[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VLANs not really working ?
 Date:  Thu, 10 Jul 2008 19:35:54 +0200 
I have installed an Intel PRO/1000GT for my LAN, added a new VLAN (21), 
and created an Captive Portal...
But still I cannot access any other site than google, and some others... 
I can ping almost every server on the internet, but I cannot browse 
their respective website !

Here is my setup in short

monowall with three NICs

WAN (xl0) : 3c905 PCI
LAN1 (em0) : Intel PRO/1000GT - my network
LAN2 (rl0) : Realtek 8139 - neighbours network


On my LAN1, I have a DLINK AP (DAP 1535, with 8 SSIDs and VLAN capability)
On my LAN2, I have a DLINK router (DI-804VUP, but I hooked up a lan port 
onto the monowall, disabled DHCP on the router)


On the DAP1535 I created a VLAN 21 for SSID "access.guest", and the 
first default SSID "private.wpa" a VLAN 1 is assigned (this is default 
behaviour, and would be the same as a normal LAN)

If I connect to the "private.wpa", I get an address of my DHCP serving 
on LAN1
If I connect to the "guest.access", I get an address of my DHCP on VLAN 21

I can browse the internet freely when connecting to "private.wpa", and 
when connecting through "guest.access", I am being presented the captive 
portal (which is normal, I can enter my credentials, and of I go...) - 
but I can access only a small amount of websites...


It actually behaves the same way, as when I was connected to the Realtek 
card...



Chris Buechler wrote:
> On Thu, Jul 3, 2008 at 7:02 PM, Michel Servaes <michel at mcmc dot be> wrote:
>   
>> I haven't figured it out yet, but I guess that when I tell you guys I am
>> using for both LAN & LAN2 a Realtek 8169 card, you'll tell me to toss out
>> those cards...
>>     
>
> Yep, my first guess when I glanced at your first message earlier was
> you're using Realtek NICs.
>
>
>   
>> They always worked fine, even now, but they just might not be good enough
>> for VLAN tagging, right ?
>>
>> I browsed a bit further on some forums, and found on the pfSense one, a guy
>> who switched to Intel NICs (after trying the Realtek8169) suddenly has a
>> working VLAN setup... so possibly I'm facing the same thing here... it's odd
>> though, that it does work somehow, but not completely... I'd reccon that
>> such a setup would either work, or completely not work...
>>
>>     
>
> You're probably either seeing the common flakiness of some Realtek
> cards, or have a card that doesn't properly support VLAN tagging. The
> latter can create a PMTUD black hole, causing packets over a certain
> size to silently disappear. Get some Intel Pro/100 or Pro/1000 cards
> and your problem likely goes away.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>