[Techtalk] 802.1q VLAN and routing problem?

Jennifer Mehl jmehl at physics.ucsb.edu
Wed Jan 28 18:25:28 EST 2004 

Hello linuxchix list people,

Please be gentle; this is my first time posting.

I urgently need some advice on what I'm doing wrong.  I am trying to set up a RHEL v.3 box (kernel 2.4.21-9.EL) on a new Dell PowerEdge 650 as a multi-homed server (on one interface) using the 802.1q vlan support already built-in.  This server will ultimately be a DHCP server on 3 VLANs and a DNS server on 1 VLAN.  (Our HP router doesn't handle dhcp ip helper properly so this is our solution.)

Here is the network architecture:

Switch is an HP ProCurve 2424M and the port is set to tag the following VLANS: 36, 68, 96.

NIC on server:
--------------
Configured using vconfig to create VLAN interfaces (done in a custom startup script).

Used ifconfig to create:
eth1.36	128.111.8.241/24
eth1.68	128.111.16.44/24
eth1.96	128.111.23.8/24

eth1 is up but has no IP address assigned to it (I read somewhere that it needs to be this way.) 

Default gateway set as 128.111.16.1.

Results of ifconfig -a
-----------------------
eth1      Link encap:Ethernet  HWaddr 00:04:23:89:68:2D  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40177 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4453 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5481283 (5.2 Mb)  TX bytes:651663 (636.3 Kb)
          Interrupt:7 Base address:0xdc80 Memory:fcf80000-fcfa0000 

eth1.36   Link encap:Ethernet  HWaddr 00:04:23:89:68:2D  
          inet addr:128.111.8.241  Bcast:128.11.8.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2236488 (2.1 Mb)  TX bytes:16994 (16.5 Kb)Q

eth1.68   Link encap:Ethernet  HWaddr 00:04:23:89:68:2D  
          inet addr:128.111.16.44  Bcast:128.11.16.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20149 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4235 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1590095 (1.5 Mb)  TX bytes:597475 (583.4 Kb)

eth1.96   Link encap:Ethernet  HWaddr 00:04:23:89:68:2D  
          inet addr:128.111.23.10  Bcast:128.11.23.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7226 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:674796 (658.9 Kb)  TX bytes:252 (252.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1312 (1.2 Kb)  TX bytes:1312 (1.2 Kb

Results of route command:
-------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
128.111.8.0     *               255.255.255.0   U     0      0        0 eth1.36
128.111.16.0    *               255.255.255.0   U     0      0        0 eth1.68
128.111.23.0    *               255.255.255.0   U     0      0        0 eth1.96
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         128.111.16.1	   0.0.0.0         UG    0      0        0 eth1.68


Symptoms of the problem
-----------------------

--Hosts on the 8 subnet can ping the 8 address.  They can not ping the 16 or 23 addresses.

--Hosts on the 16 subnet can ping the 16 address. They can not ping the 8 or 23 addresses.

--Hosts outside our net can ping the 16 address.  They can not ping the 8 or 23 addresses.

--This host can ping any (otherwise accessible) host on any net.

--Dig works from outside nets to the DNS server listening on the 16 address.  Dig works from a host on the 16 subnet to the 16 address.  Dig does not work from hosts on the 8 subnet to the 16 address or from the 23 to the 16.

--DNS zone transfers (via TCP) are working from hosts on the 14 subnet to the 16 address.  They are working from a host on the 8 subnet to the 8 address (I have named using both the 8 and 16 interfaces as the transfer sources to further troubleshoot, but I'd like to use the 16 when it's all said and done.)

I have verified that my iptables is *not* blocking any of this traffic as the symptoms are the same with iptables off.

I suspect this is a routing issue, but I believe it's being further mucked up by my VLAN stuff.  Any help would be greatly appreciated... what am I missing? Sorry for such a long message.

--Jennifer


========================================
Jennifer L. Mehl
Senior Systems Administrator
University of California, Santa Barbara
Physics Computing Services
jmehl at physics.ucsb.edu
(805) 893-8366 work
(805) 451-7486 cell
========================================

More information about the Techtalk mailing list