VLAN woes (by alaric)
Anyway, I happened to obtain two VLAN-capable switches, that were on their way to a skip due to being replaced by more capable units, so I've changed over to using VLANs. I still have the long cable from the ADSL router to the airing cupboard, but there it disappears into a switch and becomes part of the 'external' VLAN. In the airing cupboard, the router is connected to all three VLANs (by three patch cables, rather than an 802.1Q trunk, just because I can't be bothered to configure it for that right now), but the cable from the airing cupboard to the office now is a trunk, carrying all three VLANs. In the office sits the second switch, providing all the machines with a connection to the internal VLAN, except for the fileserver, which is fed an 802.1Q trunk so that it can be on all three VLANs.
What this means is that any bit of hardware within reach of a switch can now be on whichever VLANs I desire, rather than needing to be near the ADSL router (for the external LAN), the airing cupboard (for the wireless LAN), or in the office (for the internal LAN). The big win there is that the file server can now present an interface to the wireless LAN, allowing it to export stuff to it via protocols that rely on broadcasts (SMB and DAAP in particular).
However, setting my NetBSD server up to do 802.1Q has been a bit of a pain...
The man page for the vlan driver explains how you have to set up vlan virtual interfaces that connect to a given physical interface, with a specified vlan ID. Which I did, as per the examples, but not a packet flowed either way.
Then while fiddling with it I changed back to non-VLAN networking, and then back again, this time by just resetting the network system rather than a reboot (I'd been doing reboots, to make sure that my configuration was correctly done so would work properly after reboots in future, rather than messing with manual ifconfig
s until it worked then trying to set up the configuration files to do the same thing in future...) - and suddenly it worked fine.
Turns out that what the manual page doesn't tell you is that, obviously, you need to explicitly bring the physical interface 'up' - NetBSD does this automatically if you specify an IP address for an interface, but since the physical interface behind a bunch of vlans has no IP address, it wasn't being brought up. Putting up
in /etc/ifconfig.vr0
fixed this. Hurrah! VLANs!
By Ben, Tue 16th Jan 2007 @ 8:30 am
Is OpenBSD's pf in the mix? If so, you might want a line like
scrub out on $if max-mss 1440
or something.