vlan without ip address

John Nielsen lists at jnielsen.net
Mon Dec 19 17:03:42 UTC 2011 

On Dec 19, 2011, at 12:52 AM, saeedeh motlagh wrote:

> you're right but we can't assign tow parent interface to one vlan in
> freebsd therefore i define two vlans with the one vlan id.
> although we can do it by blow command but it's not work too:
> ifconfig gbeth0.10 create
> ifconfig msk0.10 create
> ifconfig
> gbeth0.10: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>    options=3<RXCSUM,TXCSUM>
>    ether 00:27:0e:03:4b:2f
>    media: Ethernet autoselect (1000baseT <full-duplex>)
>    status: active
>    vlan: 10 parent interface: gbeth0
> msk0.10: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>    options=100<TSO4>
>    ether 00:30:4f:63:5a:bc
>    media: Ethernet autoselect (none)
>    status: active
>    vlan: 10 parent interface: msk0
> 
> you know when i define vlans with ip addressess they work as i expected but
> i want to know if i can define vlan without ip address as the switch
> beacuse i wanna configure a freebsd box as a real switch in my network.
> maybe it's impossible to do that :(

Take a few minutes to think out (and describe to us in detail if you really want useful input) your network topology. What interfaces do you have on the FreeBSD machine and what are they connected to? Which interfaces should carry tagged traffic? Which interfaces should carry untagged traffic? How many VLAN's exist? Which ones does the FreeBSD machine care about? (i.e. which ones will it be tagging/untagging for?) Traffic for other VLAN's can pass through the box but you don't need to create VLAN interfaces for them. You need VLAN interfaces only for those VLAN's where:
	The FreeBSD box itself should communicate on one or more specific VLAN's (and/or provide services, etc) -OR-
	The FreeBSD box is sending/receiving untagged traffic on one or more interfaces and should untag/tag it as needed for other hosts.

Once you've got that figured out, configure your bridges and VLANs as follows:

Any physical interface that carries traffic for multiple VLAN's should be considered a "trunk" port. Traffic on trunk ports is tagged.
If you only have one trunk port, it shouldn't be in a bridge at all. If you have more than one, all of your trunk ports should be members of a single bridge (the "real" parent interfaces).
If you don't want the FreeBSD box to do any tagging/untagging then you're done. However it sounds like that is not the case..

Now create VLAN interfaces off of the trunk bridge (or interface if just one) for only those VLAN's this machine cares about.
For each VLAN that should do tagging/untagging for a physical interface, create a NEW bridge device. Add to the bridge the untagged physical interface(s) and the appropriate VLAN interface from the trunk.
If the FreeBSD box itself needs to communicate on one or more specific VLAN's, configure it to do so using the bridge device created for that VLAN (if any) or the appropriate VLAN sub-interface of the trunk bridge (if not shared with any untagged physical interfaces).

In short, you should only have ONE trunk device, whether it's a bridge or a single interface. You don't need to create a VLAN interface for VLAN's this machine doesn't care about. ALL of the VLAN sub-interfaces you do create should be children of the trunk device. VLAN's that have untagged interfaces should be in their own bridges with those interfaces.

HTH,

JN

> On Sun, Dec 18, 2011 at 10:52 PM, Alexander Lunev <sol289 at gmail.com> wrote:
> 
>> first of all, you should name and number you vlan same, if it's clan10
>> on the one side, then it's vlan10 on the other side and in betweeen.
>> then (though you have to do it first of all), you should understand
>> how vlan's work, and after that connect ports to each other according
>> to your scheme.
>> 
>> 
>> --
>> your sweet isn't ready yet
>> 
>> 
>> 
>> On Sun, Dec 18, 2011 at 10:01 AM, saeedeh motlagh
>> <saeedeh.motlagh at gmail.com> wrote:
>>> i have 3 freebsd system: 0.28 , 0.25 and 0.12 which 28 is assumed to be
>>> switch here. one interface of 28 is connected to 25 and the other
>> interface
>>> of 28 is connected to 12. as mentioned below, i've defined two vlan10 and
>>> 11 with the same vlan id on the 28 and bridge them.
>>> now i can't ping 0.25 from 0.12. what's wrong here? should i define
>> vlan10
>>> on 12 and 25?
>>> please tell me if i'm misunderstanding.
>>> this is the ifconfig for 0.28:
>>> vlan10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> metric 0
>>> mtu 1500
>>>   options=3<RXCSUM,TXCSUM>
>>>   ether 00:27:0e:03:4b:2f
>>>   media: Ethernet autoselect (1000baseT <full-duplex>)
>>>   status: active
>>>   vlan: 10 parent interface: gbeth0
>>> vlan11: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> metric 0
>>> mtu 1500
>>>   options=100<TSO4>
>>>   ether 00:30:4f:63:5a:bc
>>>   media: Ethernet autoselect (none)
>>>   status: active
>>>   vlan: 10 parent interface: msk0
>>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>>> 1500
>>>   ether d6:c4:f6:0f:5e:4f
>>>   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>>   maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
>>>   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>>>   member: vlan11 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>>           ifmaxaddr 0 port 6 priority 128 path cost 55
>>>   member: vlan10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>>           ifmaxaddr 0 port 5 priority 128 path cost 20000
>>> 
>>> 
>>> On Sat, Dec 17, 2011 at 8:47 PM, Alireza Torabi <
>> alireza.torabi at gmail.com>wrote:
>>> 
>>>> َAlso it's a good idea to to attach a ifconfig output.
>>>> 
>>>> On 12/17/11, saeedeh motlagh <saeedeh.motlagh at gmail.com> wrote:
>>>>> when i do that, the vlan is defined but from a system in a vlan, i
>> can't
>>>>> ping the other one which is in the same vlan. so i think that the
>> vlan is
>>>>> not working. am i right?
>>>>> 
>>>>> On Sat, Dec 17, 2011 at 1:15 PM, Juli Mallett <jmallett at freebsd.org>
>>>> wrote:
>>>>> 
>>>>>> You probably just need to do ifconfig vlanxxx up instead of
>> assigning an
>>>>>> IP.
>>>>>> 
>>>>>> On Sat, Dec 17, 2011 at 00:08, saeedeh motlagh
>>>>>> <saeedeh.motlagh at gmail.com> wrote:
>>>>>>> hi every body
>>>>>>> 
>>>>>>> i wanna configure a freebsd box as a switch. in order to do that, i
>>>>>> bridged
>>>>>>> all my interfaces to have switching and it works fine. after that i
>>>> want
>>>>>> to
>>>>>>> have vlans on it. as you know, in a real switch, a vlan is
>> configured
>>>>>> just
>>>>>>> by assigning a port to it without any additional configuration and
>>>> vlans
>>>>>>> are submitted just by name. but in freebsd a vlan just works when
>> it
>>>> has
>>>>>> an
>>>>>>> ip address (i think). when i define vlan121 on two freebsd systems
>>>> with
>>>>>> ip
>>>>>>> address it works fine but without ip address i don't know how it
>>>> should
>>>>>> be
>>>>>>> worked.
>>>>>>> 
>>>>>>> can sombody tell me if it is possible to simulate vlans in freebsd
>> as
>>>>>> they
>>>>>>> are in a real switch? i mean can we have vlans without ip addresses
>>>>>>> which
>>>>>>> works fine? maybe some kind of vlan which works by MAc address. is
>> it
>>>>>>> possible?
>>>>>>> it's so necessary for me to do that:(
>>>>>>> 
>>>>>>> yours,
>>>>>>> motlagh
>>>>>>> _______________________________________________
>>>>>>> freebsd-net at freebsd.org mailing list
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>>>>>> To unsubscribe, send any mail to "
>> freebsd-net-unsubscribe at freebsd.org
>>>> "
>>>>>> 
>>>>> _______________________________________________
>>>>> freebsd-net at freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org
>> "
>>>>> 
>>>> 
>>> _______________________________________________
>>> freebsd-net at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list