Date: Wed, 02 Oct 2002 23:34:00 +0500 From: "Ed Paquette" <ed@gtemail.net> To: freebsd-questions@freebsd.org Subject: Re: Setting Up VLAN IFaces for IDS Message-ID: <20021002183400.14209.qmail@verizonmail.com>
next in thread | raw e-mail | index | archive | help
Hi. I agree with Mike's description of an (unconfigured) switch, but the issue comes after it since tcpdumping -i fxp1 (the parent) yields ALL packets (including unicasts). This is what the switch was configured to do - forward all packets. The issue is with the BSD box and the actual VLAN interface. Any ideas why the vlan interfaces are truncating unicasts? Thanks... -ed > In a switched network unicast packets from host A on port 1 to host b on > port 2 will never be seen by host C on port 3 (whether it is a trunk or > not). That is the whole point of a switch. Broadcast packets are always > sent to all ports in in the VLAN (including trunks). > >> Greetings. >> >> My goal is to set up three vlan interfaces on a FreeBSD 4.6.2R box for use >> with an IDS product. >> >> Currently, the switch to which the BSD box is connected is set up properly >> with tagging enabled for the respective VLANS. >> >> I have a parent interface (fxp1) configured with no IP address. >> >> If I use TCPDUMP on the parent interface to test whether or not the tagged >> packets are being received I get something like: >> >> #tcpdump -i fxp1 >> 00:03:42.758875 802.1Q vlan#10 P0 ... >> <lots and lots of VLAN10 stuff here> >> >> Which to me implies that the packets are arriving at the BSD box >> appropriately tagged. >> >> So, I configure a vlan with no IP address: >> >> #ifconfig vlan0 vlan 10 vlandev fxp1 up >> >> And when I do a: >> >> #tcpdump -i vlan0 >> >> All I get are broadcasts... ARPs, ICMP to something.255, etc for VLAN10. All >> unicast packets for VLAN10 are dropped. >> >> Am I barking up a wrong tree? Is it possible to do this? Ideally, I'd like >> to have the following: >> >> +------+ +-------+ >> | FBSD | vlan0....VLAN#10 | | >> | +-vlan1----VLAN#11-+ switch| >> | IDS | vlan2....VLAN#12 | | >> +--+---+ +-+-+-+-+ >> | | | | >> | | | \__VLAN#10 >> \__iface with IP | \____VLAN#11 >> \______VLAN#12 >> -- _______________________________________________ Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! http://www.net2phone.com/cgi-bin/link.cgi?143 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021002183400.14209.qmail>