Date: Wed, 13 Aug 2008 13:53:24 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Mike Sweetser - Adhost <mikesw@adhost.com> Cc: freebsd-questions@freebsd.org Subject: Re: Transparent Bridge with VLAN Tagging - How? Message-ID: <20080813205324.GC25990@hal.rescomp.berkeley.edu> In-Reply-To: <17838240D9A5544AAA5FF95F8D5203160472C95E@ad-exh01.adhost.lan> References: <17838240D9A5544AAA5FF95F8D5203160472C95E@ad-exh01.adhost.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Mike Sweetser - Adhost wrote: > Hello, > > I'm attempting to set up a transparent bridge in FreeBSD 7.0 to > eventually act as a PF/Snort box, and it needs to be VLAN aware. > However, I don't seem to be on the right track as far as setting it up. > > I have, for instance, VLAN 10 that it needs to be aware of, and this > network segment is on VLAN 10 from a switch higher up. I have the > current setup, but once it's running, I can't ping anything. bge0 is > the outside interface, bge1 is inside: > > defaultrouter="192.168.1.1" > gateway_enable="YES" > cloned_interfaces="bridge0 vlan0 vlan1" > ifconfig_vlan0="vlan 10 vlandev bge0" > ifconfig_vlan1="vlan 10 vlandev bge1" > ifconfig_bridge0="inet 192.168.1.10 netmask 255.255.0.0 addm bge0 addm > bge1 addm vlan0 addm vlan1 up" > ifconfig_bge0="up" > ifconfig_bge1="up" > > What am I doing wrong? I'm pretty sure you *don't* want to bridge the interfaces with their parents (vlan0 shouldn't be bridged with bge0 -- if it even works, it would cause tagged packets to be untagged and retransmitted out the incoming interface (what cisco calls the native vlan) and vice versa). I've only bridged vlan interfaces -- not their parents. E.g.: cloned_interfaces="bridge0 vlan190 vlan590" ifconfig_bge0="up" ifconfig_vlan190="vlan 190 vlandev bge1" ifconfig_vlan590="vlan 590 vlandev bge1" ifconfig_bridge0="addm vlan190 addm vlan590" If you want to bridge the parents, I think it would look like this (YMMV): cloned_interfaces="bridge0 vlan10" ifconfig_bge0="up" ifconfig_bge1="up" ifconfig_bridge0="addm bge0 addm bge1" ifconfig_vlan10="vlan 10 vlandev bridge0" I don't know how well if_bridge(4) copes with vlan tags -- I know it breaks if you bridge a vlan(4) with a gif(4). I also don't know if a vlan interface will happily accept a bridge parent. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iQIcBAEBAwAGBQJIo0nEAAoJEIGh6j3cHUNPAskP/RA9yIcpCMVLvkwOs6P6JGTn 4CSwpyA/JUk0+YZj668ElWf8O3sA1evNxs0Xx/3qYJtaYofp1The7h3QzGbTCcOR fRheRpbNwtfwwEvIVIS4SQEnJj4DtwEvXC16OthVLN/a6WvX0FbpNmN5P4ZhQwz3 RmO7UNOohVdJ/+lNuveag+VwYpDHIUOrFOsW0sc1R3nNROLsbyY8TJ7YG6e+Q1/r EMJBeb3s0+4m7slQK+7K0vLTITT2oOmXSPTu2gcfQdSiW3rTWBalWEt5TbEoh0DP 7y1rxhb62Klc8Nu/mkM7QYXjuMtSah4NkNleYr5L9OZ+TVAuUWtM3wWfpmNzpMts AJGhJnRnlBbgx0z6f1O3UVquENp7A2aVtL2RKifYn6mEWpygsKkPSVrkghpVGSc0 HxdobF8koZk4HBUKCLLdIHr6nVAZbFnTnhh91AJA9M4F/9nTHQmFmgjHX842S4EI 3aNMdMDHYwxfAUlJvmaSIGKUVszzAdsfM3btwabUClqs8uUcCEsKw/n4iXoT+6Xs 2iaVy5fu5UAKbQWAk9+kaZ5iDJqRqBrNWX6HsbDEMJWLceE5Ag+ht4KfO/xMjCbs WHWyfL/GTwe49JBIoJqmCcvXKJTWp094jZmdK3pVHgGj6Wkhg0r35qHQC9phtep2 nmZi7q1eR/AAmz92KAf+ =GfvX -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080813205324.GC25990>