VLANs is this right?
Steve Bertrand
steve at ipv6canada.com
Mon Jul 5 19:08:25 UTC 2010
On 2010.07.05 14:36, Nathan Vidican wrote:
> On Mon, Jul 5, 2010 at 1:30 PM, Modulok <modulok at gmail.com> wrote:
>
>> It was a simplified diagram of what I thought I needed. ( Which may or
>> may not be what I actually need! )
>>
>> Basically, I want a port on the switch that I can plug un-trusted
>> devices into. Systems wich are known to be just crawling with
>> malicious software. I need to provide them with an Internet
>> connection, but otherwise want them separated from everybody else.
>> Think DMZ isolation, but they're not providing any 'external'
>> services. I was wondering if this could be done with tagging and
>> address aliases, instead of buying a third network card for the BSD
>> machine.
>>
>> If that makes any sense.
> They key is that the switch must connect to the FreeBSD machine using TRUNK
> not access mode. I am not that familiar with the HP procurve series but I'd
> imagine it's not that dissimilar from others I've worked with:
Unlike Cisco where you apply the tagging within interface config, HP
requires you to apply tagging to an interface within the vlan config
instead:
vlan 10
untagged 29-44
tagged 47
ip address 208.70.104.2 255.255.255.248
exit
vlan 11
untagged 1-6
tagged 47
ip address 208.70.107.2 255.255.255.248
exit
'tagged 47' is equivalent to Cisco's `trunk'. It `trunks' vlan 10 and 11
out via gi 47.
The FBSD related config snips previously posted are what is needed on
that end of things.
Steve
More information about the freebsd-questions
mailing list