On Wed, Jan 24, 2007 at 11:12:43AM -0800, Hazelsnitzel wrote: > [ Linux Bridge ]--[eth0]--[trunked]---[ Port 1 ] > +-------[eth1]--[trunked]---[ Port 2 ] > VLAN 2 [ Port 3 ]---- 192.168.2.3 > VLAN 3 [ Port 4 ]---- 192.168.2.4 > VLAN 4 [ Port 5 ]---- 192.168.3.3 > VLAN 5 [ Port 6 ]---- 192.168.3.4 > ..... ..... .......... > > In this configuration, VLANs 2 and 3 emulate one link and VLANs 4 and 5 > emulate another. Assuming your cisco switch is an SVL switch, you have two possibilities: IP proxy arp trick: ip a add 127.0.0.1 dev vlan2 ip a add 127.0.0.1 dev vlan3 ip ro add 192.168.2.3 dev vlan2 ip ro add 192.168.2.4 dev vlan3 echo 1 > /proc/sys/net/ipv4/conf/vlan2/proxy_arp echo 0 > /proc/sys/net/ipv4/conf/vlan2/rp_filter echo 1 > /proc/sys/net/ipv4/conf/vlan3/proxy_arp echo 0 > /proc/sys/net/ipv4/conf/vlan3/rp_filter The 127.0.0.1 is a working example. It really doesn't matter, just use an IP to bind the interface to the ip stack. This is just the easiest solution and clear on queueing and routing. The hosts 192.168.2.3 and 2.4 can just be given a /24 network. By using routing as the core forwarding you prevent any mac address related issues. Bridge: This is probably the most complex and headache prone since you are choosing for mac-address troubles. I don't have a working example out of my head. You should use ebtables to masquerade all outgoing packets with a mac-address != mac-address of the source host. The essence is the following (which should be a faq): On an svl switch the source mac-address is only allowed to appear on a single port switch wide, independent of vlans. (SVL == shared vlan learning == a single switch wide mac-address table) On an ivl switch the source mac-address is only allowed to appear on a single (port+vlan) switch wide. (IVL == Independent vlan learning == for each vlan a separte mac-address table). Anyway: if this doesn't really make sense, you should invest in either: * hardware (ben :-), or a very expensive switch) * knowledge ( http://lartc.org/ f.i. and .1Q standard ) If your switch already is IVL (which I cannot imagine, since only very big and expensive switches do that, or very small inexpensive switches like the ones in the wrt54g do have 2 mac-address tables if I am correct) the above explanation is moot. Just bridge and it will work. And turn off bpdu guard :-).
