Post by cerberus on Apr 10, 2015 11:38:35 GMT
My isp provides full service: Internet, telephone and television. Each service delivered in its own Vlan on the trunk; Internet with tag 6, Television with tag 4, and telephony with tag 7.
When I only use the internet my Monowall Version 1.8.1 built on Wed Jan 15 13:32:38 CET 2014 on Platform Soekris net5501 with Hardware crypto AMD Geode LX Security Block (enabled) handles de-tagging easily:
Excerpts from /Downloads/config-cer[..]:
<vlans>
<vlan><if>vr1</if><tag>6</tag><descr>xs4all internet</descr></vlan> “vlan0 !?”
<vlan><if>vr1</if><tag>4</tag><descr>xs4all television</descr></vlan> “vlan1 !?”
<vlan><if>vr1</if><tag>7</tag><descr>xs4all telephone</descr></vlan> “vlan2 !?”
</vlans>
[..]
<interfaces>
<lan>
<if>vr0</if>
<ipaddr>192.168.60.254</ipaddr><subnet>24</subnet><media/><mediaopt/>[..]
</lan>
<wan>
<if>vlan0</if>
<blockpriv/><media/><mediaopt/><spoofmac/>
<ipaddr>pppoe</ipaddr><ipaddr6>ppp</ipaddr6>
</wan>
[..]
I'm now trying to configure the television and I would like interface vr3 to be an untagged (switch speak) port on vlan1 (tagged 4 on trunk vr1) but all I can find:
<interfaces>
[..]
<opt2>
<if>vr3</if><descr>vlan 4 bridge</descr>
<ipaddr>192.168.30.254</ipaddr><subnet>24</subnet>“Residue of former configurations?!”
<bridge>opt3</bridge><enable/>
</opt2>
<opt3>
<if>vlan1</if><descr>vlan 4</descr>
<ipaddr>xxx.xxx.xxx.xxx</ipaddr><subnet>xx</subnet>
<bridge/>
<slalen>0</slalen><enable/>
</opt3>
With above configuration I connected the settop-box to vr3 and fired it up. It goes into error mode telling me that it is unable to find a dhcp server. (Wireshark tells me the Arcadyan broadcasts UDP from 0:0:0:0 port 68 to 255:255:255:255 port 67 and no respons is seen). The mono log tells me it blocked the Arcadyan broadcasts:
Which accounts for the lack of response but does offer no hint to a solution within monowall.
I know I can solve this useing a vlan capable switch (and 'detrunk' in that) but this would considerably enlarge my footprint.
So every comment is appreciated, but solutions only useingMonoSmallwall even more so.
Jaap
When I only use the internet my Monowall Version 1.8.1 built on Wed Jan 15 13:32:38 CET 2014 on Platform Soekris net5501 with Hardware crypto AMD Geode LX Security Block (enabled) handles de-tagging easily:
Excerpts from /Downloads/config-cer[..]:
<vlans>
<vlan><if>vr1</if><tag>6</tag><descr>xs4all internet</descr></vlan> “vlan0 !?”
<vlan><if>vr1</if><tag>4</tag><descr>xs4all television</descr></vlan> “vlan1 !?”
<vlan><if>vr1</if><tag>7</tag><descr>xs4all telephone</descr></vlan> “vlan2 !?”
</vlans>
[..]
<interfaces>
<lan>
<if>vr0</if>
<ipaddr>192.168.60.254</ipaddr><subnet>24</subnet><media/><mediaopt/>[..]
</lan>
<wan>
<if>vlan0</if>
<blockpriv/><media/><mediaopt/><spoofmac/>
<ipaddr>pppoe</ipaddr><ipaddr6>ppp</ipaddr6>
</wan>
[..]
I'm now trying to configure the television and I would like interface vr3 to be an untagged (switch speak) port on vlan1 (tagged 4 on trunk vr1) but all I can find:
<interfaces>
[..]
<opt2>
<if>vr3</if><descr>vlan 4 bridge</descr>
<ipaddr>192.168.30.254</ipaddr><subnet>24</subnet>“Residue of former configurations?!”
<bridge>opt3</bridge><enable/>
</opt2>
<opt3>
<if>vlan1</if><descr>vlan 4</descr>
<ipaddr>xxx.xxx.xxx.xxx</ipaddr><subnet>xx</subnet>
<bridge/>
<slalen>0</slalen><enable/>
</opt3>
With above configuration I connected the settop-box to vr3 and fired it up. It goes into error mode telling me that it is unable to find a dhcp server. (Wireshark tells me the Arcadyan broadcasts UDP from 0:0:0:0 port 68 to 255:255:255:255 port 67 and no respons is seen). The mono log tells me it blocked the Arcadyan broadcasts:
13:02:08.649121 | vlan 4 bridge | 0.0.0.0, port 68 | 255.255.255.255, port 67 | UDP |
13:02:08.649104 | bridge0 | 0.0.0.0, port 68 | 255.255.255.255, port 67 | UDP |
13:02:08.649053 | vlan 4 bridge | 0.0.0.0, port 68 | 255.255.255.255, port 67 | UDP |
Which accounts for the lack of response but does offer no hint to a solution within monowall.
I know I can solve this useing a vlan capable switch (and 'detrunk' in that) but this would considerably enlarge my footprint.
So every comment is appreciated, but solutions only useing
Jaap