Trunking problem with Untangle!!

requiem1114 · 04-29-2008, 09:17 AM

Dear all,

I read and search about this problem, and it seems like untangle unable to carry dot1q tagging.

I am using Cisco router 2811 and 3550 switch. Bridge mode at untangle side and place between router and switch.

The untangle works perfect if I have one VLAN.

If if have subinterface at router for different VLAN (intervlan routing at router), then I have to set trunking at switch that connect between router and switch. Then the untangle unable let me surf web for example. But I can ping for some reasons.

Here is the configuration:
work configuration:

interface fastethernet 0/0
ip adderss 110.11.0.1 255.255.255.0
description public
ip nat ouside
no shut

interface fastethernet 0/1
ip adderss 192.168.0.1 255.255.255.0
description private
ip nat inside
no shut

interface fastethernet 0/1 (switch side)
no shut
switch access vlan 1

Not working configuration:

interface fastethernet 0/0
ip adderss 110.11.0.1 255.255.255.0
description public
ip nat ouside
no shut

interface fastethernet 0/1.1
encapsulation dot1q 2 -->vlan 2 for staff
ip adderss 192.168.0.1 255.255.255.0
description private
ip nat inside
no shut

interface fastethernet 0/1.2
encapsulation dot1q 4 -->vlan 4 for IT dept.
ip adderss 192.168.1.1 255.255.255.0
description private
ip nat inside
no shut

interface fastethernet 0/1 (switch side)
no shut
switch trunk encapsulation dot1q
switch mode trunk

Is there anyone how to fix this problem that let untangle to pass the vlan tagging?? I knew it is untangle cause the problem, because it works after bypass the untangle.

Ken

dmorris · 04-29-2008, 01:03 PM

(moving to general)

dmorris · 04-29-2008, 01:04 PM

welcome!

unfortunately, untangle strips vlan tags.
normally this doesn't matter and you can happily run most vlan setups with no tags, but if you are using the tags to differentiate routes or something it won't work.

ping works because the vlan tags are not stripped on ping, just TCP and UDP and ICMP relating to said sessions.

requiem1114 · 04-29-2008, 05:22 PM

Hi Mr. Morris,

Thanks for reply. Is there any intention that untangle programmer is going to fix this problem?? Our company really like the untangle product for our remote branch.

Thanks in advance.

Ken

ronnikat · 04-29-2008, 05:40 PM

Quote:

Originally Posted by requiem1114

Hi Mr. Morris,

Thanks for reply. Is there any intention that untangle programmer is going to fix this problem?? Our company really like the untangle product for our remote branch.

Thanks in advance.

Ken

Please feel free to add your vote on http://bugzilla.untangle.com/show_bug.cgi?id=872

epretorious · 02-24-2009, 12:18 PM

Quote:

Originally Posted by dmorris

unfortunately, untangle strips vlan tags.
normally this doesn't matter and you can happily run most vlan setups with no tags

Really - Are you sure?! That's a deal-breaker for us! (Astaro supports 802.1Q tagging. pfSense supports 802.1Q tagging.)

Our network is designed to use 802.1Q tagging to trunk VLAN's between the router and the switch infrastructure and I don't see an elegant way around that (without buying 4-port HWIC's for all twenty of our edge routers).

Hm...

epretorious · 02-24-2009, 02:53 PM

Quote:

Originally Posted by epretorious

...I don't see an elegant way around that (without buying 4-port HWIC's for all twenty of our edge routers).

That's not entirely correct - Because UT supports 802.1Q tagging when deployed as a router there is one elegant solution and that is to deploy UT as a replacement to the router.

Hm...

greyman · 03-01-2009, 08:33 PM

The manageable Linksys switches I have rely completely on their uplink to do the routing for them. I at one time had them configured to work with pfSense without issue. I switched to a flat network to ease the integration and replace pfSense with UT. My configuration is quite simple (I think)

VLAN1: x.x.1.x/24 (UT & switch management IP's)
VLAN2: x.x.2.x/24 (Local Network)
VLAN3: x.x.3.x/24 (DMZ brought from U-Verse gateway)

The UT box is configured with DMZplus on U-Verse device, which means it will be in VLAN3 but not serve as gateway.

My end goal is to have these three networks on all three switches. Below is an ASCII physical diagram.

U-Verse
| |
| DMZ
| |
UT |
| |
| |
SW1
| |
| |
SW2 SW3

I am open to suggestions.

04-29-2008, 09:17 AM	#1 (permalink)
requiem1114 Newbie Join Date: Apr 2008 Posts: 2	Trunking problem with Untangle!! Dear all, I read and search about this problem, and it seems like untangle unable to carry dot1q tagging. I am using Cisco router 2811 and 3550 switch. Bridge mode at untangle side and place between router and switch. The untangle works perfect if I have one VLAN. If if have subinterface at router for different VLAN (intervlan routing at router), then I have to set trunking at switch that connect between router and switch. Then the untangle unable let me surf web for example. But I can ping for some reasons. Here is the configuration: work configuration: interface fastethernet 0/0 ip adderss 110.11.0.1 255.255.255.0 description public ip nat ouside no shut interface fastethernet 0/1 ip adderss 192.168.0.1 255.255.255.0 description private ip nat inside no shut interface fastethernet 0/1 (switch side) no shut switch access vlan 1 Not working configuration: interface fastethernet 0/0 ip adderss 110.11.0.1 255.255.255.0 description public ip nat ouside no shut interface fastethernet 0/1.1 encapsulation dot1q 2 -->vlan 2 for staff ip adderss 192.168.0.1 255.255.255.0 description private ip nat inside no shut interface fastethernet 0/1.2 encapsulation dot1q 4 -->vlan 4 for IT dept. ip adderss 192.168.1.1 255.255.255.0 description private ip nat inside no shut interface fastethernet 0/1 (switch side) no shut switch trunk encapsulation dot1q switch mode trunk Is there anyone how to fix this problem that let untangle to pass the vlan tagging?? I knew it is untangle cause the problem, because it works after bypass the untangle. Ken

04-29-2008, 01:03 PM	#2 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,613	(moving to general) __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

04-29-2008, 01:04 PM	#3 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,613	welcome! unfortunately, untangle strips vlan tags. normally this doesn't matter and you can happily run most vlan setups with no tags, but if you are using the tags to differentiate routes or something it won't work. ping works because the vlan tags are not stripped on ping, just TCP and UDP and ICMP relating to said sessions. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

03-01-2009, 08:33 PM	#8 (permalink)
greyman Untangler Join Date: Nov 2008 Location: Spring, TX Posts: 83	The manageable Linksys switches I have rely completely on their uplink to do the routing for them. I at one time had them configured to work with pfSense without issue. I switched to a flat network to ease the integration and replace pfSense with UT. My configuration is quite simple (I think) VLAN1: x.x.1.x/24 (UT & switch management IP's) VLAN2: x.x.2.x/24 (Local Network) VLAN3: x.x.3.x/24 (DMZ brought from U-Verse gateway) The UT box is configured with DMZplus on U-Verse device, which means it will be in VLAN3 but not serve as gateway. My end goal is to have these three networks on all three switches. Below is an ASCII physical diagram. U-Verse \| \| \| DMZ \| \| UT \| \| \| \| \| SW1 \| \| \| \| SW2 SW3 I am open to suggestions. __________________ -- greyman & his :twocents:

Protect

Filter

Perform

Connect

Manage

Add-Ons

04-29-2008, 05:22 PM	#4 (permalink)
requiem1114 Newbie Join Date: Apr 2008 Posts: 2	Hi Mr. Morris, Thanks for reply. Is there any intention that untangle programmer is going to fix this problem?? Our company really like the untangle product for our remote branch. Thanks in advance. Ken