Date: Mon, 05 Jul 2010 15:08:31 -0400 From: Steve Bertrand <steve@ipv6canada.com> To: Nathan Vidican <nathan@vidican.com> Cc: David Kelly <dkelly@hiwaay.net>, freebsd-questions@freebsd.org, Modulok <modulok@gmail.com> Subject: Re: VLANs is this right? Message-ID: <4C322DAF.7010200@ipv6canada.com> In-Reply-To: <AANLkTinUfow-QIRda7iCq-OkrLiSGaQtKkTJZANWDqrM@mail.gmail.com> References: <AANLkTilW7eTmmdUtRlXpRX3CT_vuOkE2M0eDB_qiiauW@mail.gmail.com> <20100705165746.GB10990@Grumpy.DynDNS.org> <AANLkTim0kbRIA5ZaCYCLaijIvTmGyugiy36vHgU10sAX@mail.gmail.com> <AANLkTinUfow-QIRda7iCq-OkrLiSGaQtKkTJZANWDqrM@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2010.07.05 14:36, Nathan Vidican wrote: > On Mon, Jul 5, 2010 at 1:30 PM, Modulok <modulok@gmail.com> wrote: > >> It was a simplified diagram of what I thought I needed. ( Which may or >> may not be what I actually need! ) >> >> Basically, I want a port on the switch that I can plug un-trusted >> devices into. Systems wich are known to be just crawling with >> malicious software. I need to provide them with an Internet >> connection, but otherwise want them separated from everybody else. >> Think DMZ isolation, but they're not providing any 'external' >> services. I was wondering if this could be done with tagging and >> address aliases, instead of buying a third network card for the BSD >> machine. >> >> If that makes any sense. > They key is that the switch must connect to the FreeBSD machine using TRUNK > not access mode. I am not that familiar with the HP procurve series but I'd > imagine it's not that dissimilar from others I've worked with: Unlike Cisco where you apply the tagging within interface config, HP requires you to apply tagging to an interface within the vlan config instead: vlan 10 untagged 29-44 tagged 47 ip address 208.70.104.2 255.255.255.248 exit vlan 11 untagged 1-6 tagged 47 ip address 208.70.107.2 255.255.255.248 exit 'tagged 47' is equivalent to Cisco's `trunk'. It `trunks' vlan 10 and 11 out via gi 47. The FBSD related config snips previously posted are what is needed on that end of things. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C322DAF.7010200>