Let see if I'm getting your goal right. You want to route traffic from different vlans trough bridge and clients to see each other trough router not directly . 1. Set ebtables forward policy to DROP 2. You need to patch arpreply.c module of kernel so it dont respond to arp request when source and destination ip address is the same. ++ if ( *diptr == *siptr ) ++ return EBT_DROP; 3. Turn off bridge STP 4. Make ebtables to respond with arpreply to clients with his own MAC address... This while make every client to connect to other client trough router ... net-wolf wrote: > > This problem confused me for few months, need your help. > > Switch: Cisco Catalyst 2924 XL > > OS : RedHat 9 > > NIC : Intel(R) PRO/100+ Management Adapter > > Perter's chart: > > +--------+ +--------+ trunk+---------+ > ( internet )-----| router |---------| VLAN |vlan4 > ( cloud ) eth0| box A |eth1 | switch |------------------+ > +--------+ +--------+ +---------+ | > vlan2| v2| |vlan3 | > | | | | > +--------+ | +-------+ | > | | | | > eth0| eth0| eth0| eth0| > +--------+ +--------+ +--------+ +--------+ > | client | | client | | client | | server | > | box B | | box C | | box D | | box E | > +--------+ +--------+ +--------+ +--------+ > > My confiration is simple: > ifconfig eth1 192.168.1.73 up > vconfig set_name_type DEV_PLUS_VID_NO_PAD > vconfig add eth1 2 > vconfig add eth1 3 > vconfig add eth1 4 > brctl addbr br0 > #brctl stp br0 off # may not be what you want > brctl addif br0 eth1.2 > brctl addif br0 eth1.3 > ifconfig br0 192.168.0.1 > ifocnfig eth1.2 up > ifconfig eth1.3 up > ifconfig br0 up > echo 1 > /proc/sys/net/ipv4/ip_forward > > -------------------------------- > > I want to test connectivity between box B and Box A. > > Vlan configuration is ok, i can ping each other without packet loss. > But after bring up bridge, most ping packet is lost. > > ip address 192.168.1.200 is pc in vlan0. > > some output from my environment: > > #ifconfig -a > br0 Link encap:Ethernet HWaddr 00:90:27:8C:3F:E7 > inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:31 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:1550 (1.5 Kb) TX bytes:0 (0.0 b) > > eth1 Link encap:Ethernet HWaddr 00:90:27:8C:3F:E7 > inet addr:192.168.1.73 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:430 errors:0 dropped:0 overruns:0 frame:0 > TX packets:300 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:26787 (26.1 Kb) TX bytes:21408 (20.9 Kb) > Interrupt:5 Base address:0xdf00 Memory:feaff000-feaff038 > > eth1.2 Link encap:Ethernet HWaddr 00:90:27:8C:3F:E7 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:29 errors:0 dropped:0 overruns:0 frame:0 > TX packets:120 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:1566 (1.5 Kb) TX bytes:7772 (7.5 Kb) > > eth1.3 Link encap:Ethernet HWaddr 00:90:27:8C:3F:E7 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:44 errors:0 dropped:0 overruns:0 frame:0 > TX packets:105 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:2376 (2.3 Kb) TX bytes:6752 (6.5 Kb) > > # uname -a > Linux ws 2.4.20-8 #1 Thu Mar 13 17:18:24 EST 2003 i686 athlon i386 > GNU/Linux > > # lsmod > > Module Size Used by Not tainted > 8021q 16872 2 (autoclean) > bridge 24140 1 (autoclean) > autofs 12948 0 (autoclean) (unused) > e100 59652 1 > sr_mod 17912 0 (autoclean) > cdrom 33472 0 (autoclean) [sr_mod] > usb-storage 68628 0 > scsi_mod 106200 2 [sr_mod usb-storage] > keybdev 2880 0 (unused) > mousedev 5428 0 (unused) > hid 21700 0 (unused) > input 5792 0 [keybdev mousedev hid] > ehci-hcd 19592 0 (unused) > usb-ohci 21160 0 (unused) > usbcore 77696 1 [usb-storage hid ehci-hcd usb-ohci] > ext3 69984 2 > jbd 51220 2 [ext3] > > [root@ws root]# rpm -qa |grep bri > bridge-utils-0.9.3-8 > bridge-utils-devel-0.9.3-8 > [root@ws root]# rpm -qa |grep vconf > vconfig-1.6-2 > [root@ws root]# > > > #brctl show > bridge name bridge id STP enabled interfaces > br0 8000.0090278c3fe7 yes eth1.2 > eth1.3 > > #brctl showmacs br0 > port no mac addr is local? ageing timer > 2 00:04:4d:da:99:10 no 1.56 > 2 00:90:27:8c:3f:e7 yes 0.00 > 1 00:90:27:8c:3f:e7 yes 0.00 > > # brctl show stp > > br0 > bridge id 8000.0090278c3fe2 > designated root 8000.0090278c3fe2 > root port 0 path cost 0 > max age 20.00 bridge max age 20.00 > hello time 2.00 bridge hello time 2.00 > forward delay 15.00 bridge forward delay 15.00 > ageing time 300.00 gc interval 4.00 > hello timer 1.20 tcn timer 0.00 > topology change timer 0.00 gc timer 1.20 > flags > > > eth1.2 (1) > port id 8001 state forwarding > designated root 8000.0090278c3fe2 path cost 100 > designated bridge 8000.0090278c3fe2 message age timer 0.00 > designated port 8001 forward delay timer 0.00 > designated cost 0 hold timer 0.00 > flags > > eth1.3 (2) > port id 8002 state forwarding > designated root 8000.0090278c3fe2 path cost 100 > designated bridge 8000.0090278c3fe2 message age timer 0.00 > designated port 8002 forward delay timer 0.00 > designated cost 0 hold timer 0.00 > flags > > > [root@ws root]# ping 192.168.1.200 > PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data. > From 192.168.1.73 icmp_seq=12 Destination Host Unreachable > From 192.168.1.73 icmp_seq=13 Destination Host Unreachable > From 192.168.1.73 icmp_seq=14 Destination Host Unreachable > From 192.168.1.73 icmp_seq=15 Destination Host Unreachable > From 192.168.1.73 icmp_seq=16 Destination Host Unreachable > From 192.168.1.73 icmp_seq=17 Destination Host Unreachable > 64 bytes from 192.168.1.200: icmp_seq=18 ttl=255 time=0.670 ms > 64 bytes from 192.168.1.200: icmp_seq=23 ttl=255 time=0.469 ms > 64 bytes from 192.168.1.200: icmp_seq=34 ttl=255 time=0.468 ms > > --- 192.168.1.200 ping statistics --- > 45 packets transmitted, 3 received, +6 errors, 93% packet loss, time > 44021ms > rtt min/avg/max/mdev = 0.468/0.535/0.670/0.098 ms, pipe 3 > [root@ws root]# > > [root@ws root]# brctl delif br0 eth1.2 > [root@ws root]# brctl delif br0 eth1.3 > [root@ws root]# ping 192.168.1.200 > PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data. > 64 bytes from 192.168.1.200: icmp_seq=1 ttl=255 time=0.504 ms > 64 bytes from 192.168.1.200: icmp_seq=2 ttl=255 time=0.470 ms > 64 bytes from 192.168.1.200: icmp_seq=3 ttl=255 time=0.469 ms > 64 bytes from 192.168.1.200: icmp_seq=4 ttl=255 time=0.470 ms > 64 bytes from 192.168.1.200: icmp_seq=5 ttl=255 time=0.468 ms > > --- 192.168.1.200 ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4010ms > rtt min/avg/max/mdev = 0.468/0.476/0.504/0.019 ms > [root@ws root]# > > -------------------------------- > > When bridge is up, 99% ping packet for box B to box A is lost,but box > B did > get right mac address of box A. > > I have also tried > ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E2 > ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E3 > but no lucky. > > Sorry for such a long post, any hints is appreciated. > > Hello, Ard van Breemen , I think catalyst 2924 XL support IVL,do you > think so? > > > > ------------------------------------------------------------------------ > 想加入吗?1.9亿用户正在使用网易邮箱 www.126.com <http://www.126.com/> > ------------------------------------------------------------------------ > > _______________________________________________ > Vlan mailing list > Vlan@xxxxxxxxxxxxxxx > http://www.candelatech.com/mailman/listinfo/vlan > _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.candelatech.com/mailman/listinfo/vlan