vlan+bridge questions
John Nielsen
lists at jnielsen.net
Sat Aug 15 03:46:09 UTC 2015
> On Aug 14, 2015, at 11:57 AM, Hooshang F <ebastan10 at gmail.com> wrote:
>
> We need to install a freebsd firewall (pf). The freebsd
> box needs to be placed in bridge mode in the middle of a VLAN truck
> link between 2 Cisco switches. The em0 and em1 ports
> are connected to the trunk ports on the 2 switches.
>
> We are going to:
>
> 1- Define two vlan interfaces for vlan id X.
> one with em0 as parent and the other on top of em1.
> 2- Create a bridge interface.
> 3- Add the two vlan interfaces as members of the bridge.
> 4- Repeat 1-3 for every vlan id used in the network.
>
> 2 questions:
>
> 1- Is not there a simpler method which does not involve creating so
> many vlans & bridges? For instance, is it possible to have
> a truck interface which accepts 'all' vlan IDs (like cisco) instead
> of creating two vlan interface per ID?
>
> 2- How the untagged traffic should be bridged? Cisco switches
> send out packets untagged if vlan ID is equal to the trunk port
> 'native' vlan id. To bridge this packets, we should create
> a bridge with em0 and em1 as members, but that will
> effectively disables bridging on vlan interfaces. Right?
Same answer for both questions: bridge the parent interfaces. If you need vlan interfaces, create them as children of the single bridge interface.
More information about the freebsd-net
mailing list