Ok, all switch must support ivl.
Proxy arp is suit for the environment, box B and box C should not see each other, I will use ebtables to drop flow between them just as setup 1b done; the main problem for a svl switch is mac address of br0 appeared in every vlan.
What's the side effect of mac-address masquerading?
Many thanks for your patience.
2007-03-05,Ard van Breemen ard@xxxxxxxxx wrote:
Hello, On Mon, Mar 05, 2007 at 10:15:27AM +0800, net-wolf wrote: > [root@ws root]# > -------------------------------- > When bridge is up, 99% ping packet for box B to box A is lost,but box B did > get right mac address of box A. > I have also tried > ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E2 > ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E3 > but no lucky. This means you do not understand the real issue here :-) > Sorry for such a long post, any hints is appreciated. > Hello, Ard van Breemen , I think catalyst 2924 XL support IVL,do you think so? http://www.cisco.com/en/US/products/hw/switches/ps607/products_data_sheet09186a00800922fe.html It's end of life, and with only a 3.2Gb/s I doubt it would do IVL. Only the latest catalyst release added 802.1Q. And seeing your problems you definitely have SVL :-(. So you have the following choices: - Buy a new expensive switch (>10000 euro for an IVL if I am correct) - Buy a wrt device (around 50 euro's), and put you router in an even numbered vlan, and your hosts in an odd numbered vlan. - Do mac-address masquerading (never done it) - Do proxy-arp and use routed networks on your router. Using proxy-arp, the hosts don't have to know that they don't see eachother. Proxy-arp is described in http://lartc.org/ The problem: One host does an arp. This means the bridge on the router *must* forward that packet, and will do so exactly. Since the switch was never build to think in seperate vlans, it will see the mac-address move from the host-port to the router port. Any new traffic destined for that host will go to the router port. The router will bridge it further, and the switch will drop it, since the mac-address is only known at the port of the router. SVL is the same as having a normal switch: you only have a mac-address->port lookup, except that traffic is filtered on vlan level. In IVL, you have an independent vlan+mac-address->port lookup. Regards, Ard _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.candelatech.com/mailman/listinfo/vlan
网易邮箱精准过滤超过98%的垃圾邮件 www.126.com
_______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.candelatech.com/mailman/listinfo/vlan
