[ previous ] [ next ] [ threads ]
 
 From:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>
 To:  <mark at preferreddatasolutions dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] optional interface
 Date:  Wed, 8 Oct 2008 17:40:10 +0200 
Hi Mark,
 
the switch is configured like that:
interface GigabitEthernet0/31
 switchport access vlan 3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 3
 switchport trunk allowed vlan 3,510-610
 switchport trunk pruning vlan none
 switchport mode trunk
 switchport nonegotiate
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 speed 1000
 duplex full
 macro description cisco-desktop
 flowcontrol receive on
 spanning-tree portfast trunk
 spanning-tree bpduguard enable


and the firewall has any:any as default already. (you can not talk about
it as firewall now ;-)


Do I need a dedicated LAN interface for every VLAN? I can't believe it


Arne

-----Original Message-----
From: Mark Rinaudo [mailto:mark at preferreddatasolutions dot com] 
Sent: 08 October 2008 17:34
To: Brieseneck, Arne, VF-Group
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] optional interface

Arne,

How is your switch configured on the port that's used by the LAN
interface?  If your using a vlan switch you need to make sure that LAN
port is configured in Trunk mode to allow multiple vlans to pass through
it. You also need to make sure you have the proper rules in your
firewall for the corresponding optional interface.  The rules are for
incoming traffic to the optional interface.

Mark



On Wed, 2008-10-08 at 17:02 +0200, Brieseneck, Arne, VF-Group wrote:
> Hi all,
>  
> I have successfully configured a Monowall with DMZ and LAN interface 
> with 2 physical NICs in 2 VLANs.
>  
> now I'd like to add 5 optional interfaces. all have separated VLANs. 
> When I try to ping from the monowall console to the IP (default GW of 
> the new optional LAN) I get a reply.
>  
> But unfortunately no other host in the same VLAN can ping even the 
> default GW.
>  
> 
> What is going on here? Has anybody an idea?
>  
> 
> THX a lot for your help
> Arne


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch