VLANs is this right?
steve at ipv6canada.com
Mon Jul 5 19:08:25 UTC 2010
On 2010.07.05 14:36, Nathan Vidican wrote:
> On Mon, Jul 5, 2010 at 1:30 PM, Modulok <modulok at gmail.com> wrote:
>> It was a simplified diagram of what I thought I needed. ( Which may or
>> may not be what I actually need! )
>> Basically, I want a port on the switch that I can plug un-trusted
>> devices into. Systems wich are known to be just crawling with
>> malicious software. I need to provide them with an Internet
>> connection, but otherwise want them separated from everybody else.
>> Think DMZ isolation, but they're not providing any 'external'
>> services. I was wondering if this could be done with tagging and
>> address aliases, instead of buying a third network card for the BSD
>> If that makes any sense.
> They key is that the switch must connect to the FreeBSD machine using TRUNK
> not access mode. I am not that familiar with the HP procurve series but I'd
> imagine it's not that dissimilar from others I've worked with:
Unlike Cisco where you apply the tagging within interface config, HP
requires you to apply tagging to an interface within the vlan config
ip address 184.108.40.206 255.255.255.248
ip address 220.127.116.11 255.255.255.248
'tagged 47' is equivalent to Cisco's `trunk'. It `trunks' vlan 10 and 11
out via gi 47.
The FBSD related config snips previously posted are what is needed on
that end of things.
More information about the freebsd-questions