Hello there - back to this old topic.

I've finally gotten around to doing more testing, and I'm becoming
steadily more confused.

My setup is as follows:
CISCO SWITCH (Catylist 3500 series XL)
Port 45: VLAN1
Port 46: VLAN2
Port 47: VLAN2
Port 48: VLAN95 & TRUNK

I've tried two different setups.  The first worked, the second did not.

SETUP #1
Laptop -> 46
fxp0 -> 45
fxp1 -> 47

brconfig bridge0 add fxp0 add fxp1

This works fine - fxp1 sees all the VLAN2 traffic, the laptop can ping
out, etc.

Then I try this:
SETUP #2
Laptop -> 46
fxp0 -> 45
fxp1 -> 48
vlan2 -> fxp1 (with: ifconfig vlan2 vlan 2 vlanif fxp1)

Now, if I ping an outside IP from the laptop (it has IP 169.229.97.234),
say 169.229.70.150, then fxp1 sees the packets, but vlan2 does NOT (this
is even before I've started bridging anything).  If I ping a local address
(169.229.97.235), then VLAN2 <does> sees the arp who-has packets &
everything.

Another funny thing - DHCP requestes <do> appear on vlan2.  That made me
think it might be a problem with our configuration, blocking certain
types of packets.  So I turned off ipsec & ipfilter, thinking that those
might be preventing the fxp1 -> vlan2 transition (though they really
shouldn't, right?).  Didn't help.  Maybe it's something else conflicting?

If we can figure out why packets hitting fxp1 aren't actually getting to
vlan2, we'd be in business (I'm sure bridging would work then).  If we
can't, we might have to have three interfaces - one for vlan2, one for
vlan1, and a third one for trunking.  That would be <really> ugly.

Thanks for your great help!  I have tcpdumps if you want to look at
them...

Dobromir

On Mon, 23 Dec 2002, Manuel Bouyer wrote:

> On Sat, Dec 21, 2002 at 05:09:33PM -0800, Dobromir Montauk wrote:
> > Here is my exact set up:
> >
> > -fxp0 is connected to the Cisco switch on port #48, which is on VLAN1 (the
> > default VLAN, that is, "no vlan")
> > -fxp1 is connected to the Cisco switch on port #47, which is on trunk.
> > -laptop is connected to the Cisco switch on port #46, which is on vlan80.
> >
> > I have the following script set up the interfaces:
> >
> > #!/bin/sh
> >
> > brconfig bridge0 down
> > ifconfig bridge0 destroy
> > ifconfig vlan80 destroy
> > ifconfig fxp1 delete
> > ifconfig fxp1 down
> >
> > ifconfig fxp1 up
> > ifconfig vlan80 create
> > ifconfig vlan80 vlan 80 vlanif fxp1
> > ifconfig fxp0 up
> > ifconfig bridge0 create
> > brconfig bridge0 add fxp0 add vlan80 up
> >
> > After setting up the interfaces in this order, I ask the laptop to obtain
> > a DHCP lease.  It does this fine - meaning that NetBSD correctly forwarded
> > the packets, since they had to move through the machine.  See the attached
> > files for this transaction on fxp1 & vlan80.
> >
> > After getting a lease, I try to ping in from a remote machine.  The laptop
> > receives the pings and responds to them, but the remote machine never
> > hears the response.
> >
> > Then, I try pinging out from the laptop, and the pings never get out.
> > Doing a tcpdump on fxp1 shows that fxp1 IS seeing the pings (see attached
> > file), but a tcpdump on vlan80 shows that vlan80 is NOT seeing the pings
> > (again, see attached file).  In fact, vlan80 doesn't seem to see much at
> > all of the stuff fxp1 sees & that has the "VLAN#80" tag on it.
> >
> > All tcpdumps were done with simply "tcpdump -i <interface>".  I edited
> > some of them for relevant content.
> >
> > Any advice most welcome!
>
> Hum, maybe the promiscous flag fails to be forwarded from vlan to the
> underlying interface ? Did you try running tcpdump (not -p) on both
> fxp1 and vlan80 at the same time (so that both interfaces are forced
> to promiscous at the same time) ?
> Of maybe it's a bug with high-number vlans interfaces. I always numbers
> my vlan if sequencially (0,1,2, ...). Myabe try calling it vlan0
> instead of vlan80.
>
> --
> Manuel Bouyer <bouyer@antioche.eu.org>
>      NetBSD: 23 ans d'experience feront toujours la difference
> --
>