NeoRouter :: View topic - Bridging issue (ACL, client 1.7.0)

NeoRouter http://www.neorouter.com/forum/

Bridging issue (ACL, client 1.7.0) http://www.neorouter.com/forum/viewtopic.php?f=6&t=5371	Page 1 of 1

Author:	mnk [ Sat Oct 26, 2013 3:57 pm ]
Post subject:	Bridging issue (ACL, client 1.7.0)
Hello. I am trying to set up bridging over neorouter vpn. Client: NeoRouter Free [Version 1.7.0.3300], ACL is not disabling after adding "NetworkBridge=1" to /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini . As a result no L3 traffic can pass through VPN except traffic sourced from addresses leased by neorouter server. Examples. In all cases i use following config: DHCP Subnet: 10.99.0.0 DHCP Netmask: 255.255.0.0 router 1: leased address 10.99.0.3/16 router 2: leased address 10.99.0.4/16 in bridging cases bridge look like: bridge br0 interface eth0 promisc interface nrtap promisc Case 1: changing address on nrtap to another address from same subnet root@router2:~# ip addr show nrtap \| grep "inet " inet 10.99.0.4/16 brd 10.99.255.255 scope global nrtap PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data. 64 bytes from 10.99.0.3: icmp_req=1 ttl=64 time=2.27 ms --- 10.99.0.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.274/2.274/2.274/0.000 ms Changing... root@router2:~# ip addr del 10.99.0.4/16 dev nrtap root@router2:~# ip addr add 10.99.0.254/16 dev nrtap root@router2:~# ping 10.99.0.3 PING 10.99.0.3 (10.99.0.3) 56(84) bytes of data. ^C --- 10.99.0.3 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1006ms no l3 traffic can pass. but L2 can root@router2:~# arping -I nrtap 10.99.0.3 ARPING 10.99.0.3 from 10.99.0.254 nrtap Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 3.329ms Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.613ms Unicast reply from 10.99.0.3 [7E:2F:50:EE:8F:AA] 2.779ms Case 2: doing same thing on desktops, connected to bridged ethernet interfaces. if i deattach leased addresses from nrtap and attach em to separate machines - all's fine if addresses are changed to other ones, that are not leased by dhcp L3 fail, L2 - OK. Case 3: forwarding traffic from separate subnet over bridge. Same result.

Page 1 of 1	All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/