[CentOS] VLAN issue

Mon Jan 26 00:13:06 UTC 2015
Boris Epstein <borepstein at gmail.com>

And additionally here are the detailed port configs on the switch end:

hq>show interface Gi1/0/3 switchport
Name: Gi1/0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 48 (VLAN0048)
Trunking Native Mode VLAN: 48 (VLAN0048)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
hq>show interface Gi1/0/3 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/3     on               802.1q         trunking      48

Port        Vlans allowed on trunk
Gi1/0/3     1-4094

Port        Vlans allowed and active in management domain
Gi1/0/3     1-3,7,48-50

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/3     1-3,7,48-50
hq>

Boris.

On Sun, Jan 25, 2015 at 7:05 PM, Boris Epstein <borepstein at gmail.com> wrote:

> Thank you everyone.
>
> OK, the mystery deepens, I guess. The machine does need to support several
> VLAN's, it is currently on a trunkport (8021q encapsulated), it made it
> into the ARP table - which I specifically tested for by physically
> unplugging the table, clearing the ARP table and plugging it back in.
>
> The ARP table currently looks like this:
>
> hq#show arp
> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
> Internet  192.168.48.100          0   0025.6440.0301  ARPA   Vlan48
> Internet  192.168.48.101          -   001b.906a.bcc4  ARPA   Vlan48
> Internet  192.168.48.1            0   0025.6440.063f  ARPA   Vlan48
> Internet  192.168.2.52            0   0025.6440.0547  ARPA   Vlan2
> Internet  192.168.3.1             -   001b.906a.bcc2  ARPA   Vlan3
> Internet  192.168.2.1             -   001b.906a.bcc1  ARPA   Vlan2
> Internet  192.168.7.1             -   001b.906a.bcc3  ARPA   Vlan7
> hq#
>
> The network config on the machine currently looks like this: it has
> nothing assigned to eth0, eth0.48 = 192.168.48.100/24, eth0.49 =
> 192.168.49.100/24, eth0.50 = 192.168.50.100/24.
>
> And - even though the ARP table seems to be OK - there is no connectivity!
>
> Boris.
>
>
>
> On Sun, Jan 25, 2015 at 11:42 AM, Les Mikesell <lesmikesell at gmail.com>
> wrote:
>
>> On Sun, Jan 25, 2015 at 8:38 AM, Andrew Holway <andrew.holway at gmail.com>
>> wrote:
>> > On 25 January 2015 at 15:12, Boris Epstein <borepstein at gmail.com>
>> wrote:
>> >
>> >> OK... but why does it need to be a trunk port?
>> >>
>> >
>> > Because a trunk port will "trunk" the vlan.
>> >
>> > A VLAN is basically a 4 byte "tag" that gets injected into the packet
>> > header when the packet enters the VLAN network. When we trunk a VLAN we
>> say
>> > to the switch "pass packets on VLAN x but do not strip the tag out".
>> >
>> > You can either terminate the VLAN at the switch port (untagged) which
>> will
>> > strip out the VLAN tag or you can pass the packet containing the VLAN
>> tag
>> > to the computer or other device(tagged/trunk). This device can then pull
>> > out the tag. On linux this mechanism is done by an 8021q VLAN interface.
>> >
>> > Hope this is useful.
>> >
>>
>> Just to add to that - normally if a host only needs to be on one
>> subnet you would use an access port on the switch to select a single
>> vlan and deliver those packets untagged so the host does not need to
>> care about tags or vlan numbers.   And to that end, switches default
>> to treating everything as access ports on native/untagged vlan 0
>> unless configured otherwise.   However, if the host needs interfaces
>> on multiple subnets, you can do it on a single network connection by
>> giving it a trunk connection from the switch and letting it split out
>> the vlan interfaces internally.
>>
>> --
>>    Les Mikesell
>>       lesmikesell at gmail.com
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>