Inter-vlan routing problem

Mike Tancsa mike at sentex.net
Mon Aug 23 19:33:00 UTC 2010 

At 12:34 PM 8/23/2010, Xavier HUMBERT wrote:
>Mike Tancsa <mike at sentex.net> wrote:
>
> > I dont understand, why is 10.75.2.1 going out your default interface
> > ? It should look for packets on the same subnet that the vlan3 
> interface is on
>
>Errrr.... According to the interfaces status and the routing table, 
>this is the
>case, or do I misunderstand your question ?

The traceroute you showed was going out the default gateway. I guess 
that was a workstation on just one subnet.

Lets start with the obvious, you have
sysctl -a net.inet.ip.forwarding
set to one right ?




> > Can you do an
> > arp -na
> > and
> > netstat -Wnra
> >
>
>[root at gateway ~]# arp -na
>? (10.75.3.251) at 00:e0:81:2d:62:3e on vlan4 permanent [vlan]
>? (10.75.3.254) at 08:00:71:03:f1:0f on vlan4 expires in 1192 seconds [vlan]
>? (10.75.3.252) at 00:1a:a0:12:9a:a1 on vlan4 expires in 850 seconds [vlan]
>? (10.75.2.1) at 00:12:ef:42:3c:f3 on vlan3 expires in 848 seconds [vlan]
>? (10.75.2.5) at 00:1b:25:5f:58:5d on vlan3 expires in 432 seconds [vlan]

OK, you see MAC addresses from the other devices and they seem to be 
on the correct interfaces. you can ping them right ? They all have 
you as the default gateway ?

e.g. if you do

ping -S 102.168.0.251 192.168.0.254
ping -S 10.75.2.251 192.168.0.254

do both work ? Does 192.168.0.254 have 192.168.0.251 as the default gateway ?

         ---Mike


> > On the nortel switch, are you sure you have it on the equiv of a
> > "trunk" port? Is there a way to see what MAC addresses the switch
> > sees as part of what VLAN ?
>
>No, there is no "trunk" ports. The term trunk is used by Nortel for MLT. And,
>precisely, that what's "show mac-address-table" displays : the MLT table. The
>port I'm connected to is simply a port shared by all Vlans.

OK, but the port will tag all the packets leaving it with the correct 
vlan right ? Some switches offer a "hybrid" mode were the packets all 
exit the port untagged.  But based on your arp table, this does not 
seem to be the case which is good.

         ---Mike





--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike

More information about the freebsd-net mailing list