svn commit: r44163 - head/en_US.ISO8859-1/books/handbook/advanced-networking

Dru Lavigne dru at FreeBSD.org
Thu Mar 6 23:27:25 UTC 2014


Author: dru
Date: Thu Mar  6 23:27:25 2014
New Revision: 44163
URL: http://svnweb.freebsd.org/changeset/doc/44163

Log:
  White space fix only. Translators can ignore.
  
  Sponsored by: iXsystems

Modified:
  head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Thu Mar  6 23:00:13 2014	(r44162)
+++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Thu Mar  6 23:27:25 2014	(r44163)
@@ -2848,104 +2848,106 @@ rfcomm_sppd[94692]: Starting on /dev/tty
 	<primary>bridge</primary>
       </indexterm>
 
-      <para>It is sometimes useful to divide a network,
-	such as an Ethernet segment, into network
-	segments without having to create <acronym>IP</acronym>
-	subnets and use a router to connect the segments together.
-	A device that connects two networks together in this fashion
-	is called a <quote>bridge</quote>.</para>
-
-      <para>A bridge works by learning the <acronym>MAC</acronym>
-	addresses of the devices on each of its
-	network interfaces.  It forwards traffic between networks
-	only when the source and destination <acronym>MAC</acronym> addresses are on different
-	networks.  In many respects, a bridge is like an Ethernet switch with
-	very few ports.    A &os; system with multiple
-	network interfaces can be configured to act as a bridge.</para>
+    <para>It is sometimes useful to divide a network, such as an
+      Ethernet segment, into network segments without having to
+      create <acronym>IP</acronym> subnets and use a router to connect
+      the segments together.  A device that connects two networks
+      together in this fashion is called a
+      <quote>bridge</quote>.</para>
+
+    <para>A bridge works by learning the <acronym>MAC</acronym>
+      addresses of the devices on each of its network interfaces.  It
+      forwards traffic between networks only when the source and
+      destination <acronym>MAC</acronym> addresses are on different
+      networks.  In many respects, a bridge is like an Ethernet switch
+      with very few ports.    A &os; system with multiple network
+      interfaces can be configured to act as a bridge.</para>
 
-      <para>Bridging can be useful in the following situations:</para>
+    <para>Bridging can be useful in the following situations:</para>
 
-      <variablelist>
-	<varlistentry>
+    <variablelist>
+      <varlistentry>
 	<term>Connecting Networks</term>
 	<listitem>
-	<para>The basic operation of a bridge is to join two or more
-	  network segments.  There are many reasons to use a
-	  host-based bridge instead of networking equipment, such as
-	  cabling constraints or firewalling.  A bridge can
-	  also connect a wireless interface running in hostap mode to
-	  a wired network and act as an access point.</para>
-      </listitem>
-    </varlistentry>
+	  <para>The basic operation of a bridge is to join two or more
+	    network segments.  There are many reasons to use a
+	    host-based bridge instead of networking equipment, such as
+	    cabling constraints or firewalling.  A bridge can also
+	    connect a wireless interface running in hostap mode to a
+	    wired network and act as an access point.</para>
+	</listitem>
+      </varlistentry>
 
-	<varlistentry>
+      <varlistentry>
 	<term>Filtering/Traffic Shaping Firewall</term>
 	<listitem>
-	<para>A bridge can be used when firewall functionality is
-	  needed without routing or Network Address Translation
-	  (<acronym>NAT</acronym>).</para>
-
-	<para>An example is a small company that is connected via
-	  <acronym>DSL</acronym>
-	  or <acronym>ISDN</acronym> to an <acronym>ISP</acronym>.
-	  There are thirteen public <acronym>IP</acronym>
-	  addresses from the <acronym>ISP</acronym> and ten computers
-	  on the network.  In this situation, using a router-based
-	  firewall is difficult because of subnetting issues.  A bridge-based firewall can be configured without any
-	  <acronym>IP</acronym> addressing issues.</para>
-      </listitem>
-    </varlistentry>
+	  <para>A bridge can be used when firewall functionality is
+	    needed without routing or Network Address Translation
+	    (<acronym>NAT</acronym>).</para>
+
+	  <para>An example is a small company that is connected via
+	    <acronym>DSL</acronym> or <acronym>ISDN</acronym> to an
+	    <acronym>ISP</acronym>.  There are thirteen public
+	    <acronym>IP</acronym> addresses from the
+	    <acronym>ISP</acronym> and ten computers on the network.
+	    In this situation, using a router-based firewall is
+	    difficult because of subnetting issues.  A bridge-based
+	    firewall can be configured without any
+	    <acronym>IP</acronym> addressing issues.</para>
+	</listitem>
+      </varlistentry>
 
       <varlistentry>
 	<term>Network Tap</term>
 	<listitem>
-	<para>A bridge can join two network segments in order to
-	  inspect all Ethernet frames that pass between them using
-	  &man.bpf.4; and &man.tcpdump.1; on the bridge interface or
-	  by sending a copy of all frames out an additional interface
-	  known as a span port.</para>
-      </listitem>
-    </varlistentry>
+	  <para>A bridge can join two network segments in order to
+	    inspect all Ethernet frames that pass between them using
+	    &man.bpf.4; and &man.tcpdump.1; on the bridge interface or
+	    by sending a copy of all frames out an additional
+	    interface known as a span port.</para>
+	</listitem>
+      </varlistentry>
 
       <varlistentry>
 	<term>Layer 2 <acronym>VPN</acronym></term>
 	<listitem>
-	<para>Two Ethernet networks can be joined across an
-	  <acronym>IP</acronym> link by bridging the networks to an
-	  EtherIP tunnel or a &man.tap.4; based solution such as
-	  <application>OpenVPN</application>.</para>
-      </listitem>
-    </varlistentry>
+	  <para>Two Ethernet networks can be joined across an
+	    <acronym>IP</acronym> link by bridging the networks to an
+	    EtherIP tunnel or a &man.tap.4; based solution such as
+	    <application>OpenVPN</application>.</para>
+	</listitem>
+      </varlistentry>
 
       <varlistentry>
 	<term>Layer 2 Redundancy</term>
 	<listitem>
-	<para>A network can be connected together with multiple links
-	  and use the Spanning Tree Protocol (<acronym>STP</acronym>)
-	  to block redundant paths.</para>
-      </listitem>
-    </varlistentry>
-  </variablelist>
+	  <para>A network can be connected together with multiple
+	    links and use the Spanning Tree Protocol
+	    (<acronym>STP</acronym>) to block redundant paths.</para>
+	</listitem>
+      </varlistentry>
+    </variablelist>
 
-      <para>This section describes how to configure a &os; system as a
-	bridge using &man.if.bridge.4;.
-	A netgraph bridging driver is also available, and is described
-	in &man.ng.bridge.4;.</para>
+    <para>This section describes how to configure a &os; system as a
+      bridge using &man.if.bridge.4;.  A netgraph bridging driver is
+      also available, and is described in &man.ng.bridge.4;.</para>
 
-      <note>
+    <note>
       <para>Packet filtering can be used with any firewall package
-	that hooks into the &man.pfil.9; framework.  The bridge can be used as a traffic shaper with
-	&man.altq.4; or &man.dummynet.4;.</para>
-      </note>
+	that hooks into the &man.pfil.9; framework.  The bridge can be
+	used as a traffic shaper with &man.altq.4; or
+	&man.dummynet.4;.</para>
+    </note>
 
     <sect2>
       <title>Enabling the Bridge</title>
 
       <para>In &os;, &man.if.bridge.4; is a kernel module which is
 	automatically loaded by &man.ifconfig.8; when creating a
-	bridge interface.  It is also possible to compile bridge support
-	into a custom kernel by adding <literal>device if_bridge</literal>
-	to the custom kernel configuration file.</para>
+	bridge interface.  It is also possible to compile bridge
+	support into a custom kernel by adding
+	<literal>device if_bridge</literal> to the custom kernel
+	configuration file.</para>
 
       <para>The bridge is created using interface cloning.  To create
 	the bridge interface:</para>
@@ -2968,19 +2970,18 @@ bridge0: flags=8802<BROADCAST,SIMPLEX
 	The other parameters control how <acronym>STP</acronym>
 	operates.</para>
 
-      <para>Next, specify which network interfaces to add as members of the bridge.
-	For the bridge to forward packets, all member interfaces and
-	the bridge need to be up:</para>
+      <para>Next, specify which network interfaces to add as members
+	of the bridge.  For the bridge to forward packets, all member
+	interfaces and the bridge need to be up:</para>
 
       <screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 up</userinput>
 &prompt.root; <userinput>ifconfig fxp0 up</userinput>
 &prompt.root; <userinput>ifconfig fxp1 up</userinput></screen>
 
       <para>The bridge can now forward Ethernet frames between
-	<filename>fxp0</filename> and
-	<filename>fxp1</filename>.  Add the following lines to
-	<filename>/etc/rc.conf</filename> so the bridge is created
-	at startup:</para>
+	<filename>fxp0</filename> and <filename>fxp1</filename>.  Add
+	the following lines to <filename>/etc/rc.conf</filename> so
+	the bridge is created at startup:</para>
 
       <programlisting>cloned_interfaces="bridge0"
 ifconfig_bridge0="addm fxp0 addm fxp1 up"
@@ -2988,9 +2989,8 @@ ifconfig_fxp0="up"
 ifconfig_fxp1="up"</programlisting>
 
       <para>If the bridge host needs an <acronym>IP</acronym>
-	address, set it on the bridge
-	interface, not on the member interfaces.
-	The address can be set statically or via
+	address, set it on the bridge interface, not on the member
+	interfaces.  The address can be set statically or via
 	<acronym>DHCP</acronym>.  This example sets a static
 	<acronym>IP</acronym> address:</para>
 
@@ -3002,48 +3002,44 @@ ifconfig_fxp1="up"</programlisting>
 	<filename>/etc/rc.conf</filename>.</para>
 
       <note>
-      <para>When packet filtering is enabled, bridged packets will
-	pass through the filter inbound on the originating interface
-	on the bridge interface, and outbound on the appropriate
-	interfaces.  Either stage can be disabled.  When direction of
-	the packet flow is important, it is best to firewall on the
-	member interfaces rather than the bridge itself.</para>
-
-      <para>The bridge has several configurable settings for passing
-	non-<acronym>IP</acronym> and <acronym>IP</acronym> packets,
-	and layer2 firewalling with &man.ipfw.8;.  See
-	&man.if.bridge.4; for more information.</para>
+	<para>When packet filtering is enabled, bridged packets will
+	  pass through the filter inbound on the originating interface
+	  on the bridge interface, and outbound on the appropriate
+	  interfaces.  Either stage can be disabled.  When direction
+	  of the packet flow is important, it is best to firewall on
+	  the member interfaces rather than the bridge itself.</para>
+
+	<para>The bridge has several configurable settings for passing
+	  non-<acronym>IP</acronym> and <acronym>IP</acronym> packets,
+	  and layer2 firewalling with &man.ipfw.8;.  See
+	  &man.if.bridge.4; for more information.</para>
       </note>
     </sect2>
 
     <sect2>
       <title>Enabling Spanning Tree</title>
 
-      <para>For an Ethernet network to
-	  function properly, only one active path can exist between
-	  two devices.  The <acronym>STP</acronym> protocol detects loops and
-	  puts redundant links into a blocked state.  Should one
-	  of the active links fail, <acronym>STP</acronym>
-	  calculates a different tree and enables one of the blocked
-	  paths to restore connectivity to all points in the
-	  network.</para>
-
-      <para>The Rapid Spanning Tree
-	Protocol (<acronym>RSTP</acronym> or 802.1w) provides backwards
-	compatibility with legacy <acronym>STP</acronym>.
-	<acronym>RSTP</acronym> provides
-	faster convergence and
-	exchanges information with neighboring switches
-	to quickly transition to forwarding mode without creating loops.
-	&os; supports <acronym>RSTP</acronym> and
+      <para>For an Ethernet network to function properly, only one
+	active path can exist between two devices.  The
+	<acronym>STP</acronym> protocol detects loops and puts
+	redundant links into a blocked state.  Should one of the
+	active links fail, <acronym>STP</acronym> calculates a
+	different tree and enables one of the blocked paths to restore
+	connectivity to all points in the network.</para>
+
+      <para>The Rapid Spanning Tree Protocol (<acronym>RSTP</acronym>
+	or 802.1w) provides backwards compatibility with legacy
+	<acronym>STP</acronym>.  <acronym>RSTP</acronym> provides
+	faster convergence and exchanges information with neighboring
+	switches to quickly transition to forwarding mode without
+	creating loops.  &os; supports <acronym>RSTP</acronym> and
 	<acronym>STP</acronym> as operating modes, with
 	<acronym>RSTP</acronym> being the default mode.</para>
 
       <para><acronym>STP</acronym> can be enabled on member interfaces
 	using &man.ifconfig.8;.  For a bridge with
-	<filename>fxp0</filename> and
-	<filename>fxp1</filename> as the current interfaces,
-	enable <acronym>STP</acronym> with:</para>
+	<filename>fxp0</filename> and <filename>fxp1</filename> as the
+	current interfaces, enable <acronym>STP</acronym> with:</para>
 
       <screen>&prompt.root; <userinput>ifconfig bridge0 stp fxp0 stp fxp1</userinput>
 bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
@@ -3088,163 +3084,163 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
     </sect2>
 
     <sect2>
-	<title>Bridge Interface Parameters</title>
+      <title>Bridge Interface Parameters</title>
 
-	<para>Several <command>ifconfig</command> parameters are unique
-	  to bridge interfaces.  This section summarizes some common
-	  uses for these parameters.  The complete list of available parameters is
-	  described in &man.ifconfig.8;.</para>
-
-	<variablelist>
-	  <varlistentry>
-	    <term>private</term>
-	    <listitem>
-	<para>A private interface does not forward any traffic to any
-	  other port that is also designated as a private interface.  The traffic is
-	  blocked unconditionally so no Ethernet frames will be
-	  forwarded, including <acronym>ARP</acronym> packets.  If traffic
-	  needs to be selectively blocked, a firewall should be used
-	  instead.</para>
-	</listitem>
-      </varlistentry>
+      <para>Several <command>ifconfig</command> parameters are unique
+	to bridge interfaces.  This section summarizes some common
+	uses for these parameters.  The complete list of available
+	parameters is described in &man.ifconfig.8;.</para>
 
-      <varlistentry>
-	<term>span</term>
-	<listitem>
-	<para>A span port transmits a copy of every Ethernet frame received by the bridge.
-	  The number
-	  of span ports configured on a bridge is unlimited, but if an
-	  interface is designated as a span port, it cannot also be
-	  used as a regular bridge port.  This is most useful for
-	  snooping a bridged network passively on another host
-	  connected to one of the span ports of the bridge.  For
-	  example, to send a copy of all frames out the interface named
-	  <filename>fxp4</filename>:</para>
+      <variablelist>
+	<varlistentry>
+	  <term>private</term>
+	  <listitem>
+	    <para>A private interface does not forward any traffic to
+	      any other port that is also designated as a private
+	      interface.  The traffic is blocked unconditionally so no
+	      Ethernet frames will be forwarded, including
+	      <acronym>ARP</acronym> packets.  If traffic needs to be
+	      selectively blocked, a firewall should be used
+	      instead.</para>
+	  </listitem>
+	</varlistentry>
 
-	<screen>&prompt.root; <userinput>ifconfig bridge0 span fxp4</userinput></screen>
-      </listitem>
-    </varlistentry>
+	<varlistentry>
+	  <term>span</term>
+	  <listitem>
+	    <para>A span port transmits a copy of every Ethernet frame
+	      received by the bridge.  The number of span ports
+	      configured on a bridge is unlimited, but if an
+	      interface is designated as a span port, it cannot also
+	      be used as a regular bridge port.  This is most useful
+	      for snooping a bridged network passively on another host
+	      connected to one of the span ports of the bridge.  For
+	      example, to send a copy of all frames out the interface
+	      named <filename>fxp4</filename>:</para>
+
+	    <screen>&prompt.root; <userinput>ifconfig bridge0 span fxp4</userinput></screen>
+	  </listitem>
+	</varlistentry>
 
-      <varlistentry>
-	<term>sticky</term>
-	<listitem>
-	<para>If a bridge member interface is marked as sticky,
-	  dynamically learned address entries are treated at static
-	  entries in the forwarding cache.  Sticky entries are
-	  never aged out of the cache or replaced, even if the address
-	  is seen on a different interface.  This gives the benefit of
-	  static address entries without the need to pre-populate the
-	  forwarding table.  Clients learned on a particular segment
-	  of the bridge can not roam to another segment.</para>
-
-	<para>An example of using sticky addresses is to combine
-	  the bridge with <acronym>VLAN</acronym>s in order to isolate
-	  customer networks without wasting
-	  <acronym>IP</acronym> address space.  Consider that
-	  <systemitem class="fqdomainname">CustomerA</systemitem> is
-	  on <literal>vlan100</literal>, <systemitem
-	    class="fqdomainname">CustomerB</systemitem> is on
-	  <literal>vlan101</literal>, and the bridge has the address
-	  <systemitem class="ipaddress">192.168.0.1</systemitem>:</para>
+	<varlistentry>
+	  <term>sticky</term>
+	  <listitem>
+	    <para>If a bridge member interface is marked as sticky,
+	      dynamically learned address entries are treated at
+	      static entries in the forwarding cache.  Sticky entries
+	      are never aged out of the cache or replaced, even if the
+	      address is seen on a different interface.  This gives
+	      the benefit of static address entries without the need
+	      to pre-populate the forwarding table.  Clients learned
+	      on a particular segment of the bridge can not roam to
+	      another segment.</para>
+
+	    <para>An example of using sticky addresses is to combine
+	      the bridge with <acronym>VLAN</acronym>s in order to
+	      isolate customer networks without wasting
+	      <acronym>IP</acronym> address space.  Consider that
+	      <systemitem class="fqdomainname">CustomerA</systemitem>
+	      is on <literal>vlan100</literal>, <systemitem
+		class="fqdomainname">CustomerB</systemitem> is on
+	      <literal>vlan101</literal>, and the bridge has the
+	      address <systemitem
+		class="ipaddress">192.168.0.1</systemitem>:</para>
 
-	<screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
+	    <screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
 &prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen>
 
-	<para>In this example, both clients see <systemitem
-	    class="ipaddress">192.168.0.1</systemitem> as their
-	  default gateway.  Since the bridge cache is sticky, one host
-	  can not spoof the <acronym>MAC</acronym> address of the
-	  other customer in order to intercept their traffic.</para>
-
-	<para>Any communication between the <acronym>VLAN</acronym>s
-	  can be blocked using a firewall or, as seen in this example,
-	  private interfaces:</para>
-
-	<screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen>
-
-	<para>The customers are completely isolated from each other
-	  and the full <systemitem class="netmask">/24</systemitem>
-	  address range can be allocated without subnetting.</para>
-
-	<para>The number of unique source <acronym>MAC</acronym>
-	  addresses behind an interface can be limited.  Once the
-	  limit is reached, packets with unknown source addresses
-	  are dropped until an existing host cache entry expires or
-	  is removed.</para>
-
-	<para>The following example sets the maximum number of
-	  Ethernet devices for <systemitem
-	    class="fqdomainname">CustomerA</systemitem> on
-	  <literal>vlan100</literal> to 10:</para>
+	    <para>In this example, both clients see <systemitem
+		class="ipaddress">192.168.0.1</systemitem> as their
+	      default gateway.  Since the bridge cache is sticky, one
+	      host can not spoof the <acronym>MAC</acronym> address of
+	      the other customer in order to intercept their
+	      traffic.</para>
+
+	    <para>Any communication between the
+	      <acronym>VLAN</acronym>s can be blocked using a firewall
+	      or, as seen in this example, private interfaces:</para>
+
+	    <screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen>
+
+	    <para>The customers are completely isolated from each
+	      other and the full <systemitem
+		class="netmask">/24</systemitem> address range can be
+	      allocated without subnetting.</para>
+
+	    <para>The number of unique source <acronym>MAC</acronym>
+	      addresses behind an interface can be limited.  Once the
+	      limit is reached, packets with unknown source addresses
+	      are dropped until an existing host cache entry expires
+	      or is removed.</para>
+
+	    <para>The following example sets the maximum number of
+	      Ethernet devices for <systemitem
+		class="fqdomainname">CustomerA</systemitem> on
+	      <literal>vlan100</literal> to 10:</para>
+
+	    <screen>&prompt.root; <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput></screen>
+	  </listitem>
+	</varlistentry>
+      </variablelist>
+
+      <para>Bridge interfaces also support monitor mode, where the
+	packets are discarded after &man.bpf.4; processing and are not
+	processed or forwarded further.  This can be used to
+	multiplex the input of two or more interfaces into a single
+	&man.bpf.4; stream.  This is useful for reconstructing the
+	traffic for network taps that transmit the RX/TX signals out
+	through two separate interfaces.  For example, to read the
+	input from four network interfaces as one stream:</para>
 
-	<screen>&prompt.root; <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput></screen>
-      </listitem>
-    </varlistentry>
-  </variablelist>
-  
-	<para>Bridge interfaces also support monitor mode, where the packets are
-	  discarded after &man.bpf.4; processing and are not
-	  processed or forwarded further.  This can be used to
-	  multiplex the input of two or more interfaces into a single
-	  &man.bpf.4; stream.  This is useful for reconstructing the
-	  traffic for network taps that transmit the RX/TX signals out
-	  through two separate interfaces.  For example,
-	  to read the input from four network interfaces as one
-	  stream:</para>
-
-	<screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
-&prompt.root; <userinput>tcpdump -i bridge0</userinput></screen> 
-</sect2>
+      <screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
+&prompt.root; <userinput>tcpdump -i bridge0</userinput></screen>
+    </sect2>
 
-      <sect2>
-	<title><acronym>SNMP</acronym> Monitoring</title>
+    <sect2>
+      <title><acronym>SNMP</acronym> Monitoring</title>
 
-	<para>The bridge interface and <acronym>STP</acronym>
-	  parameters can be monitored via &man.bsnmpd.1; which is
-	  included in the &os; base system.  The exported bridge
-	  <acronym>MIB</acronym>s conform to
-	  <acronym>IETF</acronym> standards so any
-	  <acronym>SNMP</acronym> client or monitoring package can be
-	  used to retrieve the data.</para>
-
-	<para>To enable monitoring on the bridge, uncomment this
-	  line in
-	  <filename>/etc/snmp.config</filename> by removing the
-	  beginning <literal>#</literal> symbol:</para>
-	  
-	<programlisting>begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"</programlisting>
-	  
-	<para>Other configuration settings, such as community
-	  names and access lists, may need to be modified in this file.  See
-	  &man.bsnmpd.1; and &man.snmp.bridge.3; for more
-	  information.  Once these edits are saved, add this line to
-	  <filename>/etc/rc.conf</filename>:</para>
-	  
-	<programlisting>bsnmpd_enable="YES"</programlisting>
- 
-	<para>Then, start
-	  &man.bsnmpd.1;:</para>
+      <para>The bridge interface and <acronym>STP</acronym>
+	parameters can be monitored via &man.bsnmpd.1; which is
+	included in the &os; base system.  The exported bridge
+	<acronym>MIB</acronym>s conform to <acronym>IETF</acronym>
+	standards so any <acronym>SNMP</acronym> client or monitoring
+	package can be used to retrieve the data.</para>
+
+      <para>To enable monitoring on the bridge, uncomment this line in
+	<filename>/etc/snmp.config</filename> by removing the
+	beginning <literal>#</literal> symbol:</para>
+
+      <programlisting>begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"</programlisting>
 	  
-	<screen>&prompt.root; <userinput>service bsnmpd start</userinput></screen>
+      <para>Other configuration settings, such as community names and
+	access lists, may need to be modified in this file.  See
+	&man.bsnmpd.1; and &man.snmp.bridge.3; for more information.
+	Once these edits are saved, add this line to
+	<filename>/etc/rc.conf</filename>:</para>
+
+      <programlisting>bsnmpd_enable="YES"</programlisting>
+
+      <para>Then, start  &man.bsnmpd.1;:</para>
+
+      <screen>&prompt.root; <userinput>service bsnmpd start</userinput></screen>
 
-	<para>The following examples use the
-	  <application>Net-SNMP</application> software
-	  (<package>net-mgmt/net-snmp</package>) to query a bridge
-	  from a client system.  The
-	  <package>net-mgmt/bsnmptools</package> port can also be
-	  used.  From the <acronym>SNMP</acronym> client which is
-	  running <application>Net-SNMP</application>, add the
-	  following lines to
-	  <filename>$HOME/.snmp/snmp.conf</filename> in order to
-	  import the bridge <acronym>MIB</acronym> definitions:</para>
+      <para>The following examples use the
+	<application>Net-SNMP</application> software
+	(<package>net-mgmt/net-snmp</package>) to query a bridge
+	from a client system.  The
+	<package>net-mgmt/bsnmptools</package> port can also be used.
+	From the <acronym>SNMP</acronym> client which is running
+	<application>Net-SNMP</application>, add the following lines
+	to <filename>$HOME/.snmp/snmp.conf</filename> in order to
+	import the bridge <acronym>MIB</acronym> definitions:</para>
 
-	<programlisting>mibdirs +/usr/share/snmp/mibs
+      <programlisting>mibdirs +/usr/share/snmp/mibs
 mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB</programlisting>
 
-	<para>To monitor a single bridge using the IETF BRIDGE-MIB
-	  (RFC4188):</para>
+      <para>To monitor a single bridge using the IETF BRIDGE-MIB
+	(RFC4188):</para>
 
-	<screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
+      <screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
 BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
 BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports
 BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds
@@ -3261,18 +3257,18 @@ BRIDGE-MIB::dot1dStpPortDesignatedPort.3
 BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
 RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)</screen>
 
-	<para>The <literal>dot1dStpTopChanges.0</literal> value is
-	  two, indicating that the <acronym>STP</acronym> bridge
-	  topology has changed twice.  A topology change means that
-	  one or more links in the network have changed or failed
-	  and a new tree has been calculated.  The
-	  <literal>dot1dStpTimeSinceTopologyChange.0</literal> value
-	  will show when this happened.</para>
+      <para>The <literal>dot1dStpTopChanges.0</literal> value is two,
+	indicating that the <acronym>STP</acronym> bridge topology has
+	changed twice.  A topology change means that one or more links
+	in the network have changed or failed and a new tree has been
+	calculated.  The
+	<literal>dot1dStpTimeSinceTopologyChange.0</literal> value
+	will show when this happened.</para>
 
-	<para>To monitor multiple bridge interfaces, the private
-	  BEGEMOT-BRIDGE-MIB can be used:</para>
+      <para>To monitor multiple bridge interfaces, the private
+	BEGEMOT-BRIDGE-MIB can be used:</para>
 
-	<screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com</userinput>
+      <screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com</userinput>
 enterprises.fokus.begemot.begemotBridge
 BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge0" = STRING: bridge0
 BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge2" = STRING: bridge2
@@ -3288,10 +3284,10 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopC
 BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge0" = Hex-STRING: 80 00 00 40 95 30 5E 31
 BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9</screen>
 
-	<para>To change the bridge interface being monitored via the
-	  <literal>mib-2.dot1dBridge</literal> subtree:</para>
+      <para>To change the bridge interface being monitored via the
+	<literal>mib-2.dot1dBridge</literal> subtree:</para>
 
-	<screen>&prompt.user; <userinput>snmpset -v 2c -c private bridge1.example.com</userinput>
+      <screen>&prompt.user; <userinput>snmpset -v 2c -c private bridge1.example.com</userinput>
 BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2</screen>
     </sect2>
   </sect1>


More information about the svn-doc-all mailing list