mac learning on tagged vlans

[wuciwug]

Hi,

I have a simple setup.

An Edge router plugged into port 2 on my switch
On Port 3 I have a dumb switch with 192.X IPs which is in vlan 66 (untagged on ports 2 and 3)
On Port 4 I have a dumb switch with 10.80 IPs which is in vlan 67 (tagged on port 2, untagged on 4)

The ER tags 10.X IPs (vlan 67) and 192's are untagged so I expect the netonix to divide them and away we go.

I have IP's on the netonix VLAN's for testing my ER can ping 192.168.41.252 (untagged) on the netonix, but not 10.80.1.252 (tagged).
The netonix can ping my ER's 192 IP and devices on the switch on port 3.
The netonix can ping any devices on the untagged port 4 in VLAN67, but not my ER in the tagged port

When I look at the mac table I get this



Which suggests the netonix thinks the IP for my ER's mac in vlan67 is 192... which it's not..

My vlan config


And my Edge router



The mac table on my ER doesn't seem to learn 10.x address's

All the 10.x devices on port 4 are merrily ARP polling for their gateways

Firmware on both devices is the latest stable

What have I missed?

[sirhc]

We can not see your pictures as they are mapped to your local drive.

To upload images so we can see them use the "upload attachment" under the BLUE submit button.

[wuciwug]

Ah sorry, links to imgur pages rather than the images themselves..

Should make more sense now.

cheers

[Eric Stern]

Have you actually encountered any problems? ie something not working?

[wuciwug]

Hi,

Yes, tagged packets aren't getting through the switch.

As stated above

I have IP's on the netonix VLAN's for testing my ER can ping
192.168.41.252 (untagged) on the netonix, but not 10.80.1.252 (tagged). < These are the IPs on the netnonix

From the netonix [b]GUI I [/b]can ping my ER's 192 IP and devices on the switch on port 3.
BUT from netonix GUI I I can ping devices on the untagged port (port 4) in VLAN67, but not my ER in the tagged port (port 3 vlan 67)

No firewall on the ER
No evidence to suggest the netonix switch is learning the mac in vlan67, normally I'd expect the mac to appear twice (once for each vlan)

My problem is my ER can't see (no arp after ping, nothing on the remote TCPDUMP) devices when passed to the netonix switch on a tagged VLAN.

If I replace the Netonix with a toughswitch, all is well (apart from having a toughswitch) I'm sure its a config problem on the switch but I'm unable to see what I'm doing wrong.

Any assistance greatly appreciated.

[Eric Stern]

Can I see your Ports tab?

[wuciwug]

See below




cheers

[Eric Stern]

Enable Multicast (MC) on all the ports.

[wuciwug]

Ok, enabled multicast on all the ports.

Disabled and enabled the vlan
Changed the netonix vlan int IP
Disabled the netonix vlan IP

In all cases, not traffic gets through....

Still shows

Code: Select all

 44-d9-e7-95-94-2a 2 67 Ubiquiti Networks Inc. 192.168.41.1

In the VLAN tab (in vlan 67 it should be on a 10.x IP)

Interestingly if I tcpdump my ER I do see arp.... but just hosts searching. No replies from the ER.. and no icmp packets (which I'm generating) if the switch was working correctly I should see those, either because the netonix switch knows the mac and sends it to the right port or because the hosts know each others mac or because the switch doesn't know where to send it so broadcasts it.

Code: Select all

 root@ubnt:/home/ubnt# tcpdump -ni eth2.67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2.67, link-type EN10MB (Ethernet), capture size 262144 bytes
21:40:35.700178 ARP, Request who-has 10.80.1.254 tell 10.80.1.11, length 46
21:40:35.858040 ARP, Request who-has 10.80.1.254 tell 10.80.1.12, length 46
21:40:35.957915 ARP, Request who-has 10.80.1.254 tell 10.80.1.14, length 46
21:40:36.700064 ARP, Request who-has 10.80.1.254 tell 10.80.1.11, length 46
21:40:36.792621 ARP, Request who-has 10.80.1.254 tell 10.80.1.15, length 46
21:40:36.858023 ARP, Request who-has 10.80.1.254 tell 10.80.1.12, length 46
21:40:37.700029 ARP, Request who-has 10.80.1.254 tell 10.80.1.11, length 46
21:40:37.700209 ARP, Request who-has 10.80.1.254 tell 10.80.1.16, length 46
21:40:37.792613 ARP, Request who-has 10.80.1.254 tell 10.80.1.15, length 46
21:40:38.089991 ARP, Request who-has 10.80.1.254 tell 10.80.1.13, length 46
21:40:38.700033 ARP, Request who-has 10.80.1.254 tell 10.80.1.16, length 46
21:40:38.792585 ARP, Request who-has 10.80.1.254 tell 10.80.1.15, length 46

 

I tried adding a static mac record....

Still no gravy, I then tried pinging hosts on the LAN from the ER and I noticed this

Code: Select all

 21:42:57.767446 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.80.1.254 tell 10.80.1.11, length 46
21:42:57.846249 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.80.1.254 tell 10.80.1.16, length 46
21:42:57.846516 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.80.1.25 [b]tell 192.168.41.1[/b], length 28
21:42:57.909270 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.80.1.254 tell 10.80.1.17, length 46
21:42:57.950173 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.80.1.254 tell 10.80.1.15, length 46

 

Now I didn't think that was correct.... so I tested on another ER and the source address was in the same subnet (as I'd expect)

The Netonix mac-address in the GUI still shows the wrong IP address in the VLAN (as above)

I fixed it by

Code: Select all

  ip route change 10.80.1.0/24 dev eth2.67 src 10.80.1.254

So seems to be more of a ER problem than a netonix one (though the GUI is obviously wrong, it does seem to switch sufficiently close to the standard to work)

[wuciwug]

Also worth noting I've disabled multicasting again (still works)