VLANs is this right?

Steve Bertrand steve at ipv6canada.com
Mon Jul 5 19:08:25 UTC 2010

On 2010.07.05 14:36, Nathan Vidican wrote:
> On Mon, Jul 5, 2010 at 1:30 PM, Modulok <modulok at gmail.com> wrote:
>> It was a simplified diagram of what I thought I needed. ( Which may or
>> may not be what I actually need! )
>> Basically, I want a port on the switch that I can plug un-trusted
>> devices into. Systems wich are known to be just crawling with
>> malicious software. I need to provide them with an Internet
>> connection, but otherwise want them separated from everybody else.
>> Think DMZ isolation, but they're not providing any 'external'
>> services. I was wondering if this could be done with tagging and
>> address aliases, instead of buying a third network card for the BSD
>> machine.
>> If that makes any sense.

> They key is that the switch must connect to the FreeBSD machine using TRUNK
> not access mode. I am not that familiar with the HP procurve series but I'd
> imagine it's not that dissimilar from others I've worked with:

Unlike Cisco where you apply the tagging within interface config, HP
requires you to apply tagging to an interface within the vlan config

vlan 10
   untagged 29-44
   tagged 47
   ip address
vlan 11
   untagged 1-6
   tagged 47
   ip address

'tagged 47' is equivalent to Cisco's `trunk'. It `trunks' vlan 10 and 11
out via gi 47.

The FBSD related config snips previously posted are what is needed on
that end of things.


More information about the freebsd-questions mailing list