From owner-freebsd-questions Wed Oct 2 15: 0:13 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3187B37B401 for ; Wed, 2 Oct 2002 15:00:09 -0700 (PDT) Received: from ws3-4.us4.outblaze.com (205-158-62-94.outblaze.com [205.158.62.94]) by mx1.FreeBSD.org (Postfix) with SMTP id A881E43E42 for ; Wed, 2 Oct 2002 15:00:08 -0700 (PDT) (envelope-from ed@gtemail.net) Received: (qmail 9721 invoked by uid 1001); 2 Oct 2002 22:00:06 -0000 Message-ID: <20021002220006.9720.qmail@verizonmail.com> Content-Type: text/plain; charset="iso-8859-15" Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [24.61.89.38] by ws3-4.us4.outblaze.com with http for ed@gtemail.net; Thu, 03 Oct 2002 03:00:06 +0500 From: "Ed Paquette" To: freebsd-questions@freebsd.org Date: Thu, 03 Oct 2002 03:00:06 +0500 Subject: Re: Setting Up VLAN IFaces for IDS X-Originating-Ip: 24.61.89.38 X-Originating-Server: ws3-4.us4.outblaze.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've done a little more research and found that if I configure a VLAN in the same fashion - but on one of my OpenBSD boxes (using hme as parent iface) the connection works perfectly. Upon completion of the vlan setup: #ifconfig vlan0 vlan 10 vlandev hme1 up I can dump that vlan interface: #tcpdump -i vlan0 And get ALL packets from the ports on the switch configured as VLAN #10. Is this a known FreeBSD issue? -ed > Hi. > > I agree with Mike's description of an (unconfigured) switch, but the issue > comes after it since tcpdumping -i fxp1 (the parent) yields ALL packets > (including unicasts). This is what the switch was configured to do - forward > all packets. > > The issue is with the BSD box and the actual VLAN interface. > > Any ideas why the vlan interfaces are truncating unicasts? > > Thanks... > >> In a switched network unicast packets from host A on port 1 to host b on >> port 2 will never be seen by host C on port 3 (whether it is a trunk or >> not). That is the whole point of a switch. Broadcast packets are always >> sent to all ports in in the VLAN (including trunks). >> >>> Greetings. >>> >>> My goal is to set up three vlan interfaces on a FreeBSD 4.6.2R box for use >>> with an IDS product. >>> >>> Currently, the switch to which the BSD box is connected is set up properly >>> with tagging enabled for the respective VLANS. >>> >>> I have a parent interface (fxp1) configured with no IP address. >>> >>> If I use TCPDUMP on the parent interface to test whether or not the tagged >>> packets are being received I get something like: >>> >>> #tcpdump -i fxp1 >>> 00:03:42.758875 802.1Q vlan#10 P0 ... >>> >>> >>> Which to me implies that the packets are arriving at the BSD box >>> appropriately tagged. >>> >>> So, I configure a vlan with no IP address: >>> >>> #ifconfig vlan0 vlan 10 vlandev fxp1 up >>> >>> And when I do a: >>> >>> #tcpdump -i vlan0 >>> >>> All I get are broadcasts... ARPs, ICMP to something.255, etc for VLAN10. All >>> unicast packets for VLAN10 are dropped. >>> >>> Am I barking up a wrong tree? Is it possible to do this? Ideally, I'd like >>> to have the following: >>> >>> +------+ +-------+ >>> | FBSD | vlan0....VLAN#10 | | >>> | +-vlan1----VLAN#11-+ switch| >>> | IDS | vlan2....VLAN#12 | | >>> +--+---+ +-+-+-+-+ >>> | | | | >>> | | | \__VLAN#10 >>> \__iface with IP | \____VLAN#11 >>> \______VLAN#12 >>> -- _______________________________________________ Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! http://www.net2phone.com/cgi-bin/link.cgi?143 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message