Date: Thu, 03 Oct 2002 03:00:06 +0500 From: "Ed Paquette" <ed@gtemail.net> To: freebsd-questions@freebsd.org Subject: Re: Setting Up VLAN IFaces for IDS Message-ID: <20021002220006.9720.qmail@verizonmail.com>
next in thread | raw e-mail | index | archive | help
I've done a little more research and found that if I configure a VLAN in the same fashion - but on one of my OpenBSD boxes (using hme as parent iface) the connection works perfectly. Upon completion of the vlan setup: #ifconfig vlan0 vlan 10 vlandev hme1 up I can dump that vlan interface: #tcpdump -i vlan0 And get ALL packets from the ports on the switch configured as VLAN #10. Is this a known FreeBSD issue? -ed > Hi. > > I agree with Mike's description of an (unconfigured) switch, but the issue > comes after it since tcpdumping -i fxp1 (the parent) yields ALL packets > (including unicasts). This is what the switch was configured to do - forward > all packets. > > The issue is with the BSD box and the actual VLAN interface. > > Any ideas why the vlan interfaces are truncating unicasts? > > Thanks... > >> In a switched network unicast packets from host A on port 1 to host b on >> port 2 will never be seen by host C on port 3 (whether it is a trunk or >> not). That is the whole point of a switch. Broadcast packets are always >> sent to all ports in in the VLAN (including trunks). >> >>> Greetings. >>> >>> My goal is to set up three vlan interfaces on a FreeBSD 4.6.2R box for use >>> with an IDS product. >>> >>> Currently, the switch to which the BSD box is connected is set up properly >>> with tagging enabled for the respective VLANS. >>> >>> I have a parent interface (fxp1) configured with no IP address. >>> >>> If I use TCPDUMP on the parent interface to test whether or not the tagged >>> packets are being received I get something like: >>> >>> #tcpdump -i fxp1 >>> 00:03:42.758875 802.1Q vlan#10 P0 ... >>> <lots and lots of VLAN10 stuff here> >>> >>> Which to me implies that the packets are arriving at the BSD box >>> appropriately tagged. >>> >>> So, I configure a vlan with no IP address: >>> >>> #ifconfig vlan0 vlan 10 vlandev fxp1 up >>> >>> And when I do a: >>> >>> #tcpdump -i vlan0 >>> >>> All I get are broadcasts... ARPs, ICMP to something.255, etc for VLAN10. All >>> unicast packets for VLAN10 are dropped. >>> >>> Am I barking up a wrong tree? Is it possible to do this? Ideally, I'd like >>> to have the following: >>> >>> +------+ +-------+ >>> | FBSD | vlan0....VLAN#10 | | >>> | +-vlan1----VLAN#11-+ switch| >>> | IDS | vlan2....VLAN#12 | | >>> +--+---+ +-+-+-+-+ >>> | | | | >>> | | | \__VLAN#10 >>> \__iface with IP | \____VLAN#11 >>> \______VLAN#12 >>> -- _______________________________________________ Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! http://www.net2phone.com/cgi-bin/link.cgi?143 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021002220006.9720.qmail>