Date: Mon, 5 Jul 2010 19:24:27 +0200
From: Peter Boosten <peter@boosten.org>
To: Modulok <modulok@gmail.com>
Cc: freebsd-questions@freebsd.org
Subject: {Spam?} Re: VLANs is this right?
Message-ID: <6E934F3B-D7D7-4D5A-B9E3-D0BDABDEC211@boosten.org>
In-Reply-To: <AANLkTilW7eTmmdUtRlXpRX3CT_vuOkE2M0eDB_qiiauW@mail.gmail.com>
References: <AANLkTilW7eTmmdUtRlXpRX3CT_vuOkE2M0eDB_qiiauW@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 jul 2010, at 18:16, Modulok wrote: > Hopefully this doesn't get too garbled by various mail clients: >=20 > Internet > | > FreeBSD router > | > (tagged frames) > | > switch > | | > vlan1 vlan2 > | | > hostA hostB >=20 > Criteria: > - HostA must never directly talk to HostB. > - Both hostA and hostB have an Internet connection. >=20 > What I have to work with: > proCurve switch which supports VLANs. > 2x Intel NICs in FreeBSD which support VLANs. >=20 > I've never messed with VLANs before. This is all new to me. As I > understand so far, this should be a simple matter of creating the > vlans on the switch, assigning ports to their respective vlan in > 'untagged' mode, and then assigning the port BSD connects to, as a > 'tagged' member of both VLAN's? Then I'd create an IP alias on the > internal FreeBSD NIC, so that it can talk to both networks over the > same wire? Is this right? >=20 Not entirely: the trunk (between switch and FreeBSD) will have the two = different vlan tag id's, and you cannot differentiate between the two by = doing 'normal' IP aliasing (yet done with ifconfig). The physical = interface won't get an IP address at all, but the two virtual vlan = interfaces will. You can/must keep the two networks apart with a firewall (pf for = instance). Peter --=20 Peter Boosten http://www.boosten.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6E934F3B-D7D7-4D5A-B9E3-D0BDABDEC211>