{Spam?} Re: VLANs is this right?
Peter Boosten
peter at boosten.org
Mon Jul 5 17:24:42 UTC 2010
On 5 jul 2010, at 18:16, Modulok wrote:
> Hopefully this doesn't get too garbled by various mail clients:
>
> Internet
> |
> FreeBSD router
> |
> (tagged frames)
> |
> switch
> | |
> vlan1 vlan2
> | |
> hostA hostB
>
> Criteria:
> - HostA must never directly talk to HostB.
> - Both hostA and hostB have an Internet connection.
>
> What I have to work with:
> proCurve switch which supports VLANs.
> 2x Intel NICs in FreeBSD which support VLANs.
>
> I've never messed with VLANs before. This is all new to me. As I
> understand so far, this should be a simple matter of creating the
> vlans on the switch, assigning ports to their respective vlan in
> 'untagged' mode, and then assigning the port BSD connects to, as a
> 'tagged' member of both VLAN's? Then I'd create an IP alias on the
> internal FreeBSD NIC, so that it can talk to both networks over the
> same wire? Is this right?
>
Not entirely: the trunk (between switch and FreeBSD) will have the two different vlan tag id's, and you cannot differentiate between the two by doing 'normal' IP aliasing (yet done with ifconfig). The physical interface won't get an IP address at all, but the two virtual vlan interfaces will.
You can/must keep the two networks apart with a firewall (pf for instance).
Peter
--
Peter Boosten
http://www.boosten.org
More information about the freebsd-questions
mailing list