The Netgear switch does not have a built in DHCP server. DHCP is running on Shorewall box, it provides IP addresses for both VLANs.
I think that the setting of switch port tagging is correct. Bohuslav ______________________________________________________________ > Od: "Simon Hobson" <li...@thehobsons.co.uk> > Komu: "Shorewall Users" <shorewall-users@lists.sourceforge.net> > Datum: 11.09.2018 14:45 > Předmět: Re: [Shorewall-users] Shorewall and VLAN routing > >Bohuslav Moravec <bo...@centrum.cz> wrote: > >> I have this working network configuration with two VLANs and a Linux router >> with DHCP server and Shorewall. >> >> ISP >> | >> | eth0 >> |-----------| >> | | >> | Shorewall | >> | | >> |-----------| >> | eth1 192.168.10.1 >> | eth1.20 192.168.20.1 (802.1Q VLAN tagging) >> | >> | VLAN trunk >> | >> | 192.168.10.254 (VLAN10 switch virtual interface) >> | 192.168.20.254 (VLAN20 switch virtual interface) >> |-----------| >> | Netgear | VLAN10 >> | switch |------- >> | | 192.168.10.0/24 >> |-----------| GW 192.168.10.1 >> | >> | >> |VLAN20 >> |192.168.20.0/24 >> |GW 192.168.20.1 >> >> >> The internal physical network interface of the shorewall box has a second >> virtual interface eth1.20 with 802.1q vlan tagging on. The default gateway >> for network computers is setup to the linux router. Gateway for VLAN10 is >> 192.168.10.1 and gateway for VLAN 20 is 192.168.20.1. With this >> configuration I can acces the internet and communicate between both VLANs. >> All communication between VLANs goes through the linux router. >> >> Because my switch supports VLAN routing I tried to use it as a router to >> speed up communication between VLANs. > >OK, you have duplicated things. You EITHER do routing in the Shorewall box and >turn off routing in the switch OR you do routing in the switch and not in the >shorewall box. But as you've configured the IPs, this should still work as >nothing *should* be using the switch router interfaces as the gateway - are >you running DHCP ? On the Shorewall box, the switch, or both ? If you have a >DHCP server running on the switch (it may have been "helpfully" enabled >automatically when you enabled routing) then clients will get leases pointing >to the wrong gateway - and the switch may not know how to route outside >traffic. > >Also, double check your switch port configs. The port connecting to the >Shorewall box must be in tagged+untagged mode, and the native VLAN set to 10 >(it probably defaults to 1). This means that traffic to/from VLAN 10 is >handled as untagged traffic on the trunk port, and VLAN 20 traffic is handled >as tagged traffic. The other ports must be set to untagged only, and the >native VLAN set to 10 or 20 as required. I think I've only done VLANs on a >Netgear switch once, some years ago - and found it "not very intuitive" to >configure. > > > > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users > > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
