Link to home
Start Free TrialLog in
Avatar of ammadeyy2020
ammadeyy2020

asked on

vlan issue

based on the diagram below.......................

To give internet access to clients on different ranges, I have added virtual networks to linux
Eg: vlan interface on linux
192.168.10.10
192.168.20.10
192.168.30.10
All clients on all ranges can ping to 192.168.10.10, they can get internet but they get time out often

I have the same scenario with Microsoft ISA 2006, I dont get any time out issue.
Will it be because I have vlan on switch as well as vlan on linux
Drawing2.jpg
Avatar of z_kwecka
z_kwecka
there is few things that would be nice to know beforehand:

- what are the default-gateways set on your hosts
- is the port connected to the firewall in the trunking mode, if yes what is the vlan encapsulation?

cheers
Avatar of ammadeyy2020
ammadeyy2020

ASKER

hosts on range 192.168.20.0/24 gateway is 192.168.20.1
192.168.30.0/24 gateway is 192.168.30.1

port connected to firewall is in access mode
Avatar of ammadeyy2020
ammadeyy2020

ASKER

Router Configuration

!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 speed auto
!
interface FastEthernet0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
!
interface FastEthernet0.50
 encapsulation dot1Q 50
 ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0.60
 encapsulation dot1Q 60
 ip address 192.168.60.1 255.255.255.0
!
interface FastEthernet0.70
 encapsulation dot1Q 70
 ip address 192.168.70.1 255.255.255.0
!
interface FastEthernet0.80
 encapsulation dot1Q 80
 ip address 192.168.80.1 255.255.255.0
!
interface FastEthernet0.90
 encapsulation dot1Q 90
 ip address 192.168.90.1 255.255.255.0
 ip access-group 2 out
!
ip default-gateway 192.168.10.10
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.10
ip route 0.0.0.0 0.0.0.0 192.168.10.20
ip route 192.168.20.0 255.255.255.0 192.168.10.20
no ip http server
!
ip access-list extended DMZ_TRAFFIC_IN
 permit tcp any 192.168.20.0 0.0.0.255 eq 445
 permit icmp any 192.168.20.0 0.0.0.255
 permit tcp any 192.168.20.0 0.0.0.255 eq 3772
 permit tcp any 192.168.20.0 0.0.0.255 eq 3773
 permit tcp any 192.168.20.0 0.0.0.255 eq 3774
 permit tcp any 192.168.20.0 0.0.0.255 eq 3775
 permit tcp any 192.168.20.0 0.0.0.255 eq 3776
 permit tcp any 192.168.20.0 0.0.0.255 eq 3777
 permit tcp any 192.168.20.0 0.0.0.255 eq 3778
 permit tcp any 192.168.20.0 0.0.0.255 eq 3779
 permit tcp any 192.168.20.0 0.0.0.255 eq 139

Router#
Avatar of ammadeyy2020
ammadeyy2020

ASKER

switch configuration

!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
 switchport access vlan 10
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 20
!
interface FastEthernet0/4
 switchport access vlan 20
!
interface FastEthernet0/5
 switchport access vlan 20
!
interface FastEthernet0/6
 switchport access vlan 20
!
interface FastEthernet0/7
 switchport access vlan 30
!
interface FastEthernet0/8
 switchport access vlan 30
!
interface FastEthernet0/9
 switchport access vlan 30
!
interface FastEthernet0/10
 switchport access vlan 30
!
interface FastEthernet0/11
 switchport access vlan 30
!
interface FastEthernet0/12
 switchport access vlan 30
!
interface FastEthernet0/13
 switchport access vlan 30
!
interface FastEthernet0/14
 switchport access vlan 30
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/16
 switchport access vlan 40
!
interface FastEthernet0/17
 switchport access vlan 40
!
interface FastEthernet0/18
 switchport access vlan 40
!
interface FastEthernet0/19
 switchport access vlan 40
!
interface FastEthernet0/20
 switchport access vlan 40
!
interface FastEthernet0/21
 switchport access vlan 40
!
interface FastEthernet0/22
 switchport access vlan 40
!
interface FastEthernet0/23
 switchport access vlan 40
!
interface FastEthernet0/24
 switchport access vlan 40
!
interface FastEthernet0/25
 switchport access vlan 40
!
interface FastEthernet0/26
 switchport access vlan 50
!
interface FastEthernet0/27
 switchport access vlan 50
!
interface FastEthernet0/28
 switchport access vlan 50
!
interface FastEthernet0/29
 switchport access vlan 50
!
interface FastEthernet0/30
 switchport access vlan 50
!
interface FastEthernet0/31
 switchport access vlan 60
!
interface FastEthernet0/32
 switchport access vlan 60
!
interface FastEthernet0/33
 switchport access vlan 60
!
interface FastEthernet0/34
 switchport access vlan 60
!
interface FastEthernet0/35
 switchport access vlan 60
!
interface FastEthernet0/36
 switchport access vlan 70
!
interface FastEthernet0/37
 switchport access vlan 80
!
interface FastEthernet0/38
 switchport access vlan 80
!
interface FastEthernet0/39
 switchport access vlan 80
!
interface FastEthernet0/40
 switchport access vlan 80
!
interface FastEthernet0/41
 switchport access vlan 80
!
interface FastEthernet0/42
 switchport access vlan 80
!
interface FastEthernet0/43
 switchport access vlan 80
!
interface FastEthernet0/44
 switchport access vlan 10
!
interface FastEthernet0/45
 switchport access vlan 80
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
 switchport access vlan 90
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
 ip address 192.168.1.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache

Switch#
Avatar of gheist
gheist
Flag of Belgium image
Linux can understand VLAN trailers just like your switch no need to do it twice.
Avatar of ammadeyy2020
ammadeyy2020

ASKER

gheist
why i have done vlan twice is, my knowledge, the only way to assign multiple network ranges to a linux machine is by creating vlans to each segment
is there any other way?

with ISA, i can assign one ip address to local interface, and give other ranges to ISA configuration
Avatar of gheist
gheist
Flag of Belgium image
VLAN may stand for:

1) lowlevel ethernet tagging of packets
2) creating multiple isolated subnets on same catalyst ( aka switch partitions)

Do some traffic dump on your VLAN interfaces if Cisco and Linux do understand both same meaning.

You can assign as many IP addresses to Linux network interface as you wish using ifconfig lo0 alias 127.0.0.2 .

Avatar of ammadeyy2020
ammadeyy2020

ASKER

can you tell me how to add network ranges to linux
for example

192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
192.168.40.0/24
192.168.50.0/24
192.168.60.0/24

ASKER CERTIFIED SOLUTION
Avatar of gheist
gheist
Flag of Belgium image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial