Hi Kannan,
AFAIK, what you have done is
1. Created two "virtual network interfaces" on eth1 in BoxA
2. Bridged those two together and created another virtual network interface
br0
3. Implemented routing between eth0 and br0.
Now, the virtaul interfaces in step#1 will work, only if the eth1 receive
any '802.1Q tagged' packets. That means, that network card is connected to a
VLAN capable switch, through a 'trunk' port. Now, by bridging those two in
step#2, the two virtual LANs are joined together (thereby the whole
advantage of creating virtual LANs in lost). The virtual LAN interfaces are
just a multiplexer/demultiplexer of packets. They work on top of the
physical interface. Their responsibility is, to read the 802.1Q tag on each
received packet, identify the corresponding virtual interface, pump the
packet to the corresponding virtual interface. (and vice versa).
I setup I suggest is given below
+--------+eth0 +---------------+ trunk +-----------------+
( Box M )------| router/Bridge |--------------| VLAN capable |
( ) eth0| box A |eth1 | Bridge |
+--------+ +---------------+ +-----------------+
vlan2| vlan3|
| |
| |
| |
eth0| eth0|
+--------+ +--------+
| Host | | Host |
| box B | | box C |
+--------+ +--------+
-----Original Message-----
From: Kannan [mailto:kjeyapal@xxxxxxxxxxxxx]
Sent: Monday, November 22, 2004 9:17 AM
To: 'Linux 802.1Q VLAN'
Subject: RE: [VLAN] VLAN and Bridge interaction.
Hi Jojan,
Thanks for your quick analysis of the setup and the reply.
>From the Setup what I have given, I wanted to make Box A to function as
Bridge-Router. So I have configured, VLANs 2 and 3 on eth1, and made the
hosts on VLANs 2 and 3 (Box B and Box C) accessible to the outside world via
eth0 of Box A through Box M. Basically Box A could function as
Bridge-Router.
Please let me know, whether such thing is possible.
Let me know if anything else needs to be done for such a setup.
It would be nice if you could explain why the setup is wrong and how to set
it up.
Thanks,
Bye,
Kannan.J
-----Original Message-----
From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx] On
Behalf Of JOJAN
Sent: Saturday, November 20, 2004 1:20 PM
To: 'Linux 802.1Q VLAN'
Subject: RE: [VLAN] VLAN and Bridge interaction.
Hi Kannan,
I think there is a mistake. A VLAN capable switch should be there in the
network. i.e., box A should a VLAN capable switch and you should configure
vlan2 and vlan3 in it. Box M should be connected to the trunk port of the
switch and you should configure virtual interfaces in Box M on each vlan
(vlan 2 and vlan 3). Box B and Box C should be connected to the access ports
of the switch, and those ports are to be congiured to be member of the vlans
(B's port in vlan2 and C's port in vlan3)
hope i am clear.
best regards
jojan
-----Original Message-----
From: Kannan [mailto:kjeyapal@xxxxxxxxxxxxx]
Sent: Saturday, November 20, 2004 12:55 PM
To: 'Linux 802.1Q VLAN'
Subject: RE: [VLAN] VLAN and Bridge interaction.
Hello,
Thanks Peter for your reply.
I tried with the following example based on the message to which you
directed me to.
But still I have a few doubts.
My setup is like this.
+--------+eth0 +---------------+ trunk
( Box M )------| router/Bridge |-----------
( ) eth0| box A |eth1 | |
+--------+ +---------------+ | |
vlan2| v3|
| |
+--------+ |
| |
eth0| eth0|
+--------+ +--------+
| Host | | Host |
| box B | | box C |
+--------+ +--------+
I made the following configurations.
Box A:
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ip addr add 10.0.0.10/24 broadcast 10.0.0.255 dev eth0
ip link set eth0 up
ip link set eth1 up
vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig add eth1 2
vconfig add eth1 3
brctl addbr br0
brctl addif br0 eth1.2
brctl addif br0 eth1.3
ip addr add 20.0.0.10/24 broadcast 20.0.0.255 dev eth1.2
ip addr add 20.0.1.10/24 broadcast 20.0.1.255 dev eth1.3
ip link set eth1.2 up
ip link set eth1.3 up
ip link set br0 up
iptables -F
iptables -P FORWARD DROP
iptables -A FORWARD -i eth1.2 -o eth0 -s 20.0.0.0/24 -j ACCEPT #v2->inet
iptables -A FORWARD -i eth0 -o eth1.2 -d 20.0.0.0/24 -j ACCEPT #inet->v2
iptables -A FORWARD -i eth1.3 -o eth0 -s 20.0.1.0/24 -j ACCEPT #v3->inet
iptables -A FORWARD -i eth0 -o eth1.3 -d 20.0.1.0/24 -j ACCEPT #inet->v3
iptables -t nat -A POSTROUTING -o eth0 -s 20.0.0.0/16 -j MASQUERADE
echo 1> /proc/sys/net/ipv4/ip_forward
Box M:
ifconfig eth0 10.0.0.20 netmask 255.255.255.0 up
Box B:
ifconfig eth0 20.0.0.20 netmask 255.255.255.0 up
Box C:
ifconfig eth0 20.0.1.20 netmask 255.255.255.0 up
This is my setup.
If I ping from Box A for the Host (20.0.0.20),
There is no reply. But I could see at the Ethereal on BoxB eth0, I could see
the ARP packet of who has 20.0.0.20 from 20.0.0.10.
But I could not get the Reply from the 20.0.0.20 being sent out.
Please let me know whether anything is wrong in my setup/configuration.
---------------------------------
Another thing that I tried in the same setup is as follows:
I configured VLAN on Box B to see whether ping will work. But still it was
not fruitful.
This configuration on Box B is as follows:
ifconfig eth0 0.0.0.0
vconfig add eth0 2
ifconfig eth0.2 20.0.0.20 netmask 255.255.255.0 up
But still I could not ping to 20.0.0.10 from 20.0.0.20 or the reverse also.
-----------------------------------
Could someone help me out in getting the ping work in this topology.
Thanks,
Bye,
Kannan.J
On Fri, Nov 19, 2004 at 09:07:16AM +0530, Kannan wrote:
> I am trying to understand VLAN and Bridging Interactions in Linux.
[..]
> Can some one throw me some details?
Perhaps you can pick something up from
http://www.lanforge.com/pipermail/vlan/2004-November/000105.html
//Peter
_______________________________________________
Vlan mailing list
Vlan@xxxxxxxxxxxx
http://www.lanforge.com/mailman/listinfo/vlan
---------------------------------------------------------------------------
"This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken upon this e-mail is
strictly prohibited and may be unlawful."
---------------------------------------------------------------------------
_______________________________________________
Vlan mailing list
Vlan@xxxxxxxxxxxx
http://www.lanforge.com/mailman/listinfo/vlan
_______________________________________________
Vlan mailing list
Vlan@xxxxxxxxxxxx
http://www.lanforge.com/mailman/listinfo/vlan
---------------------------------------------------------------------------
"This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding,
printing or copying of this email or any action taken upon this e-mail is
strictly prohibited and may be unlawful."
---------------------------------------------------------------------------
