From owner-freebsd-net@FreeBSD.ORG Fri Aug 20 17:11:54 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 512621065672 for ; Fri, 20 Aug 2010 17:11:54 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (unknown [IPv6:2607:f3e0:80:80::2]) by mx1.freebsd.org (Postfix) with ESMTP id EB9548FC15 for ; Fri, 20 Aug 2010 17:11:53 +0000 (UTC) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost2.sentex.ca (8.14.4/8.14.4) with ESMTP id o7KHBncD069759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 20 Aug 2010 13:11:50 -0400 (EDT) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.14.4/8.14.3) with ESMTP id o7KHBnfT011714; Fri, 20 Aug 2010 13:11:49 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <201008201711.o7KHBnfT011714@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 20 Aug 2010 13:11:48 -0400 To: xavier.humbert@groumpf.org (Xavier HUMBERT), freebsd-net@freebsd.org From: Mike Tancsa In-Reply-To: <1jnj9gh.1ni0waznzbr5yM%xavier.humbert@groumpf.org> References: <1jnj9gh.1ni0waznzbr5yM%xavier.humbert@groumpf.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Scanned-By: MIMEDefang 2.67 on 205.211.164.50 Cc: Subject: Re: Inter-vlan routing problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2010 17:11:54 -0000 At 11:52 AM 8/20/2010, Xavier HUMBERT wrote: >vlan3: flags=8843 metric 0 mtu 1500 > description: Chateau > options=3 > ether 00:e0:81:2d:62:3e > inet 10.75.2.251 netmask 0xffffff00 broadcast 10.75.2.255 > media: Ethernet autoselect (1000baseT ) > status: active > vlan: 30 parent interface: bge0 >vlan4: flags=8843 metric 0 mtu 1500 > description: VoIP > options=3 > ether 00:e0:81:2d:62:3e > inet 10.75.3.251 netmask 0xffffff00 broadcast 10.75.3.255 > media: Ethernet autoselect (1000baseT ) > status: active > vlan: 100 parent interface: bge0 > > >Destination Gateway Flags Refs Use Netif Expire >default 10.75.2.1 UGS 0 13742 vlan3 >192.168.1.0/24 link#9 U 5 234765 vlan0 >172.16.214.0/24 link#10 U 4 395054 vlan1 >192.168.0.0/24 link#11 U 1 4659 vlan2 >10.75.2.0/24 link#12 U 0 3361 vlan3 >10.75.3.0/24 link#13 U 0 2716 vlan4 >------------------------------------------------------------------------ > >The problem is that, from the gateway itself, I can "see" all devices on all >vlans (nmap proves this). But from my station (which is on the vlan >#10), I can >access on my own vlan, and the default vlan #1. A ping or traceroute >to another >machine - I tried the defaul_router, which as you can see is on vlan #30 - >fails miserably. Tcpdump is not very helpful : > >------------------------------------------------------------------------ >[xavier@imac-xav ~]$ traceroute 10.75.2.1 >traceroute to 10.75.2.1 (10.75.2.1), 64 hops max, 52 byte packets > 1 gateway (172.16.214.251) 0.697 ms 0.227 ms 0.245 ms > 2 * * * I dont understand, why is 10.75.2.1 going out your default interface ? It should look for packets on the same subnet that the vlan3 interface is on Can you do an arp -na and netstat -Wnra On the nortel switch, are you sure you have it on the equiv of a "trunk" port? Is there a way to see what MAC addresses the switch sees as part of what VLAN ? >Is the bad cksum relevant ? Not necessarily. It might be due to the chksum offloading of the NIC driver. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike