[ previous ] [ next ] [ threads ]
 From:  mtnbkr <waa dash m0n0wall at revpol dot com>
 To:  Peter Boosten <peter at boosten dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLAN
 Date:  Tue, 16 Jan 2007 12:36:15 -0500
Peter Boosten wrote:
> Hi all,
> So I must be doing something wrong:
> I run m0n0 (currently 1.22) on my Soekris 4801 for several years now,
> works like charm.
> So I wanted to do some VLAN on my internal network, therefor I created
> two VLANs on my Nortel Baystack (450-24T).
> On m0n0 I assigned two VLANs on sis0 (that's my LAN interface), called
> VLAN1 and VLAN2 and assigned both interfaces an IP address (
> and - both class C). The LAN interface itself has
> The intention is to renumber the interface to
> when this setup is working. Furthermore I applied a rule to
> both VLAN interfaces to allow all traffic from all to all.

> In the Nortel configuration you can switch between a non-trunk and a
> trunk by configuring the port from 'untagged access' to 'tagged trunk'
> (and then assign the tagged port to various VLANs).

First, you need to set the baystack port to "tagged trunk".

Next, you need to create another VLAN and assign it to that port. Call
the VLAN what you like, but this will be for the network.

I believe that here is where you went wrong:
On the m0n0wall, in the Interfaces --> Assign page you need to configure
your LAN interface to be the same VLAN that you just added to the
baystack port for the network.

If your LAN interface is currently assigned to the hardware interface
(sis0 on wrap - I do not know what m0n0 sees the ethernet ports as on a
soekris) it will not work. The LAN interface needs to be on the correct

Hope this helps.

Bill Arlofski
Reverse Polarity