[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLANs not really working ?
 Date:  Fri, 04 Jul 2008 01:02:31 +0200 
I haven't figured it out yet, but I guess that when I tell you guys I am 
using for both LAN & LAN2 a Realtek 8169 card, you'll tell me to toss 
out those cards...
They always worked fine, even now, but they just might not be good 
enough for VLAN tagging, right ?

I browsed a bit further on some forums, and found on the pfSense one, a 
guy who switched to Intel NICs (after trying the Realtek8169) suddenly 
has a working VLAN setup... so possibly I'm facing the same thing 
here... it's odd though, that it does work somehow, but not 
completely... I'd reccon that such a setup would either work, or 
completely not work...

kind regards,
Michel

Michel Servaes wrote:
> I reverted back to the setup with my two LAN cards, hooked up my old 
> AP to LAN2, and connected the new AP to LAN
> Now when I hop from the old AP to the new AP, my IP also gets changed 
> (from 172.16 to 172.18 or vice versa), and all sites work just fine 
> now... so if it would be my ARP table, shouldn't I be facing the same 
> problem ??
>
> It seems when hopping between two real LAN's instead of VLAN's, that I 
> don't have that same problem... maybe my new AP isn't really VLAN 
> qualified, but since my IP followed I gathered that this would be ok ?
>
> Currently I have the old AP hooked up onto LAN2, but I created a 
> temporary VLAN 2 for my "guest" feature... so I can experiment a 
> little with my new AP, without interfering the neighbours :)
>
>
> I installed the "guest" with a DHCP 172.16.99.0 (being the gateway 
> 172.16.99.253), went into monowall, diagnostics, arp-tables, removed 
> all entries of any other being outside 172.16.99.xxx about my 
> computer... retried and  I still won't go further than google, gmail
> I did add the rule like I did for my LAN2, being any traffic routed 
> outside (VLAN2 - any protocol - any network).
> Did an "ipconfig /flushdns", to make sure I am not using any cached 
> dns data, and still only google, gmail is accessible... when hopping 
> back to my WPA on VLAN1, all my visited sites work just fine.
>
> I am puzzled... it's fun. Being able to ping (for instance) 
> www.userbase.be, but not able to access it via VLAN2, and while 
> hopping back onto VLAN1, it'll simply access the site... weird. I'll 
> jump into my other partition where Ubuntu is installed - maybe my 
> Vista is doing weird things, I really don't know.
>
> David Burgess wrote:
>> On Thu, Jul 3, 2008 at 2:44 PM, Michel Servaes <michel at mcmc dot be> wrote:
>>
>>  
>>> Hi,
>>>
>>>
>>> I was using my monowall with 2 LAN cards before, added two access 
>>> points to
>>> each LAN, and me and my neighbour were separate users.
>>> I have setup a pipe for 3mbit traffic onto the LAN card of my 
>>> neighbour.
>>> Now, today I am trying to add an Access Point capable of doing VLAN, 
>>> and
>>> have added another SSID onto one of the VLAN's.
>>>
>>> So my setup being in the DLINK
>>>
>>> SSID : WPA on VLAN 1 (being a generic VLAN)
>>> SSID : WEP on VLAN 8 (being a VLAN with a DHCP 172.18.0.0)
>>>
>>> On monowall I have
>>>
>>> LAN with DHCP 172.16.0.0 (ip : 172.16.0.253)
>>> VLAN8 with DHCP 172.18.0.0 (ip : 172.18.0.253)
>>>
>>> I altered the pipe that now my VLAN8 is limited in traffic (3 
>>> mbits), but
>>> each and every time I change from my WLAN (wpa) to my neighbours (to 
>>> testrun
>>> my setup), WEP, I cannot access the internet (now strangely enough)
>>> completely ???
>>> I can access google, I can send/receive mails, but as soon as I try to
>>> connect to a site to test my speed (or any other site) it won't 
>>> connect...
>>>
>>> When I do an ipconfig on my computer, I do get the right ip address 
>>> of the
>>> corresponding DHCP range... so the VLAN is working, but somewhere the
>>> routing is messed up (i think)
>>>
>>> I can ping however every site (they do resolve, and some of them 
>>> reply -
>>> the ones that won't reply, don't reply either on my wlan)...
>>>
>>>
>>> What might I be doing wrong here ??
>>>     
>>
>>
>> Could it be that m0n0wall has the wrong arp entry for your computer 
>> because
>> you're hopping LANs? Try deleting your old arp entry from m0n0wall's arp
>> table, or wait for it to expire then try again. Has your neighboour 
>> tried
>> connecting to VLAN8? Does he have the same problem you have?
>>
>> db
>>
>>