At 01:35 PM 1/24/2007, you wrote: >On Wed, Jan 24, 2007 at 11:12:43AM -0800, Hazelsnitzel wrote: > > [ Linux Bridge ]--[eth0]--[trunked]---[ Port 1 ] > > +-------[eth1]--[trunked]---[ Port 2 ] > > VLAN 2 [ Port 3 ]---- 192.168.2.3 > > VLAN 3 [ Port 4 ]---- 192.168.2.4 > > VLAN 4 [ Port 5 ]---- 192.168.3.3 > > VLAN 5 [ Port 6 ]---- 192.168.3.4 > > ..... ..... .......... > > > > In this configuration, VLANs 2 and 3 emulate one link and VLANs 4 and 5 > > emulate another. > >Assuming your cisco switch is an SVL switch, you have two >possibilities: >IP proxy arp trick: >ip a add 127.0.0.1 dev vlan2 >ip a add 127.0.0.1 dev vlan3 >ip ro add 192.168.2.3 dev vlan2 >ip ro add 192.168.2.4 dev vlan3 >echo 1 > /proc/sys/net/ipv4/conf/vlan2/proxy_arp >echo 0 > /proc/sys/net/ipv4/conf/vlan2/rp_filter >echo 1 > /proc/sys/net/ipv4/conf/vlan3/proxy_arp >echo 0 > /proc/sys/net/ipv4/conf/vlan3/rp_filter > >The 127.0.0.1 is a working example. It really doesn't matter, >just use an IP to bind the interface to the ip stack. >This is just the easiest solution and clear on queueing and >routing. The hosts 192.168.2.3 and 2.4 can just be given a /24 >network. >By using routing as the core forwarding you prevent any mac >address related issues. > >Bridge: >This is probably the most complex and headache prone since you >are choosing for mac-address troubles. I don't have a working >example out of my head. You should use ebtables to masquerade all >outgoing packets with a mac-address != mac-address of the source >host. > >The essence is the following (which should be a faq): >On an svl switch the source mac-address is only allowed to appear >on a single port switch wide, independent of vlans. >(SVL == shared vlan learning == a single switch wide mac-address >table) > >On an ivl switch the source mac-address is only allowed to appear >on a single (port+vlan) switch wide. >(IVL == Independent vlan learning == for each vlan a separte >mac-address table). > > >Anyway: if this doesn't really make sense, you should invest in >either: >* hardware (ben :-), or a very expensive switch) >* knowledge ( http://lartc.org/ f.i. and .1Q standard ) > > >If your switch already is IVL (which I cannot imagine, since only >very big and expensive switches do that, or very small >inexpensive switches like the ones in the wrt54g do have 2 >mac-address tables if I am correct) the above explanation is >moot. Just bridge and it will work. And turn off bpdu guard :-). > >_______________________________________________ >Vlan mailing list >Vlan@xxxxxxxxxxxxxxx >http://www.candelatech.com/mailman/listinfo/vlan Ard, Thanks for your comments. I can see that I have some reading to do. Regards, Bob
