Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 11:53:59 am

Login with username, password and session length

Download the latest community FREE version  HERE
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  VLAN doesn't work with Endian
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: VLAN doesn't work with Endian  (Read 21408 times)
jrjorro
Jr. Member
*
Offline Offline

Posts: 2


« on: Thursday 28 July 2011, 11:38:54 pm »

Hi all,


I have a switch dell managed and endian 2.41 and I need to separate vlan for my departments.

On the switch created a VLAN ID 10 and set T (taggled) in door 01.  In 5 to 15 with U (Untaggled).

In the Endian created a VLAN ID 10 on Blue Zone (initially configured with 192.168.10.0/24 - "command line").


Problems:

1. The BLUE network card that was configured with ip 192.168.5.1 no ip is after the creation of vlan. Is that correct?
  2. I dont know how to set the IP address of VLAN 10. (I configured the hand ifconfig 192.168.10.1/24)
  3. I dont know how to enable dhcp via interaface graphical VLAN. (Can?)
  4. I need to activate a module, type the 802q in Endian?
  5. I cannot connect to the machine with ping (workstation).
  5. Tcpump returns me the following:

tcpdump -i eth1.10
Quote
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1.10, link-type EN10MB (Ethernet), capture size 96 bytes
19:18:33.834713 IP 192.168.10.5 > 192.168.10.1: icmp 40: echo request seq 57097
19:18:33.835080 arp who-has 192.168.10.5 tell 192.168.10.1
19:18:33.835239 arp reply 192.168.10.5 is-at 00:21:70:6a:d1:43
19:18:34.835073 arp who-has 192.168.10.5 tell 192.168.10.1
19:18:34.835391 arp reply 192.168.10.5 is-at 00:21:70:6a:d1:43
19:18:35.835073 arp who-has 192.168.10.5 tell 192.168.10.1
19:18:35.835391 arp reply 192.168.10.5 is-at 00:21:70:6a:d1:43
19:18:36.817874 IP 192.168.10.5 > 192.168.10.1: icmp 40: echo request seq 57353
19:18:39.334376 IP 192.168.10.5 > 192.168.10.1: icmp 40: echo request seq 57609
19:18:39.335084 arp who-has 192.168.10.5 tell 192.168.10.1
19:18:39.335271 arp reply 192.168.10.5 is-at 00:21:70:6a:d1:43

Can anyone help me with the infrastructure _endian <-> switch <-> machine_?
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Friday 29 July 2011, 02:49:21 am »

VLAN's works in Endian, I had like 4 VLAN's without problems. If itsn't working for you maybe your NIC doesn't support VLAN's on Linux or your config is incorrect.

Don't  change anything via ifconfig, you must use either Web or the configs in  /var/efw/ethernet.
Usually you need two NICs. Let's say you will use eth0 for VLANS, and eth1 for red:

-On Endian, use eth1 as your temp green.
-Remove any usage of eth0 from any zone. Save config.
-Create vlans on eth0.
-Assing zone to the newly created VLAN's. E.g. eth0.10 to GREEN and eth0.20 to BLUE.
-Assign eth1 to Red.
-Save and restart.

You can do all those configs by editing the config files, but this is a risky workaround. If you are not confident with linux, you could break the interface configs and lost external connection to EFW.

Switch Port must be in trunk mode with Tagged VLAN's for the EFW. The machines must be with untagged VLAN.

Logged
jrjorro
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Tuesday 02 August 2011, 08:03:47 am »

Hi mrkroket!

Thank you so much!

With your help I could create 2 VLAN´s and now everything works, I set up the VLAN´s and DHCP via web.

Now I need your help for another problem. How can I create more than 2 VLANs? In the web interface i can only manage 2 VLANs? Is this right?

Thank you mrkroket.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Wednesday 03 August 2011, 04:11:18 am »

Endian supports unlimited VLANs.
The problem? Endian only supports 3 User Zones (Green, Blue and Orange), each one with one DHCP server.
You can have eth0.2, eth0.3 .... eth0.60 assigned to Green, and other vlans assigned to Blue.
But if you want client isolation between eth0.2 and eth0.3 (both on GREEN), you must use an external DHCP server for each VLAN and create interzone FW rules .
Endian as of now can't send different subnets to VLAN's, only to Zones.


Endian should allow to create more user zones. This way it would become terribly flexible.

I am limited for that issue. I have 3 Zones using VLAN (Orange for DMZ, Blue for Wifi Guest and Green for everything else). I'll do client isolation by ACL's on Layer 2/3 switches
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com