Re: [m0n0wall] m0n0wall VLAN problem (bug found)

From:	"Allan D. Piske" <zyryz at terra dot com dot br>
To:	<daniele dot guazzoni at gcomm dot ch>, "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] m0n0wall VLAN problem (bug found)
Date:	Mon, 6 Sep 2004 01:58:20 -0300
I have already posted this before, but that i goes again ...
I've not tested the change in version 1.1 yet, but it should work
The modification was originally made on version 1.1b6
Here it is:
>>>
I discovered by testing  vlans in freebsd that the parent interface needs to
set up by ifconfig .. like ifconfig sis0 up,
so i hacked monowall and changed the /etc/inc/interfaces.inc and add the
following :

at line 63 ( after "$cmd" ... )
-------------------begin----------------------------
$cmd2 = "/sbin/ifconfig " .
              escapeshellarg($vlan['if']) . " up";
--------------------end-----------------------------

at row 77 (after mwexec($cmd); )insert:
-------------------begin-------------------------
mwexec($cmd2);
--------------------end--------------------------

this will acomplish bringing up interfaces at boot time.


regards,

Allan.

----- Original Message ----- 
From: "Daniele Guazzoni" <daniele dot guazzoni at gcomm dot ch>
To: "m0n0wall List" <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, September 05, 2004 10:20 PM
Subject: Re: [m0n0wall] m0n0wall VLAN problem (bug found)


> Allan
>
> you're right.
> I've really overseen this...
>
> The physical interface is automatically set to down as soon as you
> configure vlans.
>
> Is there a patch to release 1.1 ?
>
> Daniele
>
>
> Allan D. Piske wrote:
>
> > I don't know if that applies here, but since m0n0wall 1b16 ( when vlans
> > where introduced ) there is a but on the m0n0wall scripts that doesn't
set
> > "UP" the interfaces ...
> > when you type ifconfig command on the exec php script (
> > http://monowallip/exec.php ) you should see a UP flag on both fisical
and
> > logical interfaces .. to test it just type ifconfig interface up on the
same
> > exec script and see if it works ...
> > if yes, contact-me, i'll send instructions on howto fix it.
> >
> > bb,
> >
> > Allan.
> > zyryz at zyryz dot net
> >
> > ----- Original Message ----- 
> > From: "Jake S" <jake at agatestreet dot com>
> > To: <daniele dot guazzoni at gcomm dot ch>; "'m0n0wall List'"
<m0n0wall at lists dot m0n0 dot ch>
> > Sent: Saturday, September 04, 2004 12:18 PM
> > Subject: RE: [m0n0wall] m0n0wall VLAN (fxp and Cisco Catalyst) problem
> >
> >
> >
> >>Daniele,
> >>I will setup a test m0n0 wall here and let you know but from your
> >
> > interface
> >
> >>output it almost seems like there are no IP's assigned to vlan 100-104?
> >>
> >>$ ifconfig vlan1
> >>vlan1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>ether 00:50:8b:5a:26:f6
> >>media: Ethernet autoselect (100baseTX <full-duplex>)
> >>status: active
> >>vlan: 102 parent interface: fxp1
> >>
> >>$ ifconfig vlan2
> >>vlan2: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>ether 00:50:8b:5a:26:f6
> >>media: Ethernet autoselect (100baseTX <full-duplex>)
> >>status: active
> >>vlan: 103 parent interface: fxp1
> >>
> >>$ ifconfig vlan3
> >>vlan3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>ether 00:50:8b:5a:26:f6
> >>media: Ethernet autoselect (100baseTX <full-duplex>)
> >>status: active
> >>vlan: 104 parent interface: fxp1
> >>
> >>
> >>Other then that your switch config looks fine.
> >>
> >>Jake
> >>
> >>-----Original Message-----
> >>From: Daniele Guazzoni [mailto:daniele dot guazzoni at gcomm dot ch]
> >>Sent: Saturday, September 04, 2004 4:36 AM
> >>To: Jake S
> >>Subject: Re: [m0n0wall] m0n0wall VLAN (fxp and Cisco Catalyst) problem
> >>
> >>Jake
> >>
> >>It is a Cat 2950-24 with IOS 12.1.22 (c2950-i6q4l2-mz.121-22.EA1.bin).
> >>Attached you'll find the command results.
> >>I also tried to reduce the MTU to 1480 on the VLANs ( a tip I read
> >>somewhere on the web) which altough does not provide any help.
> >>
> >>Attached are the result of the commands on the cat and an ifconfig on
> >>the m0n0wall.
> >>
> >>Daniele
> >>
> >>Jake S wrote:
> >>
> >>>Can you provide the following commands?
> >>>
> >>>sho run
> >>>sho vlan
> >>>sho int trunk  <-- not sure if this one will be available to you or
not.
> >>>
> >>>Also... what IOS are you running on that switch?
> >>>
> >>>Thank you,
> >>>Jake Seitz - Founder
> >>>Agatestreet.com - Cleaning Inbox's one domain at a time!
> >>>http://www.agatestreet.com
> >>>d 1.866.850.1608
> >>>f 1.858.964.6461
> >>>
> >>>-----Original Message-----
> >>>From: Daniele Guazzoni [mailto:daniele dot guazzoni at gcomm dot ch]
> >>>Sent: Friday, September 03, 2004 6:01 PM
> >>>To: m0n0wall List
> >>>Subject: [m0n0wall] m0n0wall VLAN (fxp and Cisco Catalyst) problem
> >>>
> >>>I've configured my m0n0wall to use VLAN on an fxp dual 100baseTX card.
> >>>Actually VLANs 101 to 104 are configured on fxp1.
> >>>The fxp1 port is connected to a Cisco Catalyst 2950.
> >>>The cat port is configured for 802.1q trunking and it sees the VLANs.
> >>>
> >>>No traffic is passing from the m0n0wall to the VLANs on the Cat.
> >>>
> >>>Any idea ?
> >>>
> >>>
> >>>regards
> >>>
> >>>
> >>>------------------------------------------------------------------
> >>>
> >>>Daniele Guazzoni
> >>>Network & System Engineer
> >>>Cisco Certified Network Professional
> >>>
> >>>------------------------------------------------------------------
> >>>"Destiny is not a matter of chance, it is a matter of choice;
> >>>it is not a thing to be waited for, it is a thing to be achieved."
> >>>                         William Jennings Bryan
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
> >>Esta mensagem foi verificada pelo E-mail Protegido Terra.
> >>Scan engine: VirusScan / Atualizado em 01/09/2004 / Versão: 1.5.2
> >>Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/
> >>
> >>E-mail classificado pelo Identificador de Spam Inteligente Terra.
> >>Para alterar a categoria classificada, visite
> >>
> >
> >
http://www.terra.com.br/centralunificada/emailprotegido/imail/imail.cgi?+_u=zyryz&_l=1,1094311213.659857.18991.conventos.terra.com.br,4693,Des15,Des15
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.746 / Virus Database: 498 - Release Date: 31/8/2004
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> Esta mensagem foi verificada pelo E-mail Protegido Terra.
> Scan engine: VirusScan / Atualizado em 01/09/2004 / Versão: 1.5.2
> Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/
>
> E-mail classificado pelo Identificador de Spam Inteligente Terra.
> Para alterar a categoria classificada, visite
>
http://www.terra.com.br/centralunificada/emailprotegido/imail/imail.cgi?+_u=zyryz&_l=1094433698.2812.18451.pamplona.terra.com.br
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.746 / Virus Database: 498 - Release Date: 31/8/2004