From owner-freebsd-security  Tue Feb 27 18: 4:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elisa.utopianet.net (elisa.utopianet.net [212.210.231.2])
	by hub.freebsd.org (Postfix) with ESMTP id 2B5D837B719
	for <security@FreeBSD.ORG>; Tue, 27 Feb 2001 18:04:50 -0800 (PST)
	(envelope-from rlucia@iscanet.com)
Received: from merlino.iscanet.com (root@[217.59.173.229])
	by elisa.utopianet.net (8.9.1a/8.9.1) with ESMTP id DAA06967;
	Wed, 28 Feb 2001 03:04:35 +0100 (CET)
Received: from [10.0.1.5] (adsl-156-135.38-151.net24.it [151.38.135.156])
	(authenticated)
	by merlino.iscanet.com (8.11.2/8.11.2) with ESMTP id f1S24vh45674;
	Wed, 28 Feb 2001 03:04:58 +0100 (CET)
	(envelope-from rlucia@iscanet.com)
Mime-Version: 1.0
X-Sender: rluciamac@imap.iscanet.com (Unverified)
Message-Id: <p0501040bb6c207a1b645@[10.0.1.5]>
In-Reply-To: <9185502756.20010227105425@technobank.com.by>
References: <3A9A63D8.D6C8881F@eng.ufl.edu>
 <9185502756.20010227105425@technobank.com.by>
Date: Wed, 28 Feb 2001 03:04:41 +0100
To: jeff <shupilov@technobank.com.by>, security@FreeBSD.ORG
From: Rocco Lucia <rlucia@iscanet.com>
Subject: Re: vlan
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 10:54 +0200 27-02-2001, jeff wrote:
>hi!
>
>i'm strongly needet to set up vlan on my freebsd-box
>but unfortunately i can't find any clear instruction how to do it
>there are a lot of hearing that it is already impossible
>
>so, can anybody help me?
>
>thanks,
>
>Dmitry
>

first you should add:

pseudo-device vlan ... see LINT

to your kernel configuration.

Then you can use ifconfig to set your virtual vlan interfaces
bound to the physical one/s.

Assume you have xl0 physical interface and you want to setup 2
vlans on it (VLAN ID 1, VLAN ID 2), you configure interfaces with:

ifconfig vlan0 inet 10.0.0.1 netmask 0xffffff00 vlan 2 vlandev xl0

and

ifconfig vlan1 inet 10.0.1.1 netmask 0xffffff00 vlan 3 vlandev xl0

And you'll be set. Just remember to set up your network switch
accordingly (e.g. allowing those vlan tags on the port).

As for the link0 flag the ifconfig(8) manpage talks about, you
should set it if your card supports vlan tags on its own, so
the physical interface driver will do the thing. I think just
Alteon ti(4) driver supports it.

Have a nice 801.1Q'ing :-)

-- 
Rocco Lucia - rlucia@iscanet.com      Iscanet Internet Services
http://elisa.utopianet.net/~rlucia    System and Network Admin
C6E6 AC9A 1361 FB38 B47A  2792 9FC4 C52F 7A68 4468

Free unices for a free world. Support *BSD.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message