All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Bridging three vlans
@ 2005-04-30 10:20 Ed Wildgoose
  2005-04-30 10:51 ` Ed Wildgoose
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Ed Wildgoose @ 2005-04-30 10:20 UTC (permalink / raw)
  To: lartc

OK, strange request but I want to bridge three vlans under linux 2.4.  
Bridging works fine with two vlans, but is failing to route when I add 
the third vlan.

Situation is clearly to have Lan, internet and DMZ vlans.  The reason 
they are vlans is that I am using a Linksys WRT54GS and hence you 
effectively have a 5 port hub on the back which can be segregated into 
flexible vlan groups.  I clearly want to just be able to move something 
in and out of the DMZ depending on which port it's plugged into, but 
without having to change it's IP address or do any routing.  (I like 
transparent firewalls and QOS!)

So what's going wrong when I try to put my third vlan into the bridge?  
Actually it seems to be more fundamental than that.  The inet and lan 
vlans both have no IP address, can then build a bridge no problem.  As 
soon as I remove the ip address from the DMZ lan, even without adding it 
to the bridge, my routing stops working on the machine...

Is this a linux 2.4 limitation or user error?  Grateful for any advice

Thanks

Ed W
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Bridging three vlans
  2005-04-30 10:20 [LARTC] Bridging three vlans Ed Wildgoose
@ 2005-04-30 10:51 ` Ed Wildgoose
  2005-04-30 23:22 ` Taylor, Grant
  2005-05-01 10:26 ` Ed Wildgoose
  2 siblings, 0 replies; 4+ messages in thread
From: Ed Wildgoose @ 2005-04-30 10:51 UTC (permalink / raw)
  To: lartc

Ed Wildgoose wrote:

> OK, strange request but I want to bridge three vlans under linux 2.4.  
> Bridging works fine with two vlans, but is failing to route when I add 
> the third vlan.

...

> Is this a linux 2.4 limitation or user error?  Grateful for any advice


Hmm, OK I know I haven't given much info, but first off is this scenario 
actually possible?  A bit of digging in the bridging howto suggests that 
it is.

Also I just noticed that STP is off in my setup.  Is this going to be 
mandatory when we add three vlans into a bridge? 

Thanks for any tips on actually debugging whats happening here

Ta

Ed W
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Bridging three vlans
  2005-04-30 10:20 [LARTC] Bridging three vlans Ed Wildgoose
  2005-04-30 10:51 ` Ed Wildgoose
@ 2005-04-30 23:22 ` Taylor, Grant
  2005-05-01 10:26 ` Ed Wildgoose
  2 siblings, 0 replies; 4+ messages in thread
From: Taylor, Grant @ 2005-04-30 23:22 UTC (permalink / raw)
  To: lartc

Ed, can we get more information as to what devices on your network have what IP, your VLAN config, your bridge config, you IPTables(-save) config?

I need some more data to stare at to try to find a problem in this mix.



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Bridging three vlans
  2005-04-30 10:20 [LARTC] Bridging three vlans Ed Wildgoose
  2005-04-30 10:51 ` Ed Wildgoose
  2005-04-30 23:22 ` Taylor, Grant
@ 2005-05-01 10:26 ` Ed Wildgoose
  2 siblings, 0 replies; 4+ messages in thread
From: Ed Wildgoose @ 2005-05-01 10:26 UTC (permalink / raw)
  To: lartc

Taylor, Grant wrote:

> Ed, can we get more information as to what devices on your network 
> have what IP, your VLAN config, your bridge config, you 
> IPTables(-save) config?
>
> I need some more data to stare at to try to find a problem in this mix.


It's a wrt54G, so the 5 ports on the back are really a hub plus a single 
net interface.  However, the driver has the capability to tag and create 
multiple vlans from any group of ports

So the end result is that if I create three vlans on the same effective 
net interface then routing stops working properly until I turn on STP 
(even if the bridge doesn't use all three vlans).  If I make the bridge 
use all three vlans (each vlan without a real IP or netmask) then 
routing stops working completely even with STP enabled.

Is the limitation because of the multiple vlans on a single real net 
interface?  Of course since the vlans are driver implemented there could 
be other problems arising, so simply stating whether it ought to work or 
not would be good at this stage...

Software is "openwrt" which is a hacked 2.4 kernel for arm, and a number 
of pre-applied patches.  I would have to dig a little to remind myself 
of exactly what patches are applied, but basically stuff like the bridge 
firewalling stuff I think.

I'm testing by plugging real machines into the lan, wan and DMZ vlans 
and seeing if they can see each other...

Any suggestions?

Ed
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-05-01 10:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-30 10:20 [LARTC] Bridging three vlans Ed Wildgoose
2005-04-30 10:51 ` Ed Wildgoose
2005-04-30 23:22 ` Taylor, Grant
2005-05-01 10:26 ` Ed Wildgoose

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.