On Nov 24, 2005, at 2:29 AM, Camiel Dobbelaar wrote:
On Thu, 24 Nov 2005, Jason Dixon wrote:
I'm testing PF on a proposed network design and experiencing some
unexpected
behavior. With three vlan(4) interfaces on the interior of an
OpenBSD
gateway, each of the clients on a segment is able to ping the
gateway address
for at least one of the other VLAN gateways. I'm not sure whether
this is a
bug with OpenBSD or my switch. I wouldn't be surprised that it's
the fault of
this Dell PowerConnect 3024, but I'm still wondering why OpenBSD
honors the
tagged packet on the wrong vlan(4) interface. I know the Dell
PowerConnects
are crap, but it's what I have in my home for testing. The
production network
will be running Catalyst 2950s.
The clients are all connected to untagged VLAN ports on the
switch. The
OpenBSD gateway is plugged into a port tagged with all 3 VLANs.
Your clients have the OpenBSD system as their gateway right?
Yes.
I think it's normal for a multi-homed BSD system to accept traffic
for all
it's IP addresses (even with forwarding turned off).
That does not explain why some of your ping tests fail though.
I suspect the failed pings are the cause of the switch. For example,
traffic wouldn't work at all until I:
a) enable tagged vlan on the client port
b) apply the change
c) enable untagged vlan on the client port
d) apply the change
Packets get passed the moment I apply this final setting and not a
moment before. I think you're probably right about OpenBSD
responding for all homed segments, but this is just an example of how
hokey this switch can be.
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
