I'm testing PF on a proposed network design and experiencing some
unexpected behavior. With three vlan(4) interfaces on the interior
of an OpenBSD gateway, each of the clients on a segment is able to
ping the gateway address for at least one of the other VLAN
gateways. I'm not sure whether this is a bug with OpenBSD or my
switch. I wouldn't be surprised that it's the fault of this Dell
PowerConnect 3024, but I'm still wondering why OpenBSD honors the
tagged packet on the wrong vlan(4) interface. I know the Dell
PowerConnects are crap, but it's what I have in my home for testing.
The production network will be running Catalyst 2950s.
The clients are all connected to untagged VLAN ports on the switch.
The OpenBSD gateway is plugged into a port tagged with all 3 VLANs.
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:d0:b7:bf:c6:95
vlan: 2 parent interface: fxp0
groups: vlan
inet6 fe80::2d0:b7ff:febf:c695%vlan0 prefixlen 64 scopeid 0x8
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:d0:b7:bf:c6:95
vlan: 3 parent interface: fxp0
groups: vlan
inet6 fe80::2d0:b7ff:febf:c695%vlan1 prefixlen 64 scopeid 0x9
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:d0:b7:bf:c6:95
vlan: 4 parent interface: fxp0
groups: vlan
inet6 fe80::2d0:b7ff:febf:c695%vlan2 prefixlen 64 scopeid 0xa
inet 10.20.20.1 netmask 0xffffff00 broadcast 10.20.20.255
==============
Test Summary
==============
Client 10.0.0.50
can ping 10.0.0.1
can not ping 10.10.10.1
can ping 10.20.20.1
Client 10.10.10.50
can ping 10.0.0.1
can ping 10.10.10.1
can ping 10.20.20.1
Client 10.20.20.50
can not ping 10.0.0.1
can ping 10.10.10.1
can ping 10.20.20.1
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
