[ previous ] [ next ] [ threads ]
 
 From:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  SOLVED: [m0n0wall] optional interface
 Date:  Wed, 8 Oct 2008 20:27:54 +0200
SOLVED!


The trick is to configure the NIC in ESX server in VGT mode. Basically
you set the VLAN-ID of the NIC to 4095 what means all VLANs (which of
the trunk) and monowall is then using the right VLAN with the tagging.



Thanks a million for the help


BR,
Arne

-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com] 
Sent: 08 October 2008 19:58
To: Charles Goldsmith
Cc: mark at preferreddatasolutions dot com; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] optional interface

it seems as if it has something to do with the VLANs an interface of the
VMWare ESX can handle!
The problem is, that if I need one of the VLANs out of the Trunk I have
configured on the switchport I need to set up a dedicated interface in
VMWare for this particular VLAN only. That means: only this VLAN is
available on that interface. 

lnc0 --> nic0
lnc1 --> nic1
vlan1 --> lnc0 --> nic0
vlan2 --> lnc0 --> nic0
vlan3 --> lnc1 --> nic1

For every virtual machine I can only choose 1 item in a drop dow list
for the virtual network interface. So the result is only 1 VLAN or no
VLAN. And when I now try to access something in a different VLAN from
the virtual machine it is not accessible.


Basically what it means is, that I need a dedicated interface for every
VLAN I'd like to route to or a solution to add multiple VLANs to a NIC
in ESX server.


RIGHT?!


-----Original Message-----
From: Charles Goldsmith [mailto:wokka at justfamily dot org]
Sent: 08 October 2008 19:29
To: Brieseneck, Arne, VF-Group
Cc: mark at preferreddatasolutions dot com; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] optional interface

I've never trunked with a m0n0, but with native vlan 3 set, you
typically need to set the same native on the remote end, or you will get
errors on the cisco switch.  Check your logs on both ends for any
trunking or spanning tree errors.

Charles

On Wed, Oct 8, 2008 at 10:40 AM, Brieseneck, Arne, VF-Group
<Arne dot Brieseneck at vodafone dot com> wrote:
> Hi Mark,
>
> the switch is configured like that:
> interface GigabitEthernet0/31
>  switchport access vlan 3
>  switchport trunk encapsulation dot1q
>  switchport trunk native vlan 3
>  switchport trunk allowed vlan 3,510-610  switchport trunk pruning 
> vlan none  switchport mode trunk  switchport nonegotiate  switchport 
> port-security aging time 2  switchport port-security violation 
> restrict  switchport port-security aging type inactivity  speed 1000 
> duplex full  macro description cisco-desktop  flowcontrol receive on 
> spanning-tree portfast trunk  spanning-tree bpduguard enable
>
>
> and the firewall has any:any as default already. (you can not talk 
> about it as firewall now ;-)
>
>
> Do I need a dedicated LAN interface for every VLAN? I can't believe it
>
>
> Arne
>
> -----Original Message-----
> From: Mark Rinaudo [mailto:mark at preferreddatasolutions dot com]
> Sent: 08 October 2008 17:34
> To: Brieseneck, Arne, VF-Group
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] optional interface
>
> Arne,
>
> How is your switch configured on the port that's used by the LAN 
> interface?  If your using a vlan switch you need to make sure that LAN

> port is configured in Trunk mode to allow multiple vlans to pass 
> through it. You also need to make sure you have the proper rules in 
> your firewall for the corresponding optional interface.  The rules are

> for incoming traffic to the optional interface.
>
> Mark
>
>
>
> On Wed, 2008-10-08 at 17:02 +0200, Brieseneck, Arne, VF-Group wrote:
>> Hi all,
>>
>> I have successfully configured a Monowall with DMZ and LAN interface 
>> with 2 physical NICs in 2 VLANs.
>>
>> now I'd like to add 5 optional interfaces. all have separated VLANs.
>> When I try to ping from the monowall console to the IP (default GW of

>> the new optional LAN) I get a reply.
>>
>> But unfortunately no other host in the same VLAN can ping even the 
>> default GW.
>>
>>
>> What is going on here? Has anybody an idea?
>>
>>
>> THX a lot for your help
>> Arne
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch