From owner-freebsd-current@freebsd.org Sun Jul 2 20:17:56 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A7E1DAC3B1 for ; Sun, 2 Jul 2017 20:17:56 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32C97753A9 for ; Sun, 2 Jul 2017 20:17:56 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-qk0-x22c.google.com with SMTP id v143so48881137qkb.0 for ; Sun, 02 Jul 2017 13:17:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NfCLgfrlFNatcdYeSCz1R3ZBXpCd5o8IGK4dYsp9+n0=; b=gLBYHPzcYj1G2v9oeaVicZVcxS/Ii3AIEvYJ9arxSbpbXrOvfWEb0MVxMXr7EQaipB bcaRuyLPp6NfF5EAoOoevOzGoyaoKABpKujl/kmfvJgYT0j9ZGIsB02HjY+drVy93REQ cbmr2d5nsLi7r//hmmt6nb8sRUY2T6EPlQWvIH5mzjGGa9+WIm/IwpuZtlOeAfnB7lI+ quQ+te9aoznzjmbsVtVTRaA9/tLHMA6TErz37L7hKRfyEnG1cfE0ehSaBsswZ18xN+5v r6QGfISex8Gc/siBCkPmryMUGDTsKEn/Ah/Or/wZNUsAS/6SzjtzkAaE4acRFal8LtOV J2og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NfCLgfrlFNatcdYeSCz1R3ZBXpCd5o8IGK4dYsp9+n0=; b=ddD7GFAgQVwoQzlTm0UnAH+gz8h9dch7AnT8/DjTv4VGu8FKglJ7nZ98cGXN63RWCW 7yRJhQaXDjGMB/+r9BLvrwsPcafa/RV/l8ZI8FsEsyg3zuWJS3wjILrD1n2eymjyU3Wh pXXeigMnyetHJRT6kBGPAJ5lxsbQGYTfdl46dbeEbpRM34XSd8qDGJ3JPpAbBwteCTsi cwr856qxF6OwhxXWRj1Kqq7rLnmnH0beK/jVUiH5gNBH/CXQnRcI/Wt0m+lYg4jHTHTj dShMS0tqGvLZsbFzd1IdzvPlYpAEVp2QVD0D07wcA3XE5ymE6v3cFJSLsYPNmhEt6Twv VJUg== X-Gm-Message-State: AKS2vOxR0i8UXcSdd6jj2Wvf0rgwRhB2mks1WPJrfJwNChV4IAW+sjqy Rrx/DMeN0jTp3qUjyLHFTfsvsBVPGQ== X-Received: by 10.55.217.6 with SMTP id u6mr35086609qki.151.1499026674587; Sun, 02 Jul 2017 13:17:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.20.151 with HTTP; Sun, 2 Jul 2017 13:17:54 -0700 (PDT) Received: by 10.140.20.151 with HTTP; Sun, 2 Jul 2017 13:17:54 -0700 (PDT) In-Reply-To: <20170702133957.1f337a2e@hermann> References: <20170702133957.1f337a2e@hermann> From: Freddie Cash Date: Sun, 2 Jul 2017 13:17:54 -0700 Message-ID: Subject: Re: static routes on VLAN on CURRENT To: "Hartmann, O." Cc: FreeBSD-Current Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2017 20:17:56 -0000 On Jul 2, 2017 4:40 AM, "Hartmann, O." wrote: Fiddling around with a self-brewn router/firewall based on 12-CURRENT and ipfw, I run into problems when setting up a trunk port with different VLANs and static routes. The "router" has three NICs, igb0, igb1, igb2 (it is de facto an APU 2C4 from PCengines). igb0 is attached to an external VDSL2+ Modem and not connected at the moment. igb2 is also not connected yet. igb1 bears several VLANs: 2, 10, 100 (igb1.2, igb1.10 ...) and the "native", untagged LAN (on igb1). While it will sometimes work, I find that mixing tagged and untagged vlans on a single interface leads to all kinds of silent failures and issues. Just make vlan 1 tagged on that interface and the switch port. Then ignore igb1 completely, and only use the igb1.X interfaces for everything. To not use a routing daemon due to the small size of my network, I desided to use static routes, in rc.conf I placed the following variables: static_routes="igb1.2 igb1.10" route_igb1_2="-net 192.168.2.0/24 -interface igb1.2" route_igb1_10="-net 192.168.10.0/24 -interface igb1.10" You shouldn't need to add static routes as there routes will be added automatically when you assign an IP/netmask to the interface. Simplify things. Make everything tagged vlans, reduce your rc.conf to just IP assignments to the sub interfaces, and see how things work. Build it up from there. Cheers, Freddie