Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 02 Oct 2002 10:29:05 -0700
From:      Mike Hogsett <hogsett@csl.sri.com>
To:        "Ed Paquette" <ed@gtemail.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Setting Up VLAN IFaces for IDS 
Message-ID:  <200210021729.g92HT5WZ005564@axp.csl.sri.com>
In-Reply-To: Message from "Ed Paquette" <ed@gtemail.net>  of "Wed, 02 Oct 2002 22:22:57 %2B0500." <20021002172257.27141.qmail@verizonmail.com> 

next in thread | previous in thread | raw e-mail | index | archive | help

In a switched network unicast packets from host A on port 1 to host b on
port 2 will never be seen by host C on port 3 (whether it is a trunk or
not).  That is the whole point of a switch.  Broadcast packets are always
sent to all ports in in the VLAN (including trunks).

> Greetings.
> 
> My goal is to set up three vlan interfaces on a FreeBSD 4.6.2R box for use wi
> th an IDS product.
> 
> Currently, the switch to which the BSD box is connected is set up properly wi
> th tagging enabled for the respective VLANS.
> 
> I have a parent interface (fxp1) configured with no IP address.
> 
> If I use TCPDUMP on the parent interface to test whether or not the tagged pa
> ckets are being received I get something like:
> 
>  #tcpdump -i fxp1
>  00:03:42.758875 802.1Q vlan#10 P0 ...
>   <lots and lots of VLAN10 stuff here>
> 
> Which to me implies that the packets are arriving at the BSD box appropriatel
> y tagged.
> 
> So, I configure a vlan with no IP address:
> 
>  #ifconfig vlan0 vlan 10 vlandev fxp1 up
> 
> And when I do a:
> 
>  #tcpdump -i vlan0
> 
> All I get are broadcasts... ARPs, ICMP to something.255, etc for VLAN10.  All
>  unicast packets for VLAN10 are dropped.
> 
> Am I barking up a wrong tree?  Is it possible to do this?  Ideally, I'd like 
> to have the following:
> 
> +------+                  +-------+
> | FBSD | vlan0....VLAN#10 |       |
|      +-vlan1----VLAN#11-+ switch|
> | IDS  | vlan2....VLAN#12 |       |
> +--+---+                  +-+-+-+-+
>   |                         | | |
>   |                         | | \__VLAN#10
>   \__iface with IP          | \____VLAN#11
>                             \______VLAN#12
> 
> Thanks for any input...
> -ed
> -- 
> _______________________________________________
> Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! 
> http://www.net2phone.com/cgi-bin/link.cgi?143 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210021729.g92HT5WZ005564>