• May 26, 2019, 11:08:07 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DGS-1100-08, HW ver. B1, FW ver. 1.00.B028, problem with VLAN isolation  (Read 336 times)

muwlgr

  • Level 1 Member
  • *
  • Posts: 2

Dear all,

I use DGS-1100-08 VLAN setup to multiplex my network adapter connection to multiple ISPs and internal/home LAN
the setup is as follows :
VLAN 201 : eth1 untagged, eth8 tagged
VLAN 202 : eth2 untagged, eth8 tagged
VLAN 207 : eth3..7 untagged, eth8 tagged
ISP1 is connected to eth1, ISP2 is connected to eth2, LAN is connected to eth3..7, Linux router is connected to eth8
on Linux router, tagged VLAN interfaces vlan201, vlan202, vlan207 are configured.
both ISPs give me single IP address by DHCP and have restriction on client's MAC count active on their respective ports.
(which means that they serve DHCP to only a single MAC but allow 2 MACs temporarily)

with this setup, I noticed in Linux logs that my DHCP sessions lose their DHCP lease too often
but only when both ISP links are active
when one of ISP links is down, DHCP session on the other link is rock-solid

I tried to clarify the issue with a supportive person from ISP2, and he told me that sometimes they see stray MACs on my port, differing from my motherboard LAN adapter MAC. They asked me whether I have an idea about where is certain MAC coming from, and I found it in MAC address table on DGS coming from ISP1 port (eth1). I checked it with tcpdump on Linux and found that this MAC is sending loopback detection packets (dst mac = cf:00:00:00:00:00 and ether proto = 0x9000). OID prefix for this MAC corresponded to DLink (ec:22:80:2f:...). Another time, ISP2 support person told me about a stray MAC which happened to be the one from my own DGS-1100-08 (10:62:eb:fc:...)

Now I would ask if there are ways to resolve this problem with stray MACs from one VLAN to another which cause breakup of my DHCP sessions
I turned off loopback detection on ports eth1 and eth2 to prevent stray packets with my DGS MAC
Also I tried to set up traffic segmentation, restricting eth1 to only eth1&8, and eth2 to only eth2&8
but none of these measures improved DHCP stability
Is there a way to allow only a specified src MAC to go out through a specific port ?

earlier I had a similar VLAN/multiplexing setup, also on DGS-1100-08, but ISP links were configured by pppoe or pptp, not by dhcp, so probably they just ignored stray MACs as unauthenticated, so this was not a problem, until I decided to recreate the same setup with dhcp.
« Last Edit: March 29, 2019, 09:07:02 AM by muwlgr »
Logged

muwlgr

  • Level 1 Member
  • *
  • Posts: 2

well, I resolved the problem just by putting Winyao E575T2 2xGbE adapter into my PCIe slot and plugging my ISP links there. no more stray MACs, no more DHCP lease loss. My ISPs and me are all happy. too bad DLink did not provide this needed functionality in its low-end/consumer model.
Logged