Configuring VLANs - Why is IP address require on NIC connected to
Trunk?
Geoff Roberts
geoff at apro.com.au
Thu Jun 18 14:01:59 UTC 2009
Hi,
I am currently using FreeBSD 7.2 - although the configuration below was
originally configured on FreeBSD 7.0.
I have a working VLAN configuration - two VLANS on one interface.
Let's call the interface ext0 and the VLANS bound to this interface vlan0 and
vlan1
The interface ext0 is actually a symbolic name for the real interface (NIC) -
done using ifconfig_em0_name="ext0" in rc.conf.
I find I have to give the ext0 interface an IP address in order for routing
and packet filtering to work on the attached VLANs.
a) Is there a way to configure this so that I don't have to give ext0 an IP
address?
In reality ext0 actually does nothing and has no traffic directed to or from
it.
I would much rather have ext0 without an IP address, as then I don't have to
worry about firewall rules etc.
b) If I do have to give the ext0 interface an IP address are there any general
standards on IP address and mask to specify?
c) Should I also specify firewall rules in pf such as the following or will
these rules cause other things to break.
block in on ext0 from any to (ext0)
block out on ext0 from (ext0) to any
Kind regards,
Geoff
More information about the freebsd-questions
mailing list