[ previous ] [ next ] [ threads ]
 
 From:  "Joe Lagreca" <joe at BIGnetOnline dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 and VLANs problem setting up
 Date:  Sat, 29 Sep 2007 09:02:37 -0700
I finally got it working!  Thanks for all your help.

I'm not sure, but I think the Nokia IP110 does not work with VLANs.  I
built another machine and finally got it working.  I had to put a rule
in for that interface to pass traffic.  However I would have though i
could ping the internal vlan interface without a rule.

Right now, the VLANs can all communicate between each other.  I'm
assuming they are routing through the m0n0wall.  How can I prevent
this, while only letting each of them get out to the internet?  What
rule can I put in place and where?

Also, I cannot administer the switch from any of the VLAN ports
anymore.  I had to leave one port open (port 23) and still on VLAN 1,
so if I need to, I can plug my laptop into the switch and still
administer it.  I guess this is because on all the VLAN ports, the
traffic goes out the trunk of the switch before anything, and then the
m0n0wall can't route the packets back to the switch for some reason.
Did I do something wrong, or is this how it should be?

Thanks again for all your help!

-- 
Joe LaGreca
Founder & Owner, BIGnet Online
619-393-1733 Office
619-318-3246 Cell
www.BIGnetOnline.com



On 9/29/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 9/28/07, Jewell, Michael <mjewell at law dot umaryland dot edu> wrote:
> > Normally you remove vlan1 from the ports when you use other vlans.  If
> > your intention is to use vlan 201 and 202, then remove vlan1 from the
> > ports 1-12.  Each client machine can only be connected to 1 vlan
> > (untagged port), otherwise the switch wouldn't know to tag packets as 1
> > or 201.
> >
>
> You can typically put more than one untagged VLAN on a switch port,
> but like Micheal said you don't want to.
>
> The configuration process for cheap switches is usually two fold, only
> put the VLAN you want to use on the port, untagged, and set the PVID
> or native VLAN depending on the terminology of the switch, to whatever
> VLAN you're using.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>