Re: VLAN problems
- From: "Alexandre Biancalana" <biancalana@xxxxxxxxx>
- Date: Thu, 31 Jan 2008 14:23:36 -0300
On 1/30/08, Christopher Cowart <ccowart@xxxxxxxxxxxxxxxxxxxx> wrote:
Trunking is definitely what you want. I'm using it successfully
between Cisco switches and FreeBSD in a number of places.
Here's IOS:
| interface GigabitEthernet1/0/8
| description dev-wireless-aux
| switchport trunk encapsulation dot1q
| switchport trunk native vlan 8
| switchport trunk allowed vlan 88,665,679
| switchport mode trunk
| spanning-tree bpduguard enable
Here is my IOS:
interface GigabitEthernet3/18
description Novo FW01
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,11,16,20,200-205
switchport mode trunk
Here's rc.conf:
| ifconfig_fxp1="up"
| ifconfig_vlan88="inet 10.8.0.2 netmask 0xffffc000 vlan 88
| vlandev fxp1"
| ifconfig_vlan88_alias0="inet 10.8.0.1 netmask 0xffffffff"
| ifconfig_vlan665="inet 169.229.65.132 netmask 0xffffffc0 vlan 665
| vlandev fxp1"
| ifconfig_vlan679="inet 169.229.79.132 netmask 0xffffff80 vlan 679
| vlandev fxp1"
You may have already done so, but make sure your trunk is in dot1q mode.
The default trunking protocol is a Cisco proprietary something, if I
understand correctly.
My rc.conf is similar too...
But I think that I find the problem... I setup a test environment
similar to the production and to simulate the the traffic I'm using
netperf, here is the environment.
FW1 --- ----- M1
| |
--- cisco 4506 --
|
----- M2
The FW1 is the gateway connected to cisco 4506 throught bce1 gigabit
interface, on top of bce1 are configured the vlan2 and vlan5, M1 is a
machine connected to vlan2 and M2 is a machine connected to vlan5.
I'm running pf to filter the traffic between vlan in FW1,
Here is the result when I run netperf from M5 connecting M2 netserver
with FW1 pf enabled:
# netperf -H 10.2.0.46 -p 1025
TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.2.0.46
(10.2.0.46) port 0 AF_INET
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
65536 32768 32768 17.11 8.03
Here is the result when I run netperf from M5 connecting M2 netserver
with FW1 pf *disabled*:
# netperf -H 10.2.0.46 -p 1025
TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.2.0.46
(10.2.0.46) port 0 AF_INET
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
65536 32768 32768 11.45 92.35
I would expect some slow down or latency by enable pf, but not have a
10 times slow down.
Any other idea ?
Is Max Laier subscribed -net ?
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- References:
- VLAN problems
- From: Alexandre Biancalana
- Re: VLAN problems
- From: Tom Judge
- Re: VLAN problems
- From: Andrei Kolu
- Re: VLAN problems
- From: Alexandre Biancalana
- Re: VLAN problems
- From: Christopher Cowart
- VLAN problems
- Prev by Date: Re: tcp-md5 check for incomming connection
- Next by Date: Re: [PATCH] "/etc/rc.d/pf reload" fails if there are macros defined in pf_flags rcvar.
- Previous by thread: Re: VLAN problems
- Next by thread: Diffserv implementation
- Index(es):
Relevant Pages
|
|
