hi folks, hope you can help me ! I am using bridging to secure my network. I want to do some kind of content filtering (ips using content matching) in my local network. I wrote a little helper programm that does that job. But thats not the problem. The problem is that I need to use bridges in my local network as I have trunk ports. Using bridges works fine for me in the dmz and to the internet, but if I integrate the bridges in my local network I am not able to access the default VLAN (which is vlan 2). The ports in the dmz are access ports not trunk ports. The attached file illustrates my problem (at least I hope it does;) ). As you can see I am using Cisco switches (4500) for the different departments and cisco catalyst 6000 for core switching. These switches provide some vlans (vlan 2 is default). As soon as I use the bridges as inline systems (without any filtering at layer 2,3 or 7) I am not able to access vlan 2 anymore. Even on the same switch ! Here is an example: Please have a look to the attached picture. If I want to access a device connected via an access port in vlan 2 from vlan 106 I am not able to get the device on the same switch. I am also not able to get devices at other switches (access port vlan 2) that are "secured" by the bridges. But if want to access an end point (vlan 2 device) from a end point device connected to a switch that is secured with a bridge to an end point device in vlan 2 (or any other vlan) that is connected to a switch that is not secured by a bridge, I am not able to access the device ! (what a sentence !) Furthermore: All switches (Layer 3) are not able to communicate with each other (all vlan 2 as it is the default vlan) if they are secured with bridges. The most weird thing for me is that I am not able to access vlan 2 devices from another vlan connected at the same switch as soon as I use the bridge! Some things I already thought about that may create my problem (what do you thing about these points): * mac address learning: as I use vlans the same mac address is available in several vlans. could it be that the bridge interface has problem with this ? * stateless / stateful may it be possible that the kernel and the routing ability creates some problems as the box is working stateful and has routing enabled ? Information: The kernel is compiled with 802.1q support The switches secured with bridges are not able to get the mac address of the other switches secured with bridges. I really hope you know what to do to solve my problem as I am totally overextended. Thanks for your help in advance Josef PS. Sorry if this Email was sent twice _______________________________________________________________________________ Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Although Azlan Group Limited has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. Employees of Azlan Group Limited and its affiliates are expressly required not to make defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. For further assistance on email policy, or if you have received this email in error, please contact the Azlan Group MIS Helpdesk by email at help.desk@xxxxxxxxxx Azlan Group Limited, Azlan House, Mulberry Business Park, Fishponds Road, Wokingham, RG41 2GY. www.azlan.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: bridge_problem_default_vlan.jpg Type: application/octet-stream Size: 43058 bytes Desc: not available Url : http://lists.osdl.org/pipermail/bridge/attachments/20050520/1f4169c3/bridge_problem_default_vlan-0001.obj
