Re: issue with ng_vlan nomatch connected to the bridge

Reply: Benoit Chesneau : "Re: issue with ng_vlan nomatch connected to the bridge"
In reply to: Benoit Chesneau : "issue with ng_vlan nomatch connected to the bridge"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Benoit Chesneau <benoitc_at_enki-multimedia.eu>
Date: Fri, 29 Apr 2022 07:45:08 UTC

To quickly test, I created an interface added to the bridge that get its IP from DHCP: The IP is correctly given by the DHCP server, but I can't ping from the same server (the router with the DHCP server) to this device.

```
# ngctl mkpeer public: eiface link2 ether
# dhclient ngeth1
DHCPDISCOVER on ngeth1 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.1.1
DHCPREQUEST on ngeth1 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1bound to 192.168.1.37 -- renewal in 300 seconds.
# ifconfig ngeth1
ngeth1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=28<VLAN_MTU,JUMBO_MTU>
ether 58:9c:fc:10:c6:73
inet 192.168.1.60 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.37 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::5a9c:fcff:fe10:c673%ngeth1 prefixlen 64 scopeid 0xb
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```

Benoît Chesneau, Enki Multimedia
—
t. +33608655490

Sent with [ProtonMail](https://protonmail.com/) secure email.

------- Original Message -------
On Friday, April 29th, 2022 at 09:17, Benoit Chesneau <benoitc@enki-multimedia.eu> wrote:

> I have an issue with the way the nomatch hook is working. I have linked the nomatch hook from a lan to a bridge but I can only get the native vlan in it. I can't even ping new link added to this bridge. Maybe I am missing some connection?
>
> My goal is to be able to catch non filtered vlan in an ng_bridge so I can use them (an dpass newcreated vlan) from a firewall vm in bhyve.
>
> Following the advice of a previous thread, I have created a vlan peer over the lagg0 created using ifconfig and 3 bridge, 2 connected to filtered vlan (102 and 200) and 1 to nomatch. This is sumarised in the following diagram: https://imgur.com/a/aDfUQz6
>
> The configuration is the following:
>
> ```
> mkpeer lagg0: vlan lower downstream
> name lagg0:lower vlan0
> mkpeer vlan0: bridge 102 link0
> mkpeer vlan0: bridge 200 link0
> mkpeer vlan0: bridge nomatch link0
> msg vlan0: addfilter { vid=102 hook="102" }
> msg vlan0: addfilter { vid=200 hook="200" }
> name vlan0:102 bgpnet
> name vlan0:200 services
> name vlan0:nomatch public
> msg lagg0: setpromisc 1msg lagg0: setautosrc 0
>
> ```
>
> Should I connect the nomatch bridge to downstream or anything else? Why Can't I ping the VM connected to that bridge while it can get its IP using DHCP?
>
> Any help is welcome :)
>
> Benoît