From owner-freebsd-net@FreeBSD.ORG Sun Mar 11 07:42:12 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4D89106564A for ; Sun, 11 Mar 2012 07:42:12 +0000 (UTC) (envelope-from bagadeh@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 86FB38FC16 for ; Sun, 11 Mar 2012 07:42:12 +0000 (UTC) Received: by vcmm1 with SMTP id m1so3723803vcm.13 for ; Sat, 10 Mar 2012 23:42:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xFjbI6m34KfjK5xTlHy+XLlYSSfb54qksDFiehm1J1M=; b=pR22YMxnWU+VzXHATFmGnj8ezl+X5TbJ2M2pGgzvtF7rS7I3lIYNJ6a9hcmyjTUIfs klxdXbFPjZ5/C3z0KdQF9BFdHD/TIJ82O372GNh4rBv4gGfCWkHqqa1xJQHStWHTBDg1 m9HvsQhGrncD20RrvJ0CP3D71xzdM39P/bxVC3oCGoSY8P+ATgBmZFOEXkx+tC7wqu/y M1eWhmJu1ocnpipBww+kg6yG+NWmdVqBvqB4iB/qw+FLsJwwpQpXSPBjBpALEGB5NSeP Ke95v1t+LzQcLNJ1u3CKTTnM7Wh4qXG3j7i8mMR3cup6djn+uO85QQVPJcebYQfqyPul CZKg== MIME-Version: 1.0 Received: by 10.52.90.178 with SMTP id bx18mr11386095vdb.123.1331451731839; Sat, 10 Mar 2012 23:42:11 -0800 (PST) Received: by 10.220.133.77 with HTTP; Sat, 10 Mar 2012 23:42:11 -0800 (PST) In-Reply-To: References: <20120305084359.GA56606@server.vk2pj.dyndns.org> <20120305222811.GA64183@server.vk2pj.dyndns.org> <20120306074655.GA71641@server.vk2pj.dyndns.org> Date: Sun, 11 Mar 2012 11:12:11 +0330 Message-ID: From: h bagade To: Peter Jeremy Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-net Subject: Re: problem with vlan interfaces tagging/untagging in a simulated switch box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2012 07:42:12 -0000 Sorry my last post was sent out suddenly by pressing a key, I don't yet know even which one! the compelete post is written down here. let me explain my problem with this type of topology when I want to simulate a switch like cisco eth0 -+ | eth1 -+ --- bridge1 --- vlan9 --+-- eth4 ----- outside of switch | | eth2 -+ --- bridge2 --- vlan8 --+ | | eth3 -+ ------------ bridge3 -----------+ In above example, eth0 and eth1 are vlan9 ports which means that traffic coming from these ports are sent out eth4(trunk port) with vlan9 tag. the same for eth2 which is vlan8 port. eth3 is the port with vlan id equal to native vlan on eth4. the native vlans are those vlans which would not tag across trunk port, so traffic comes from eth3 pass the trunk port(eth4) untagged. the scenario works fine without eth3! it means that when eth3 is excluded from the topology, the other ports are tagged the proper vlan tag when going through eth4. As eth3 is added the all traffic receives on eth4 are passed to eth3 with out cheching vlan tags! this is due to bridge between eth3 and eth4! but I don't know how to correct the scenario that eth3 packets to be not tagged through eth4 without disturbing the function of other parts! I would be very glad if someone help me on this important problem I've encountered. On 3/11/12, h bagade wrote: > let me explain my problem with this type of topology when I want to > simulate a switch like cisco > > > > eth1 -+ --- bridge1 --- vlan9 --+-- eth0 --- trunk0 > | > eth2 -+ --- bridge2 --- vlan8 --+ > > On 3/6/12, Peter Jeremy wrote: >> On 2012-Mar-06 09:15:57 +0330, h bagade wrote: >>>On 3/6/12, Peter Jeremy wrote: >>>> The following example diagram shows 3 distinct packet flows: >>>> - packets tagged 5 in trunk1 and 6 in trunk0 >>>> - packets tagged 7 in trunk1 and 9 in trunk0 >>>> - packets tagged 8 in trunk0 and 10 in trunk2 >>>> >>>> +-- vlan5 --- bridge1 --- vlan6 --+ >>>> | | >>>> trunk1 --- eth1 -+- vlan7 --- bridge2 --- vlan9 --+-- eth0 --- trunk0 >>>> | >>>> bridge3 --- vlan8 --+ >>>> | >>>> trunk2 -- eth2 --- vlan10 >>>> >>>I've described the function of Cisco switches in vlan >>>tagging/untagging. >> >> Real switches typically have everything tagged internally, with the >> native VLAN tags added/removed at the ingress/egress ports. This >> simplifies the internal switch logic (at the expense of meaning that >> tags have to be consistent across all trunks). >> >> FreeBSD works differently. Packets are _untagged_ internally and you >> need a separate bridge(4) device for each broadcast domain (vlan). >> >>> In your topology, packets should be tagged when >>>recieved on real interfaces to be send out to vlan interfaces. >> >> Packets are never tagged by real interfaces and always have tags >> added/removed by vlan devices. >> >>> It >>>would be fine when two trunks are communicating because on both side >>>packets are tagged. But as I mentioned before, Cisco switches receive >>>packets on an interface untagged and then sending packets tagged out >>>of trunk port, based on which interface it receives, >> >> You can connect a physical interface (ethX) directly to a bridge device >> to access untagged packets. Note that I'm not sure whether it is safe >> to access the native VLAN in a trunk in this way. >> >> To continue the above example, >> ifconfig bridge1 addm eth3 >> would result in packets arriving on eth3 leaving tagged as vlan 5 in >> trunk1, vlan 6 in trunk0 and vice versa. >> >> -- >> Peter Jeremy >> >