Hi Ben, I connected the 2 linux hosts and and saw the meesages on the spoofed interface having corresponding MAC address. I meant, the arp response from the spoofed interface is coming properly with the corresponding spoofed MAC address. So looks like it's working :) I need to try with the switch now... thanks a lot for you reply. Also, how to set the HW accel off in the kernel... I browsed the net but could not find the proper answer.. I believe it needs to be done in some device file. I still don't see the Vlan tag in the output of tcpdump.. Thanks and Regards, Chaitra -----Original Message----- From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx] On Behalf Of Ben Greear Sent: Monday, October 02, 2006 11:28 PM To: Linux 802.1Q VLAN Subject: Re: [VLAN] 802.1Q - MAC Spoofing P Chaitra-A15829 wrote: > Hi Ben, > > I am attaching a small write up on what I am trying to do and what is > the test bed. > > Kindly let me know if there is any issues in the configuration or > understading. Also, if you need more information or explantion kindly > let me know. > > Basically the whole stuff is not working.. > > I tried both the option suggested by you for vconfig : > > 1. arp-filter technique - didn't work. > > 2. vconfig interface being on a different subnet and configuring the > corresponding port at the switch on the same subnet and vlan id. This > also didn't work. I was unable to ping the host from the switch itself. > (both host and the switch were configured with an IP address on the same > subnet. This IP address was on a different subnet than the primary etho > interface at the linux host.) > > The gist of the problem is Vlan tagged frames. > > VLAN Tagging at trunk interface : > > When the port was configured in the trunk > mode at L2 switch and linux host configured for vlan interface, we > expected the frames on the trunked interface > > to be in 802.1Q format. But this was never > the case. > > We have posted the question to linux org > on the same. > > Thanks a lot for your time and help. How are you determining if they are framed or not? If your NIC uses HW accel, then the .1Q header will be stripped in the hardware and not visible in tcpdump/ethereal. Use a third machine on a hub, with no VLANs configured on it, and sniff the traffic there. For testing ping & vlans, please try using two linux machines, each with VLANs configured on some interface. Remove all of the cisco switches and such from your network for this test. I can help you debug Linux, but not the complete network with other switches and such. The arp-filter trick must be used if you want the ARP responses to have the MACs for that particular interface. If you get two linux machines connected and VLANs configured on them, and it still does not work, please send the results of these commands on each system: ifconfig -a ip route show as well as the ping commands you were trying. Thanks, Ben > > Regards, > > Chaitra > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Vlan mailing list > Vlan@xxxxxxxxxxxxxxx > http://www.candelatech.com/mailman/listinfo/vlan -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.candelatech.com/mailman/listinfo/vlan
