Solved

vlan issue

Posted on 2008-11-02
9
370 Views
Last Modified: 2013-12-23
based on the diagram below.......................

To give internet access to clients on different ranges, I have added virtual networks to linux
Eg: vlan interface on linux
192.168.10.10
192.168.20.10
192.168.30.10
All clients on all ranges can ping to 192.168.10.10, they can get internet but they get time out often

I have the same scenario with Microsoft ISA 2006, I dont get any time out issue.
Will it be because I have vlan on switch as well as vlan on linux
Drawing2.jpg
0
Comment
Question by:ammadeyy2020
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 2

Expert Comment

by:z_kwecka
ID: 22863594
there is few things that would be nice to know beforehand:

- what are the default-gateways set on your hosts
- is the port connected to the firewall in the trunking mode, if yes what is the vlan encapsulation?

cheers
0
 

Author Comment

by:ammadeyy2020
ID: 22864676
hosts on range 192.168.20.0/24 gateway is 192.168.20.1
192.168.30.0/24 gateway is 192.168.30.1

port connected to firewall is in access mode
0
 

Author Comment

by:ammadeyy2020
ID: 22864752
Router Configuration

!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 speed auto
!
interface FastEthernet0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
!
interface FastEthernet0.50
 encapsulation dot1Q 50
 ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0.60
 encapsulation dot1Q 60
 ip address 192.168.60.1 255.255.255.0
!
interface FastEthernet0.70
 encapsulation dot1Q 70
 ip address 192.168.70.1 255.255.255.0
!
interface FastEthernet0.80
 encapsulation dot1Q 80
 ip address 192.168.80.1 255.255.255.0
!
interface FastEthernet0.90
 encapsulation dot1Q 90
 ip address 192.168.90.1 255.255.255.0
 ip access-group 2 out
!
ip default-gateway 192.168.10.10
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.10
ip route 0.0.0.0 0.0.0.0 192.168.10.20
ip route 192.168.20.0 255.255.255.0 192.168.10.20
no ip http server
!
ip access-list extended DMZ_TRAFFIC_IN
 permit tcp any 192.168.20.0 0.0.0.255 eq 445
 permit icmp any 192.168.20.0 0.0.0.255
 permit tcp any 192.168.20.0 0.0.0.255 eq 3772
 permit tcp any 192.168.20.0 0.0.0.255 eq 3773
 permit tcp any 192.168.20.0 0.0.0.255 eq 3774
 permit tcp any 192.168.20.0 0.0.0.255 eq 3775
 permit tcp any 192.168.20.0 0.0.0.255 eq 3776
 permit tcp any 192.168.20.0 0.0.0.255 eq 3777
 permit tcp any 192.168.20.0 0.0.0.255 eq 3778
 permit tcp any 192.168.20.0 0.0.0.255 eq 3779
 permit tcp any 192.168.20.0 0.0.0.255 eq 139

Router#
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:ammadeyy2020
ID: 22864754
switch configuration

!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
 switchport access vlan 10
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 20
!
interface FastEthernet0/4
 switchport access vlan 20
!
interface FastEthernet0/5
 switchport access vlan 20
!
interface FastEthernet0/6
 switchport access vlan 20
!
interface FastEthernet0/7
 switchport access vlan 30
!
interface FastEthernet0/8
 switchport access vlan 30
!
interface FastEthernet0/9
 switchport access vlan 30
!
interface FastEthernet0/10
 switchport access vlan 30
!
interface FastEthernet0/11
 switchport access vlan 30
!
interface FastEthernet0/12
 switchport access vlan 30
!
interface FastEthernet0/13
 switchport access vlan 30
!
interface FastEthernet0/14
 switchport access vlan 30
!
interface FastEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/16
 switchport access vlan 40
!
interface FastEthernet0/17
 switchport access vlan 40
!
interface FastEthernet0/18
 switchport access vlan 40
!
interface FastEthernet0/19
 switchport access vlan 40
!
interface FastEthernet0/20
 switchport access vlan 40
!
interface FastEthernet0/21
 switchport access vlan 40
!
interface FastEthernet0/22
 switchport access vlan 40
!
interface FastEthernet0/23
 switchport access vlan 40
!
interface FastEthernet0/24
 switchport access vlan 40
!
interface FastEthernet0/25
 switchport access vlan 40
!
interface FastEthernet0/26
 switchport access vlan 50
!
interface FastEthernet0/27
 switchport access vlan 50
!
interface FastEthernet0/28
 switchport access vlan 50
!
interface FastEthernet0/29
 switchport access vlan 50
!
interface FastEthernet0/30
 switchport access vlan 50
!
interface FastEthernet0/31
 switchport access vlan 60
!
interface FastEthernet0/32
 switchport access vlan 60
!
interface FastEthernet0/33
 switchport access vlan 60
!
interface FastEthernet0/34
 switchport access vlan 60
!
interface FastEthernet0/35
 switchport access vlan 60
!
interface FastEthernet0/36
 switchport access vlan 70
!
interface FastEthernet0/37
 switchport access vlan 80
!
interface FastEthernet0/38
 switchport access vlan 80
!
interface FastEthernet0/39
 switchport access vlan 80
!
interface FastEthernet0/40
 switchport access vlan 80
!
interface FastEthernet0/41
 switchport access vlan 80
!
interface FastEthernet0/42
 switchport access vlan 80
!
interface FastEthernet0/43
 switchport access vlan 80
!
interface FastEthernet0/44
 switchport access vlan 10
!
interface FastEthernet0/45
 switchport access vlan 80
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
 switchport access vlan 90
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
 ip address 192.168.1.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache

Switch#
0
 
LVL 62

Expert Comment

by:gheist
ID: 22867294
Linux can understand VLAN trailers just like your switch no need to do it twice.
0
 

Author Comment

by:ammadeyy2020
ID: 22867923
gheist
why i have done vlan twice is, my knowledge, the only way to assign multiple network ranges to a linux machine is by creating vlans to each segment
is there any other way?

with ISA, i can assign one ip address to local interface, and give other ranges to ISA configuration
0
 
LVL 62

Expert Comment

by:gheist
ID: 22867977
VLAN may stand for:

1) lowlevel ethernet tagging of packets
2) creating multiple isolated subnets on same catalyst ( aka switch partitions)

Do some traffic dump on your VLAN interfaces if Cisco and Linux do understand both same meaning.

You can assign as many IP addresses to Linux network interface as you wish using ifconfig lo0 alias 127.0.0.2 .

0
 

Author Comment

by:ammadeyy2020
ID: 22869133
can you tell me how to add network ranges to linux
for example

192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
192.168.40.0/24
192.168.50.0/24
192.168.60.0/24

0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 22869245
ifconfig eth0 alias 192.168.10.1 netmask 255.255.255.0

Assuming Linux serves as default gateway. You can make catalyst do same kind of routing and put internet filter on internet side to keep config simpler.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
pfsense upgrade from 2.2.6 to 2.3.3 28 78
Exchange 2016 4 51
internal SLA's for IT provision 6 32
Linux Server mapping drive using SSH key 9 43
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question