0

I have an old, but mostly unused Cisco/Linksys slm224g4s switch and Mikrotik B2011UiAS-RM router. On a switch I've configured three vlans, two for WAN1 (id:3) and WAN2 (id:4) and third for LAN (id:2).

My current port configuration

port number - designation - port2vlan - port setting pvid
1 - WAN1 input - 2 excl, 3 excl, 4 untagged - 4
2 - WAN2 input - 2 excl, 3 untagged, 4 excl - 3
3-12 servers - 2 tagged, 3 tagged, 4 tagged - 2
13 - WAN1 to router - 2 excl, 3 excl, 4 untagged - 4
14 - WAN2 to router - 2 excl, 3 untagged, 4 excl - 3
15-24 servers - 2 tagged, 3 tagged, 4 tagged - 2
G1 - LAN from router - 2 untagged, 3 excl, 4 excl - 2
G2-G4 servers - 2 tagged, 3 tagged, 4 tagged - 2

Configuration in admin panel: http://s3.fmdx.pl/public/cisco/

Mikrotik router combines these two WAN connections from two ISPs to make more reliable internet connection and works as a router for the whole company.

We have two, 8 IP addresses blocks from both ISPs, router takes only one IP from each ISP to provide internet access. Remaining IP addresses are used for company servers (files, erp, testing/dev servers, etc..). Mtu is 1500 everywhere.

/etc/network/interfaces configuration looks like this on a temporary server:

# LAN
auto enp1s0.2
iface enp1s0.2 inet static
        address 10.1.4.10
        gateway 10.1.0.1
        netmask 255.255.252.0
        dns-nameservers 10.1.0.1
        vlan-raw-device enp1s0
        mtu 1500

# Netia
allow-hotplug enp1s0.3
iface enp1s0.3 inet static
        address 192.168.0.72
        gateway 192.168.0.65
        netmask 255.255.255.240
        dns-nameservers 8.8.8.8 8.8.4.4
        vlan-raw-device enp1s0
        mtu 1500

# Connected
allow-hotplug enp1s0.4
iface enp1s0.4 inet static
        address 192.168.1.168
        gateway 192.168.1.161
        netmask 255.255.255.240
        dns-nameservers 8.8.8.8 8.8.4.4
        vlan-raw-device enp1s0
        mtu 1500
  • WAN IP addresses in this example are not real.

Vlan package is installed, 8021q module is on, first vlan interface (LAN) works just fine, I can ping anything through that interface.

Unfortunately I cannot ping anything using second and third vlan interface, also the server is not accessible from the internet.

ifup enp1s0.3 or enp1s0.4 returns

Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
RTNETLINK answers: File exists
ifup: failed to bring up enp1s0.3

ifdown enp1s0.3 or enp1s0.4

ifdown: interface enp1s0.3 not configured

What am I missing?

K.Madura
  • 1
  • 4
  • Have you set the routing? Otherwise all non-LAN packets will use the default route. Post your routing table. I believe you are trying to set a "split-wan" setup. – quimnuss Jan 24 '18 at 10:46
  • Check the question I posted a while ago: https://serverfault.com/questions/889085/split-access-from-multiple-uplinks/893848#893848 – quimnuss Jan 24 '18 at 11:02
  • @quimnuss thank you for advice, after fiddling with routing scripts i've managed to get it working. These scripts seem to run out of order on startup – K.Madura Jan 24 '18 at 14:26
  • Glad I helped indirectly. Post your solution/answer to help somebody who ends up having the same problem. Or remove the question if it was too localised / misjudged. – quimnuss Jan 24 '18 at 14:28

2 Answers2

0

Ok. Everything runs fine now. What was the problem.

I forgot to copy a few scripts we deploy on each server and one of them includes this bash code:

# Connected routing
ip route add "$ISP1_NET" dev "$ISP1_IF" src "$ISP1_IP" table "$ISP1_NAME"
ip route add default via "$ISP1_GW" table "$ISP1_NAME"
ip rule add from "$ISP1_IP" table "$ISP1_NAME"
ip rule add from all to "$ISP1_CHECK_IP" table "$ISP1_NAME"

# Netia routing
ip route add "$ISP2_NET" dev "$ISP2_IF" src "$ISP2_IP" table "$ISP2_NAME"
ip route add default via "$ISP2_GW" table "$ISP2_NAME"
ip rule add from "$ISP2_IP" table "$ISP2_NAME"
ip rule add from all to "$ISP2_CHECK_IP" table "$ISP2_NAME"

Also I had to change allow-hotplug to auto in /etc/network/interfaces to make it work after reboot, and modify few variables in config file.

These problems are the worst when you waste your time and the solution is this simple. :)

K.Madura
  • 1
  • 4
0

Solution provided is not quite correct eg. you will still get error RTNETLINK answers: File exists while trying to restart networking or restarting a machine.

For status on debian stretch execute

systemctl status networking.service

Your routes will not work unless you execute script manually again.

First

You have setup gateway 10.1.0.1 with netmask 255.255.252.0 where host max can be 10.1.3.254 with broadcast 10.1.3.255

Check IP Calculator / IP Subnetting

Second

You can have only one default gateway. When you assign eg gateway 10.1.0.1 to interface, it will try to assign it as default, if there is already one default gateway you will get error RTNETLINK answers: File exists.

Correct configuration should be

# LAN
auto enp1s0.2
iface enp1s0.2 inet static
        address 10.1.3.254/22 # (max host!) 
        gateway 10.1.0.1
        dns-nameservers 10.1.0.1
        vlan-raw-device enp1s0
        mtu 1500

# Netia
auto enp1s0.3
iface enp1s0.3 inet static
        address 192.168.0.72/20
        dns-nameservers 8.8.8.8 8.8.4.4
        vlan-raw-device enp1s0
        mtu 1500
        up ip route add 192.168.0.0/20 via 192.168.0.65 ...
        up ...

# Connected
auto enp1s0.4
iface enp1s0.4 inet static
        address 192.168.1.168/20
        dns-nameservers 8.8.8.8 8.8.4.4
        vlan-raw-device enp1s0
        mtu 1500
        up ip route add 192.168.0.0/20 via 192.168.1.161 ...
        up ...

Please note as I mentioned previously you cannot add multiple default routes as ip route add default via ....

After you configure it correctly your auto|allow-auto|allow-hotplug [interface] should work, but you should check link for more details.

Hope this helps.

Filip C.
  • 1
  • 3