Hello @misc,perhaps I'm stupid, but I don't see my fault in a vlan network configuration:
I got a OpenBSD 6.1 gateway box, connected to several switches. On em0 I habe to serve two networks: 172.16.210.0 (direct em0 - no vlan) 172.16.211.0 (VLAN 211 tagged on em0) ----------------------------On of my connections (em0) has a simple configuration on standard VLAN 1 (untagged):
# ifconfig em0em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
lladdr a0:36:9f:36:49:e6
description: sbc-ect-lan-ext
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.16.210.3 netmask 0xffffff00 broadcast 172.16.210.255
# cat /etc/hostname.em0
inet 172.16.210.3 255.255.255.0 172.16.210.255 description "sbc-ect-lan-ext"
------------------------------
This interface also is "CARPed":
# ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
index 8 priority 15 llprio 3
carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
groups: carp
status: backup
inet 172.16.210.1 netmask 0xffffff00 broadcast 172.16.210.255
# cat /etc/hostname.carp0
inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass
xxxxxxxx advskew 100
(this gateway is the CARP slave (backup) of a pair of redundant gateways) ------------------------------- Next: I want to have a VLAN on this interface em0:(the connected switch has a trunk configured this VLAN 210 (untagged) and VLAN 211 (tagged) - but I don't know if this information makes sense here)
# ifconfig vlan211
vlan211: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr a0:36:9f:36:49:e6
index 15 priority 0 llprio 3
vlan: 211 parent interface: em0
vnetid: 211
parent: em0
groups: vlan
status: active
inet 172.16.211.3 netmask 0xffffff00 broadcast 172.16.211.255
# cat /etc/hostname.vlan211
inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0
----------------------------------
corresponding routing table (excerpt):
# netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio
Iface
default 172.16.0.15 UGS 1 191 - 8 ... ... 172.16.210/24 172.16.210.3 UCn 1 1094 - 4 em0172.16.210/24 172.16.210.1 Cn 0 0 - 19 carp0 172.16.210.1 00:00:5e:00:01:01 UHLl 0 153 - 1 carp0
172.16.210.3 a0:36:9f:36:49:e6 UHLl 0 275 - 1 em0 172.16.210.10 00:08:25:22:50:e0 UHLc 0 158 - 3 em0 172.16.210.255 172.16.210.3 UHPb 0 0 - 1 em0172.16.210.255 172.16.210.1 HPb 0 0 - 1 carp0 172.16.211/24 172.16.211.3 UCn 0 1215 - 4 vlan211 172.16.211.3 a0:36:9f:36:49:e6 UHLl 0 0 - 1 vlan211 172.16.211.255 172.16.211.3 UHb 0 0 - 1 vlan211
----------------------------------------- My problem:I am only able to ping myself (VLAN 211) - end I _don't_ think it's a switch problem - because I get an "no route to host" error
# ping 172.16.211.3 # (my IP) PING 172.16.211.3 (172.16.211.3): 56 data bytes 64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms 64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms ... ...stupid but working as expected... # ping 172.16.211.2 # some other IP, same network PING 172.16.211.2 (172.16.211.2): 56 data bytes ping: sendmsg: No route to host ping: wrote 172.16.211.2 64 chars, ret=-1 ping: sendmsg: No route to host ping: wrote 172.16.211.2 64 chars, ret=-1 ping: sendmsg: No route to host ... The routing table then has added one new entry:172.16.211/24 172.16.211.3 UCn 1 1743 - 4 vlan211 172.16.211.2 link#15 UHLc 0 1684 - 3 vlan211 !!!!!!!!! 172.16.211.3 a0:36:9f:36:49:e6 UHLl 0 18 - 1 vlan211 172.16.211.255 172.16.211.3 UHb 0 0 - 1 vlan211
I'm clueless and don't know how to investigate further...In my pf.conf I tried to "temporarly annihilate" the rules on the em0 interface ("set skip on em0"), but that didn't help....
Any hints? head-scratching regards Andre Ruppert
smime.p7s
Description: S/MIME Cryptographic Signature
