NETGRAPH- bridge vlans using netgraph help
Julian Elischer
julian at freebsd.org
Thu May 10 16:24:56 UTC 2018
On 9/5/18 11:24 pm, Abdullah Tariq wrote:
>
> a picture would do wonders to understand what he wants.
>
>
> Apologies for being AWOL
> Attaching an image link: https://ibb.co/nt1s4S
Ok so, it looks like there i a problem in concepts.
FreeBSD doesn't really know about tags inside the machine..
It only has the ability to make a separate interface that multiplexes
(on output)
and demultiplexes (on input) packets going onto a single link by
assigning/creating
a virtual sub-interface for each active vlan on that real interface.
(well that's 100% true, but it doesn't use the tags for anything real
internally.)
If you add the tag for a packet coming in and then remove it as it
goes out, what
is the point in having it?
FreeBSD does not have a vlan switch internally.
That is not to say that we can not MAKE one,
but the whole aim of FreeBSD's vlan support is to allow it to send
packets out that are
tagged for different vlans depending on which 'sub interface'
the packet was routed to, not to send unmarked packets internally
routed via
some mythical internal vlan switch.
iface0.1]--------[iface0]------wire
/
iface0.2]----/
packets sent out via iface0.1 will appear on the wire with vlan1 headers
packates sent out through iface0.2 will appear on the wire with vlan2
headers
Inside the system however the vlan headers have been stripped off.
They DO still have some vlan
information tagged on them but it is not used generally.
I still don't fully understand the aim of the exercise.
Julian
>
> On Tue, May 1, 2018 at 8:39 PM, Julian Elischer <julian at freebsd.org
> <mailto:julian at freebsd.org>> wrote:
>
> On 1/5/18 11:16 pm, Freddie Cash wrote:
>> On Tue, May 1, 2018 at 6:08 AM, Julian Elischer
>> <julian at freebsd.org <mailto:julian at freebsd.org>>wrote:
>>
>> On 1/5/18 2:08 am, Eugene Grosbein wrote:
>>
>> 01.05.2018 1:03, Freddie Cash wrote:
>>
>> On Mon, Apr 30, 2018 at 10:59 AM, Eugene Grosbein
>> <eugen at grosbein.net <mailto:eugen at grosbein.net>
>> <mailto:eugen at grosbein.net
>> <mailto:eugen at grosbein.net>>>wrote:
>>
>> > What the OP is trying to do is have PC1 send
>> untagged packets to igb0 on FreeBSD which is
>> configured for tagged vlan 5.
>> > Then bridge the packets to igb1 which is
>> also configured for tagged vlan 5. Then send the
>> packets out, untagged, to PC2.
>>
>> Why would one want to "configure igb0 for
>> tagged vlan 5" when igb0 supposed to receive
>> untagged frames?
>> This does not make any sense. One should just
>> bridge igb0 as is, without creation vlan on it and
>> problem's solved.
>>
>> Yes, agree. What the OP wants to do can't be
>> done. :)
>>
>> Perhaps, you missed a message from him when he states
>> that configuration style does no matter for him really.
>> So, what he wants can be done, just using different style.
>>
>>
>> a picture would do wonders to understand what he wants
>> .
>>
>>
>> A FreeBSD system with multiple NICs, with separate vlans
>> internally to separate untagged traffic between PCs.
>>
>> https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/
>> <https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/>
>>
>> https://forums.freebsd.org/attachments/capture-png.4744/
>> <https://forums.freebsd.org/attachments/capture-png.4744/>
>>
>> https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/#lg=post-385584&slide=0
>> <https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/#lg=post-385584&slide=0>
>>
>> The "easy" solution is to just bridge together the interfaces
>> you want to be part of the same "virtual lan", thus allowing
>> traffic between those stations only. Want PC1 and PC2 to be
>> part of one vlan? Then bridge together igb0 and igb1. Want
>> PC3, connected to igb2, and PC4, connected to igb3, to be part
>> of a separate "virtual lan"? Then create a separate bridge
>> between igb2 and igb3. No vlan tags required anywhere.
>
> ok so does he want to have those vlans terminated at his box or
> just pass them through?
> and if they are untagged, why is it being called a vlan?
> untagged vlan is what we call "ethernet".
>
> if it's untagged then only the internal state of the switches
> decides which "virtual network" it is on..
>
>
>
>>
>> But, the OP (in the forum thread and here) keeps getting hung
>> up on "needing" vlan tags on the NICs, trying to treat the
>> FreeBSD box like a switch with hybrid ports and PVIDs set on
>> the ports.
>>
>> --
>> Freddie Cash
>> fjwcash at gmail.com <mailto:fjwcash at gmail.com>
>
>
>
More information about the freebsd-net
mailing list