From owner-freebsd-net@FreeBSD.ORG Thu Feb 24 10:00:09 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 376E4106566B for ; Thu, 24 Feb 2011 10:00:09 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from lavash.monkeybrains.net (mail.monkeybrains.net [208.69.40.9]) by mx1.freebsd.org (Postfix) with ESMTP id 096138FC15 for ; Thu, 24 Feb 2011 10:00:08 +0000 (UTC) Received: from [10.17.45.101] (adsl-76-192-129-143.dsl.pltn13.sbcglobal.net [76.192.129.143]) (authenticated bits=0) by lavash.monkeybrains.net (8.14.4/8.14.4) with ESMTP id p1O9egOE083536 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 24 Feb 2011 01:40:42 -0800 (PST) (envelope-from crapsh@monkeybrains.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monkeybrains.net; s=monkey; t=1298540443; bh=0B2xYv5VZaNaHOfnzy/WVMeLPfFOotNk5IUxB5RjwUw=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type: Content-Transfer-Encoding; b=ZPtn7ZHWVp7fuIDwNzw6Q6ptt4DbVuXdjsDXZPLntgH5QsCIq683rSwwXT8txgrSq t6tCboA2/Jw34k8GgInTbWuF2LQFlHMuonNg7s6dfB6c/wopQSgVJSJReV4LAwkUGJ uPUDJRPb8CnkZKuL4EUDhhwPhcRBAkNvon6Hk6qw= Message-ID: <4D66279F.1000205@monkeybrains.net> Date: Thu, 24 Feb 2011 01:40:47 -0800 From: Rudy User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.11pre) Gecko/20100928 Shredder/3.1.5pre MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96.5 at lavash.monkeybrains.net X-Virus-Status: Clean Subject: bridges with vlan member -- unicast? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Feb 2011 10:00:09 -0000 Is anyone bridging a bunch (20+) vlans onto one bridge0? My goal is to do what the HandBook says I can do: The customers are completely isolated from each other, the full /24 address range can be allocated without subnetting. http://www.freebsd.org/doc/handbook/network-bridging.html#AEN40688 Last time I tried this (8.1) I got a bunch of unicast flooding and it busted my network. I'd like to see a 'nounicast' flag for bridge members... Say, I've never looked into it, but do unicast floods go to a broadcast mac address (eg FF:FF:FF:FF:FF:FF) that I could block via layer2? more on Unicast Flooding: http://packetlife.net/blog/2010/jun/4/blocking-unknown-unicast-flooding/ Rudy