Switch – inter VLAN routing with Ubuntu

switchubuntu-14.04vlan

I have 4 VLANs created and I'm trying to use my Ubuntu machine as the DNS,DHCP, and L3 router. I want my 4 VLANs separated but still able to talk each other. Here is a bit about my setup.

Cable modem (Bridged)–>Ubuntu Server box (see below)–>Dell Power connect 2824 (in Managed mode) – L2 switch w/ IP address of 192.168.1.1

(4 VLANs setup within the Dell L2 switch)
vlan1 (Mgmt) 192.168.1.0/24

vlan10 (home network) 192.168.10.0/24

vlan20 (Storage/Backups/Media server) 192.168.20.0/24

vlan30 (Work) 192.168.30.0/24

Ubuntu server 14.4 LTS
eth0 – Cable modem IP (WAN) Netmask 255.255.224.0

eth1 – LAN side – 192.168.10.2 Netmask 255.255.255.0

I can NOT get the static routes setup on this to save my life. On Ubuntu server DNS works great. DHCP hands out addresses fine only for the 192.168.10.x network. It will not hand out addresses for the other VLANs. I assume that will work once we get all of the VLANs talking properly.

I understand the concepts but need specifics of what to change to get this working and routes should be persistent upon reboot. Thank you for the assist.

ip address show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:23:7d:f3:10:d2 brd ff:ff:ff:ff:ff:ff
    inet 70.115.129.7/19 brd 255.255.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::223:7dff:fef3:10d2/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:23:7d:f3:10:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::223:7dff:fef3:10d0/64 scope link
       valid_lft forever preferred_lft forever


ip route show

default via 70.115.128.1 dev eth0
70.115.128.0/19 dev eth0  proto kernel  scope link  src 70.115.129.7
192.168.10.0/24 dev eth1  proto kernel  scope link  src 192.168.10.2

The new routing table after the VLAN interfaces were configured on the Linux router:

$ ip r s
default via 70.115.128.1 dev eth0
70.115.128.0/19 dev eth0 proto kernel scope link src 70.115.129.7
192.168.1.0/24 dev eth1.1 proto kernel scope link src 192.168.1.10
192.168.10.0/24 dev eth1.10 proto kernel scope link src 192.168.10.2
192.168.20.0/24 dev eth1.20 proto kernel scope link src 192.168.20.1

Best Answer

On Linux server you need to create the vlan interfaces and assign static IP addresses. Follow the official Ubuntu documentation for details 1.

Configure DHCP to listen to all VLANs except the one facing the cable modem. You will need separate DHCP subnet for each VLAN. Make sure that you send via DHCP as default route the IP of the VLAN interface directly connected with that VLAN.

Use tshark/wireshark/tcpdump for debugging. Use them on both VLAN interfaces and on ethernet interface. You can filter for DHCP packets only if you have too much traffic:

Could you please edit your question and add the output of following commands from the router:

ip address show
ip route show

Edit /etc/network/interfaces and make sure you have for each VLAN a vlan interface configured. Here is only VLAN10:

# Disable IP on eth1, we are not using the native VLAN
iface eth1 inet manual

# VLAN 10 - home network
auto eth1.10
iface eth1.10 inet static
    address 192.168.10.1/24
    vlan-raw-device eth1

Make sure that eth1 has no IP assigned. you will assign IP addresses on VLAN interfaces (like eth1.10).

Related Solutions

Inter-vlan routing issues

My gut reaction is that the printers don't have default gateways specified, or have the wrong gateway specified (i.e. a gateway that can't route traffic back to the wifi clients). Can you verify that?

Edit:

Your comment vexes me a bit. There are computers in the 192.168.0.0/24 network that clients in the 192.168.1.0/24 network can ping. There are printers in the 192.168.0.0/24 network that clients in the 192.168.1.0/24 network cannot ping. Do the computers in 192.168.0.0/24 that do return pings and the printers in the 192.168.0.0/24 network that do not return pings have the same default gateway specified? If so, does the device acting as the default gateway have any kind of ACL or filtering capabilities that might be getting in the way?

The phrase "...or it didn't like something with the VLAN configuration." doesn't make sense to me. The printers, presumably, are connected to untagged member ports in the appropriate VLAN. I think you're mixing things up across layer boundaries.

Not everything in your diagram has an IP address listed for each interface. It's really unclear where routing is occurring because of that. If you would, please modify your diagram to include:

IP address and location of the interface in the 192.168.0.0/24 network used as the default gateway for printers
IP address and location of the interface in the 192.168.1.0/24 network used as the default gateway for wireless clients
IP address and location of the interface in the 10.0.100.0/24 network used as the default gateway for clients in that network

Just throw some arrows on the diagram w/ callouts pointing to the devices where these IPs are configured.

HP Procurve 2910 Inter VLAN routing partially working

A 2910 with activated ip routing routes from and to any VLAN that it has an IP address assigned in.

So, if a node can't reach one VLAN subnet from another it's likely not in the correct VLAN.

ip route 10.12.2.0/24 10.12.3.254 can't work since 10.12.2.0/24 is already connected locally and 10.12.3.254 is the switch itself - you can't tell it to route back to itself.

Additionally,

ip route 0.0.0.0 0.0.0.0 10.12.99.1
ip route 10.12.1.0 255.255.255.0 10.12.99.1
ip route 10.12.2.0 255.255.255.0 10.12.99.1
ip route 10.12.3.0 255.255.255.0 10.12.99.1
ip route 100.100.100.0 255.255.255.0 10.12.99.1

don't make sense. All these subnets are local and can't be routed elsewhere.

btw: firmware version 14.38 is ancient (before 2011 when we bought 2910s)...

PS: You're binding IP addresses to all VLANs, including iSCSI and DMZ - as stated above, the 2910 will route into and out of all these networks which is most surely not intended. You'll need to either remove these IP addresses and route/filter between these VLANs elsewhere or configure ACLs that allow the traffic you want while filtering everything else. Note that the 2910 doesn't allow VLAN ACLs, only port ACLs.

Best Answer

Related Solutions

Inter-vlan routing issues

HP Procurve 2910 Inter VLAN routing partially working

Related Topic