From owner-freebsd-questions Wed Oct 2 10:29: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3033D37B401 for ; Wed, 2 Oct 2002 10:29:07 -0700 (PDT) Received: from casper.sri.com (casper.SRI.COM [128.18.243.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 9061743E6A for ; Wed, 2 Oct 2002 10:29:06 -0700 (PDT) (envelope-from hogsett@csl.sri.com) Received: (qmail 9551 invoked from network); 2 Oct 2002 17:32:46 -0000 Received: from localhost (HELO casper.SRI.COM) (127.0.0.1) by casper.sri.com with SMTP; 2 Oct 2002 17:32:46 -0000 Received: from quarter.csl.sri.com ([130.107.1.30]) by casper.SRI.COM (NAVGW 2.5.1.18) with SMTP id M2002100210324523017 ; Wed, 02 Oct 2002 10:32:45 -0700 Received: from axp.csl.sri.com (axp.csl.sri.com [130.107.2.30]) by quarter.csl.sri.com (8.12.4/8.12.4) with ESMTP id g92HT5nr004603; Wed, 2 Oct 2002 10:29:05 -0700 Received: from axp.csl.sri.com (localhost [127.0.0.1]) by axp.csl.sri.com (8.12.3/8.12.3) with ESMTP id g92HT5WZ005564; Wed, 2 Oct 2002 10:29:05 -0700 (PDT) (envelope-from hogsett@axp.csl.sri.com) Message-Id: <200210021729.g92HT5WZ005564@axp.csl.sri.com> To: "Ed Paquette" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Setting Up VLAN IFaces for IDS In-Reply-To: Message from "Ed Paquette" of "Wed, 02 Oct 2002 22:22:57 +0500." <20021002172257.27141.qmail@verizonmail.com> Mime-Version: 1.0 (generated by tm-edit 8.8 (Time Passed Me By)) Content-Type: text/plain; charset=US-ASCII Date: Wed, 02 Oct 2002 10:29:05 -0700 From: Mike Hogsett Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In a switched network unicast packets from host A on port 1 to host b on port 2 will never be seen by host C on port 3 (whether it is a trunk or not). That is the whole point of a switch. Broadcast packets are always sent to all ports in in the VLAN (including trunks). > Greetings. > > My goal is to set up three vlan interfaces on a FreeBSD 4.6.2R box for use wi > th an IDS product. > > Currently, the switch to which the BSD box is connected is set up properly wi > th tagging enabled for the respective VLANS. > > I have a parent interface (fxp1) configured with no IP address. > > If I use TCPDUMP on the parent interface to test whether or not the tagged pa > ckets are being received I get something like: > > #tcpdump -i fxp1 > 00:03:42.758875 802.1Q vlan#10 P0 ... > > > Which to me implies that the packets are arriving at the BSD box appropriatel > y tagged. > > So, I configure a vlan with no IP address: > > #ifconfig vlan0 vlan 10 vlandev fxp1 up > > And when I do a: > > #tcpdump -i vlan0 > > All I get are broadcasts... ARPs, ICMP to something.255, etc for VLAN10. All > unicast packets for VLAN10 are dropped. > > Am I barking up a wrong tree? Is it possible to do this? Ideally, I'd like > to have the following: > > +------+ +-------+ > | FBSD | vlan0....VLAN#10 | | | +-vlan1----VLAN#11-+ switch| > | IDS | vlan2....VLAN#12 | | > +--+---+ +-+-+-+-+ > | | | | > | | | \__VLAN#10 > \__iface with IP | \____VLAN#11 > \______VLAN#12 > > Thanks for any input... > -ed > -- > _______________________________________________ > Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! > http://www.net2phone.com/cgi-bin/link.cgi?143 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message