Date: Fri, 14 Aug 2015 21:19:51 -0600 From: John Nielsen <lists@jnielsen.net> To: Hooshang F <ebastan10@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: vlan+bridge questions Message-ID: <1468D6AA-1368-4B3E-B9A1-24D5B7489A02@jnielsen.net> In-Reply-To: <CANp8tbUo2tJekEnJ7rvteJN0HehhKT6gEoHajvavcku%2Bd=Opzw@mail.gmail.com> References: <CANp8tbUo2tJekEnJ7rvteJN0HehhKT6gEoHajvavcku%2Bd=Opzw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 14, 2015, at 11:57 AM, Hooshang F <ebastan10@gmail.com> wrote: >=20 > We need to install a freebsd firewall (pf). The freebsd > box needs to be placed in bridge mode in the middle of a VLAN truck > link between 2 Cisco switches. The em0 and em1 ports > are connected to the trunk ports on the 2 switches. >=20 > We are going to: >=20 > 1- Define two vlan interfaces for vlan id X. > one with em0 as parent and the other on top of em1. > 2- Create a bridge interface. > 3- Add the two vlan interfaces as members of the bridge. > 4- Repeat 1-3 for every vlan id used in the network. >=20 > 2 questions: >=20 > 1- Is not there a simpler method which does not involve creating so > many vlans & bridges? For instance, is it possible to have > a truck interface which accepts 'all' vlan IDs (like cisco) instead > of creating two vlan interface per ID? >=20 > 2- How the untagged traffic should be bridged? Cisco switches > send out packets untagged if vlan ID is equal to the trunk port > 'native' vlan id. To bridge this packets, we should create > a bridge with em0 and em1 as members, but that will > effectively disables bridging on vlan interfaces. Right? Same answer for both questions: bridge the parent interfaces. If you need vl= an interfaces, create them as children of the single bridge interface.=20=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1468D6AA-1368-4B3E-B9A1-24D5B7489A02>