From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 17:24:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F45C106564A for ; Mon, 5 Jul 2010 17:24:42 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.gn.mail.iss.as9143.net (smtpq1.gn.mail.iss.as9143.net [212.54.34.164]) by mx1.freebsd.org (Postfix) with ESMTP id 324EA8FC14 for ; Mon, 5 Jul 2010 17:24:41 +0000 (UTC) Received: from [212.54.34.136] (helo=smtp5.gn.mail.iss.as9143.net) by smtpq1.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1OVpPD-0000wU-TD; Mon, 05 Jul 2010 19:24:31 +0200 Received: from [84.25.59.18] (helo=ra.egypt.nl) by smtp5.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1OVpPC-0006If-PV; Mon, 05 Jul 2010 19:24:30 +0200 Received: from mbp.egypt.nl (mbp.egypt.nl [192.168.13.33]) by ra.egypt.nl (Postfix) with ESMTP id 9B2C83983E; Mon, 5 Jul 2010 19:24:27 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Peter Boosten In-Reply-To: Date: Mon, 5 Jul 2010 19:24:27 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <6E934F3B-D7D7-4D5A-B9E3-D0BDABDEC211@boosten.org> References: To: Modulok X-Mailer: Apple Mail (2.1081) X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1OVpPC-0006If-PV X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: spam, SpamAssassin (niet cached, score=5.807, vereist 5, BAYES_99 3.50, EMPTY_MESSAGE 2.31, SPF_PASS -0.00) X-ZiggoSMTP-MailScanner-SpamScore: sssss X-ZiggoSMTP-MailScanner-From: peter@boosten.org X-Spam-Flag: YES Cc: freebsd-questions@freebsd.org Subject: {Spam?} Re: VLANs is this right? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2010 17:24:42 -0000 On 5 jul 2010, at 18:16, Modulok wrote: > Hopefully this doesn't get too garbled by various mail clients: >=20 > Internet > | > FreeBSD router > | > (tagged frames) > | > switch > | | > vlan1 vlan2 > | | > hostA hostB >=20 > Criteria: > - HostA must never directly talk to HostB. > - Both hostA and hostB have an Internet connection. >=20 > What I have to work with: > proCurve switch which supports VLANs. > 2x Intel NICs in FreeBSD which support VLANs. >=20 > I've never messed with VLANs before. This is all new to me. As I > understand so far, this should be a simple matter of creating the > vlans on the switch, assigning ports to their respective vlan in > 'untagged' mode, and then assigning the port BSD connects to, as a > 'tagged' member of both VLAN's? Then I'd create an IP alias on the > internal FreeBSD NIC, so that it can talk to both networks over the > same wire? Is this right? >=20 Not entirely: the trunk (between switch and FreeBSD) will have the two = different vlan tag id's, and you cannot differentiate between the two by = doing 'normal' IP aliasing (yet done with ifconfig). The physical = interface won't get an IP address at all, but the two virtual vlan = interfaces will. You can/must keep the two networks apart with a firewall (pf for = instance). Peter --=20 Peter Boosten http://www.boosten.org