tech-net: Re: VLAN + bridging problems

Subject: Re: VLAN + bridging problems
To: Dobromir Montauk <dmontauk@rescomp.berkeley.edu>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 12/23/2002 17:51:44
On Sat, Dec 21, 2002 at 05:09:33PM -0800, Dobromir Montauk wrote:
> Here is my exact set up:
> 
> -fxp0 is connected to the Cisco switch on port #48, which is on VLAN1 (the
> default VLAN, that is, "no vlan")
> -fxp1 is connected to the Cisco switch on port #47, which is on trunk.
> -laptop is connected to the Cisco switch on port #46, which is on vlan80.
> 
> I have the following script set up the interfaces:
> 
> #!/bin/sh
> 
> brconfig bridge0 down
> ifconfig bridge0 destroy
> ifconfig vlan80 destroy
> ifconfig fxp1 delete
> ifconfig fxp1 down
> 
> ifconfig fxp1 up
> ifconfig vlan80 create
> ifconfig vlan80 vlan 80 vlanif fxp1
> ifconfig fxp0 up
> ifconfig bridge0 create
> brconfig bridge0 add fxp0 add vlan80 up
> 
> After setting up the interfaces in this order, I ask the laptop to obtain
> a DHCP lease.  It does this fine - meaning that NetBSD correctly forwarded
> the packets, since they had to move through the machine.  See the attached
> files for this transaction on fxp1 & vlan80.
> 
> After getting a lease, I try to ping in from a remote machine.  The laptop
> receives the pings and responds to them, but the remote machine never
> hears the response.
> 
> Then, I try pinging out from the laptop, and the pings never get out.
> Doing a tcpdump on fxp1 shows that fxp1 IS seeing the pings (see attached
> file), but a tcpdump on vlan80 shows that vlan80 is NOT seeing the pings
> (again, see attached file).  In fact, vlan80 doesn't seem to see much at
> all of the stuff fxp1 sees & that has the "VLAN#80" tag on it.
> 
> All tcpdumps were done with simply "tcpdump -i <interface>".  I edited
> some of them for relevant content.
> 
> Any advice most welcome!

Hum, maybe the promiscous flag fails to be forwarded from vlan to the
underlying interface ? Did you try running tcpdump (not -p) on both
fxp1 and vlan80 at the same time (so that both interfaces are forced
to promiscous at the same time) ?
Of maybe it's a bug with high-number vlans interfaces. I always numbers
my vlan if sequencially (0,1,2, ...). Myabe try calling it vlan0
instead of vlan80.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 23 ans d'experience feront toujours la difference
--