[YLUG] Linux & vlans (possibly also routing) (long...)
Craig Genner
craig at gennerfam.freeserve.co.uk
Thu May 4 16:02:16 BST 2006
Hello folks,
Quiet mailing list of late, people must be outside enjoying the nice
weather Not me, I'm inside fighting linux and vlans and not getting very
far.
The setup is a 3com switch with three computers connected to it. I've set
up 2 vlans with a 192.168.1.x and 172.16.0.x ip addressing scheme in each
vlan.
The first computer has 3 network cards - 192.168.1.2 and 172.16.0.2
(ignore the 3rd, it's external facing). Each port this computer is
connected to is configured as a native vlan (ie no tagging etc on that
port).
The second computer has only the one network card - 192.168.1.3. Again
native vlan on the switch port
The third computer also has only one network card, but the port on the
switch is added to each of the vlans as tagged vlans (ie not native
vlans).
The first computer is the router and does the job quite nicely. For
example if I were to add a fourth pc and put it in the 172.16.0.x vlan the
second pc can ping it and visit a site running on that computer from the
second computer with no problems. So no problems with the router.
On the 3rd computer setting up the one vlan interface on either vlan
works. I can ping and visit a web site running on that machine. Setting
up 2 vlan interfaces (eth0.1 and eth0.2) and putting each one on different
vlans (with ips as correct for the vlan) and things start to fall apart.
I can ping from the 2nd computer to the ip on the same vlan and get a
response, but I can't ping to the other vlan's ip address.
If I ping from the router I get the response from both ip's.
This is what it looks like so far:
|--------------|
|(3com Switch) |
| |
computer 1 --192.168.1.2 --| | (eth0)
|----| |
computer 1 --172.16.0.2 --| | | (eth1)
|vlan| |
| 2 | |
computer 3 --172.16.0.16 --| | | (eth0.2)
|----| |
computer 3 --192.168.1.16--| | (eth0.1)
| vlan |
| 3 |
computer 2 --192.168.1.3 --| | (eth0)
| |
|--------------|
I had a mess around with the routing and discovered that if I add a
default route that uses eth0.2 and goes to 172.16.0.2 than I can ping from
the 2nd pc to the ip on eth0.2, but then I can't ping the ip on eth0.1.
:-(
Having run tcpdump on the 3rd computer I can see that all the ping
requests are getting through, it's in the reply that things are going
wrong as the response doesn't seem to get sent or gets sent via the wrong
interface.
I then found the following: page http://www.linuxjournal.com/article/7291
>From that I had a play with the ip route commands. I just get the same
result. First I can ping the eth0.1 ip but not the eth0.2 ip, then I can
ping the eth0.2 ip but not the eth0.1 ip.
Using Debain 3.1 (Sarge) on computer 3, no updates yet as currently having
broadband issues. Ubuntu on computer 2 (updated as of the 14th april) and
IPCop on the 1st computer (all updates).
Just what am I doing wrong? The commands I'm using are the same as on the
previous link but for the ethernet port and ip addresses. I can post tcp
dumps, exact commands if people want to see them.
Craig
More information about the York
mailing list