port
vlan create 30 name "Chateau" type port
vlan create 100 name "VoIP" type port
!
! *** L3 ***
!
no ip directed-broadcast enable
ip routing
interface vlan 1
ip dhcp-relay min-sec 0 mode bootp_dhcp
no ip dhcp-relay broadcast
ip dhcp-relay
exit
interface vlan 10
ip address 172.16.214.252 255.255.255.0 10
ip dhcp-relay min-sec 0 mode bootp_dhcp
no ip dhcp-relay broadcast
ip dhcp-relay
exit
interface vlan 20
ip address 192.168.0.5 255.255.255.0 20
ip dhcp-relay min-sec 0 mode bootp_dhcp
no ip dhcp-relay broadcast
ip dhcp-relay
exit
interface vlan 30
ip address 10.75.2.5 255.255.255.0 30
ip dhcp-relay min-sec 0 mode bootp_dhcp
no ip dhcp-relay broadcast
ip dhcp-relay
exit
interface vlan 100
ip address 10.75.3.5 255.255.255.0 100
ip dhcp-relay min-sec 0 mode bootp_dhcp
no ip dhcp-relay broadcast
ip dhcp-relay
exit
ip arp timeout 360
ip dhcp-relay
ip blocking-mode none
------------------------------------------------------------------------
Now, the config of my box, and the routing table. Obviously, I connected the
bge0 interface to a port on which all vlans are present (there is no such
concept as "trunk" on Nortel, in fact this term is used for MLT)
------------------------------------------------------------------------
gateway_enable="YES"
default_router="10.75.2.1"
cloned_interfaces="vlan0 vlan1 vlan2 vlan3 vlan4"
ifconfig_bge0="up"
ifconfig_vlan0="inet 192.168.1.251 netmask 255.255.255.0 vlan 1 vlandev bge0"
ifconfig_vlan1="inet 172.16.214.251 netmask 255.255.255.0 vlan 10 vlandev bge0"
ifconfig_vlan2="inet 192.168.0.251 netmask 255.255.255.0 vlan 20 vlandev bge0"
ifconfig_vlan3="inet 10.75.2.251 netmask 255.255.255.0 vlan 30 vlandev bge0"
ifconfig_vlan4="inet 10.75.3.251 netmask 255.255.255.0 vlan 100 vlandev bge0"
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
ether 00:e0:81:2d:62:3e
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Admin
options=3<RXCSUM,TXCSUM>
ether 00:e0:81:2d:62:3e
inet 192.168.1.251 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 1 parent interface: bge0
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Multimedia
options=3<RXCSUM,TXCSUM>
ether 00:e0:81:2d:62:3e
inet 172.16.214.251 netmask 0xffffff00 broadcast 172.16.214.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 10 parent interface: bge0
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Arcades
options=3<RXCSUM,TXCSUM>
ether 00:e0:81:2d:62:3e
inet 192.168.0.251 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 20 parent interface: bge0
vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Chateau
options=3<RXCSUM,TXCSUM>
ether 00:e0:81:2d:62:3e
inet 10.75.2.251 netmask 0xffffff00 broadcast 10.75.2.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 30 parent interface: bge0
vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: VoIP
options=3<RXCSUM,TXCSUM>
ether 00:e0:81:2d:62:3e
inet 10.75.3.251 netmask 0xffffff00 broadcast 10.75.3.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 100 parent interface: bge0
Destination Gateway Flags Refs Use Netif Expire
default 10.75.2.1 UGS 0 13742 vlan3
192.168.1.0/24 link#9 U 5 234765 vlan0
172.16.214.0/24 link#10 U 4 395054 vlan1
192.168.0.0/24 link#11 U 1 4659 vlan2
10.75.2.0/24 link#12 U 0 3361 vlan3
10.75.3.0/24 link#13 U 0 2716 vlan4
------------------------------------------------------------------------
The problem is that, from the gateway itself, I can "see" all devices on all
vlans (nmap proves this). But from my station (which is on the vlan #10), I can
access on my own vlan, and the default vlan #1. A ping or traceroute to another
machine - I tried the defaul_router, which as you can see is on vlan #30 -
fails miserably. Tcpdump is not very helpful :
------------------------------------------------------------------------
[xavier at imac-xav ~]$ traceroute 10.75.2.1
traceroute to 10.75.2.1 (10.75.2.1), 64 hops max, 52 byte packets
1 gateway (172.16.214.251) 0.697 ms 0.227 ms 0.245 ms
2 * * *
3 *^C
[root at gateway ~]# tcpdump -vv -i vlan3 host 172.16.214.102
tcpdump: listening on vlan3, link-type EN10MB (Ethernet), capture size 96 bytes
10:30:41.140953 IP (tos 0x0, ttl 1, id 50332, offset 0, flags [none], proto UDP
(17), length 52, bad cksum 0 (->665a)!)
172.16.214.102.50328 > 10.75.2.1.33438: [udp sum ok] UDP, length 24
10:30:46.141358 IP (tos 0x0, ttl 1, id 50333, offset 0, flags [none], proto UDP
(17), length 52, bad cksum 0 (->6659)!)
172.16.214.102.50328 > 10.75.2.1.33439: [udp sum ok] UDP, length 24
------------------------------------------------------------------------
Is the bad cksum relevant ?
Thanks for your patience reading this, and for your hoped helpful advices.
Regards,
--
XAv
In your pomp and all your glory you're a poorer man than me,
as you lick the boots of death born out of fear.
(Jethro Tull)
More information about the freebsd-net
mailing list