Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Routing between VLANs

  1. Default Routing between VLANs

    I apologize if this is a bit over-explained, I'm very familiar with Cisco environments but new to Linux.

    I'm attempting to set up a test bed network that currently contains three subnets and three future subnets trunked through a Cisco 2950 up to a SLES server. I have connectivity to my three active vlans, IE I can ping the vlan adapter address from clients. I've used YaST to enable IP Forwarding and ip route shows:

    192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
    10.99.0.0/16 dev vlan3 proto kernel scope link src 10.99.1.2
    10.198.0.0/16 dev vlan14 proto kernel scope link src 10.198.1.2
    10.16.0.0/16 dev vlan12 proto kernel scope link src 10.16.1.2
    10.98.0.0/16 dev vlan4 proto kernel scope link src 10.98.1.2
    10.199.0.0/16 dev vlan13 proto kernel scope link src 10.199.1.2
    10.6.0.0/16 dev vlan2 proto kernel scope link src 10.6.1.2
    169.254.0.0/16 dev eth1 scope link
    127.0.0.0/8 dev lo scope link

    These are all internal networks.
    .99, .98, and .6 are online
    .199, .198, and .16 are for a future network (The NIC is connected to a trunk port Cisco 2950 with the VLANs set up)
    192.168.0.0 is just an address on the physical NIC, it's not used


    All these VLANS ride eth1. Whenever I try to ping across networks with a client I can ping one of the vlan interfaces (IE I can ping 10.99.1.2 from the 10.98.0.0/16 network) but pinging any clients on another subnet return "destination protocol unreachable" I would appreciate any help I can get to resolve this. (I've seen the "how to turn linux into a router" articles and I can't grock an answer from them)

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    14,786

    Default Re: Routing between VLANs

    Hello,

    I see this is your first post here, thus: Welcome.

    As you have tried to post some computer text here (a router table), you will have noticed that on your terminal it was far more readable, To get the same effect here, please use the (a bit hidden function) of wrapping in CODE tags: http://forums.opensuse.org/english/i...ags-guide.html
    Henk van Velden

  3. Default Re: Routing between VLANs

    Quote Originally Posted by hcvv View Post
    As you have tried to post some computer text here (a router table), you will have noticed that on your terminal it was far more readable[/URL]
    For the ip route command it's kinda still the way that looks:

    Code:
    192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.254 
    10.99.0.0/16 dev vlan3  proto kernel  scope link  src 10.99.1.2 
    10.198.0.0/16 dev vlan14  proto kernel  scope link  src 10.198.1.2 
    10.16.0.0/16 dev vlan12  proto kernel  scope link  src 10.16.1.2 
    10.98.0.0/16 dev vlan4  proto kernel  scope link  src 10.98.1.2 
    10.199.0.0/16 dev vlan13  proto kernel  scope link  src 10.199.1.2 
    10.6.0.0/16 dev vlan2  proto kernel  scope link  src 10.6.1.2 
    169.254.0.0/16 dev eth1  scope link 
    127.0.0.0/8 dev lo  scope link
    Still working with my server to try and understand why I can't ping through it.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    14,786

    Default Re: Routing between VLANs

    Sorry, the
    Code:
    /sbin/route -n
    does make neat columns. Never mind. We allways like to see computer copied/pasted text between CODE tags. Prferable complete with the command one gives and the prompt before it. It tells a lot without the poster having to tell much.

    I only tried to welcome you and introduce you to an important, but not easy to find habit here.

    Hope that someone with real knowledsge about your problems shows up soon. But be aware that we are around the globe and some need sleep now and then
    Henk van Velden

  5. Default Re: Routing between VLANs

    When I get back to the lab tomorrow I'll paste the results from that command. I've started toying with quagga, the zebra daemon seems to give a cisco-like interface... but I still can't shake the feeling that everything _should_ be working at this point and it's driving me bonkers. Protocol unreachable should only apply to a layer above network... could VLAN tagging interfere with SLES forwarding ICMP traffic? I can do a tcpdump tomorrow if that would help...

  6. #6
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,712

    Default Re: Routing between VLANs

    Which ip is the interface of the router that routes traffic between networks ? or do You want your linux machine to be the router ?

    Best regards,
    Greg
    Best regards,
    Greg
    Box: Windows 7 / Windows XP | Intel Dual-Core E5200 | ATI Radeon HD4850 | 4GB RAM
    Lap: openSUSE 12.3 / Windows 7 | Intel U7300 | KDE | Intel GMA 4500 | Asus UL80A | 3GB RAM

  7. Default Re: Routing between VLANs

    Quote Originally Posted by glistwan View Post
    Which ip is the interface of the router that routes traffic between networks ? or do You want your linux machine to be the router ?
    First, here's the route -n:

    Code:
    rssCETserver1:~ # route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    10.99.0.0       0.0.0.0         255.255.0.0     U     0      0        0 vlan3
    10.198.0.0      0.0.0.0         255.255.0.0     U     0      0        0 vlan14
    10.16.0.0       0.0.0.0         255.255.0.0     U     0      0        0 vlan12
    10.98.0.0       0.0.0.0         255.255.0.0     U     0      0        0 vlan4
    10.199.0.0      0.0.0.0         255.255.0.0     U     0      0        0 vlan13
    10.6.0.0        0.0.0.0         255.255.0.0     U     0      0        0 vlan2
    169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    I have two Cisco 2950s set up using VLANs and trunking to my server, I got my hands on an old 2612 but it's got a token ring IOS on it (REALLY old 2612) so I'm attempting to use the SLES server to act as the router on a stick instead. All VLANs are coming in eth1 but I need the traffic between the 10.99, .98, and .6 networks to get routed. I _could_ set up a purpose server as I've seen suggested, but I'm out of lab space and I don't know if I can get another machine. For the test bed it would be a lot easier if I could just get this server to act as a router.

    Here's a TCPdump from the servers perspective, you can see the protocol unreachable responses to the ping request:

    Code:
    rssCETserver1:~ # tcpdump -i eth1 vlan 4 -v
    tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    10:30:45.007378 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto UDP (17), length 163) 10.98.1.50.31200 > 225.6.29.63.31200: UDP, length 135
    10:30:45.536385 01:00:0c:cc:cc:cd (oui Unknown) > 00:0f:8f:98:e2:8b (oui Unknown) SNAP Unnumbered, ui, Flags [Command], length 50
    10:30:46.190401 IP (tos 0x0, ttl 1, id 9973, offset 0, flags [none], proto UDP (17), length 161) 10.98.1.70.31200 > 225.6.29.63.31200: UDP, length 133
    10:30:46.990166 IP (tos 0x0, ttl 128, id 37207, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 38912, length 40
    10:30:46.990259 IP (tos 0xc0, ttl 64, id 366, offset 0, flags [none], proto ICMP (1), length 88) rssCETserver1.cet.ibm.com > 10.98.1.30: ICMP 10.99.1.1 protocol 1 unreachable, length 68
            IP (tos 0x0, ttl 127, id 37207, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 38912, length 40
    10:30:47.540577 01:00:0c:cc:cc:cd (oui Unknown) > 00:0f:8f:98:e2:8b (oui Unknown) SNAP Unnumbered, ui, Flags [Command], length 50
    10:30:47.907704 IP (tos 0x0, ttl 1, id 10893, offset 0, flags [none], proto UDP (17), length 167) 10.98.1.31.31200 > 225.6.29.63.31200: UDP, length 139
    10:30:47.979833 IP (tos 0x0, ttl 128, id 37208, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39168, length 40
    10:30:47.979901 IP (tos 0xc0, ttl 64, id 367, offset 0, flags [none], proto ICMP (1), length 88) rssCETserver1.cet.ibm.com > 10.98.1.30: ICMP 10.99.1.1 protocol 1 unreachable, length 68
            IP (tos 0x0, ttl 127, id 37208, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39168, length 40
    10:30:48.377415 IP (tos 0x0, ttl 2, id 35385, offset 0, flags [none], proto UDP (17), length 165) 10.98.1.40.31200 > 225.6.29.63.31200: UDP, length 137
    10:30:48.839440 IP (tos 0x0, ttl 1, id 37211, offset 0, flags [none], proto UDP (17), length 163) 10.98.1.30.31200 > 225.6.29.63.31200: UDP, length 135
    10:30:48.979935 IP (tos 0x0, ttl 128, id 37212, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39424, length 40
    10:30:48.979989 IP (tos 0xc0, ttl 64, id 368, offset 0, flags [none], proto ICMP (1), length 88) rssCETserver1.cet.ibm.com > 10.98.1.30: ICMP 10.99.1.1 protocol 1 unreachable, length 68
            IP (tos 0x0, ttl 127, id 37212, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39424, length 40
    10:30:49.544794 01:00:0c:cc:cc:cd (oui Unknown) > 00:0f:8f:98:e2:8b (oui Unknown) SNAP Unnumbered, ui, Flags [Command], length 50
    10:30:49.980059 IP (tos 0x0, ttl 128, id 37213, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39680, length 40
    10:30:49.980119 IP (tos 0xc0, ttl 64, id 369, offset 0, flags [none], proto ICMP (1), length 88) rssCETserver1.cet.ibm.com > 10.98.1.30: ICMP 10.99.1.1 protocol 1 unreachable, length 68
            IP (tos 0x0, ttl 127, id 37213, offset 0, flags [none], proto ICMP (1), length 60) 10.98.1.30 > 10.99.1.1: ICMP echo request, id 512, seq 39680, length 40
    10:30:50.007350 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto UDP (17), length 163) 10.98.1.50.31200 > 225.6.29.63.31200: UDP, length 135
    ^C
    17 packets captured
    17 packets received by filter
    0 packets dropped by kernel
    rssCETserver1:~ #

  8. #8
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,712

    Default Re: Routing between VLANs

    See if You've got routing enabled.

    Use YaST->system->/etc/sysconfig editor
    search for ip_forward.
    SUSE Paste

    Alternatively use this :
    How to enable IP Forwarding in Linux | MDLog:/sysadmin

    Best regards,
    Greg
    Best regards,
    Greg
    Box: Windows 7 / Windows XP | Intel Dual-Core E5200 | ATI Radeon HD4850 | 4GB RAM
    Lap: openSUSE 12.3 / Windows 7 | Intel U7300 | KDE | Intel GMA 4500 | Asus UL80A | 3GB RAM

  9. Default Re: Routing between VLANs

    I got called out of town, will try this on Monday. I didn't notice a flat out sysconfig editor in YaST! Thanks in advance, I'll let you know what happens when I get back!

  10. Default Re: Routing between VLANs

    Quote Originally Posted by glistwan View Post
    See if You've got routing enabled.

    Use YaST->system->/etc/sysconfig editor
    search for ip_forward.
    SUSE Paste

    Alternatively use this :
    How to enable IP Forwarding in Linux | MDLog:/sysadmin

    Best regards,
    Greg
    From YaST I show IP Routing enabled, this is what I get from the alternative method with some pings showing the connections are up:

    Code:
    rssCETserver1:/ # sysctl net.ipv4.ip_forward
    net.ipv4.ip_forward = 1
    rssCETserver1:/ # cat /proc/sys/net/ipv4/ip_forward
    1
    rssCETserver1:/ # ping 10.99.1.1
    PING 10.99.1.1 (10.99.1.1) 56(84) bytes of data.
    64 bytes from 10.99.1.1: icmp_seq=1 ttl=128 time=0.365 ms
    ^C
    --- 10.99.1.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 0.365/0.365/0.365/0.000 ms
    rssCETserver1:/ # ping 10.98.1.1
    PING 10.98.1.1 (10.98.1.1) 56(84) bytes of data.
    64 bytes from 10.98.1.1: icmp_seq=1 ttl=128 time=0.262 ms
    ^C
    --- 10.98.1.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 0.262/0.262/0.262/0.000 ms
    rssCETserver1:/ #
    And trying to ping through as a gateway:
    Code:
    C:\Users\IBM_ADMIN>ping 10.98.1.1
    
    Pinging 10.98.1.1 with 32 bytes of data:
    Reply from 10.99.1.2: Destination protocol unreachable.
    Reply from 10.99.1.2: Destination protocol unreachable.
    Reply from 10.99.1.2: Destination protocol unreachable.
    Reply from 10.99.1.2: Destination protocol unreachable.
    
    Ping statistics for 10.98.1.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •