Re: NETGRAPH- bridge vlans using netgraph help

Thu, 10 May 2018 09:32:47 -0700 

On 9/5/18 11:24 pm, Abdullah Tariq wrote:


    a picture would do wonders to understand what he wants.


 Apologies for being AWOL
 Attaching an image link: https://ibb.co/nt1s4S


Ok so, it looks like there i a problem in concepts.
FreeBSD doesn't really know about tags inside the machine..


It only has the ability to make a separate interface that multiplexes 
(on output)
and demultiplexes (on input) packets going onto a single link by 
assigning/creating

a virtual sub-interface for each active vlan on that real interface.


(well that's 100% true, but it doesn't use the tags for anything real 
internally.)



If you add the tag for a packet coming in and then remove it as it 
goes out, what

is the point in having it?
FreeBSD does not have a vlan switch internally.

That is not to say that we can not MAKE one,

but the whole aim of FreeBSD's vlan support is to allow it to send 
packets out that are

tagged for different vlans depending on which 'sub interface'

the packet was routed to, not to send unmarked packets internally 
routed via

some mythical internal vlan switch.

iface0.1]--------[iface0]------wire
                      /
iface0.2]----/

packets sent out via iface0.1 will appear on the wire with vlan1 headers

packates sent out through iface0.2 will appear on the wire with vlan2 
headers



Inside the system however the vlan headers have been stripped off. 
They DO still have some vlan

information tagged on them but it is not used generally.

I still don't fully understand the aim of the exercise.


Julian







On Tue, May 1, 2018 at 8:39 PM, Julian Elischer <jul...@freebsd.org 
<mailto:jul...@freebsd.org>> wrote:


    On 1/5/18 11:16 pm, Freddie Cash wrote:

    On Tue, May 1, 2018 at 6:08 AM, Julian Elischer
    <jul...@freebsd.org <mailto:jul...@freebsd.org>>wrote:

        On 1/5/18 2:08 am, Eugene Grosbein wrote:

            01.05.2018 1:03, Freddie Cash wrote:

                On Mon, Apr 30, 2018 at 10:59 AM, Eugene Grosbein
                <eu...@grosbein.net <mailto:eu...@grosbein.net>
                <mailto:eu...@grosbein.net
                <mailto:eu...@grosbein.net>>>wrote:

                     > What the OP is trying to do is have PC1 send
                untagged packets to igb0 on FreeBSD which is
                configured for tagged vlan 5.
                     > Then bridge the packets to igb1 which is
                also configured for tagged vlan 5.  Then send the
                packets out, untagged, to PC2.

                     Why would one want to "configure igb0 for
                tagged vlan 5" when igb0 supposed to receive
                untagged frames?
                     This does not make any sense. One should just
                bridge igb0 as is, without creation vlan on it and
                problem's solved.

                ​Yes, agree.  What the OP wants to do can't be
                done.  :)​

            Perhaps, you missed a message from him when he states
            that configuration style does no matter for him really.
            So, what he wants can be done, just using different style.


        a picture would do wonders to understand what he wants
        ​.


    ​A FreeBSD system with multiple NICs, with separate vlans
    internally to separate untagged traffic between PCs.​

    https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/
    <https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/>

    ​​https://forums.freebsd.org/attachments/capture-png.4744/
    <https://forums.freebsd.org/attachments/capture-png.4744/>

    
​https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/#lg=post-385584&slide=0
    
<https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/#lg=post-385584&slide=0>

    ​The "easy" solution is to just bridge together the interfaces
    you want to be part of the same "virtual lan", thus allowing
    traffic between those stations only.  Want PC1 and PC2 to be
    part of one vlan?  Then bridge together igb0 and igb1.  Want
    PC3, connected to igb2, and PC4, connected to igb3, to be part
    of a separate "virtual lan"?  Then create a separate bridge
    between igb2 and igb3. No vlan tags required anywhere.


    ok so does he want to have those vlans terminated at his box or
    just pass them through?
    and if they are untagged,  why is it being called a vlan?
    untagged vlan is what we call "ethernet".

    if it's untagged then only the internal state of the switches
    decides which "virtual network" it is on..





    But, the OP (in the forum thread and here) keeps getting hung
    up on "needing" vlan tags on the NICs, trying to treat the
    FreeBSD box like a switch with hybrid ports and PVIDs set on
    the ports.


    -- 
    Freddie Cash

    fjwc...@gmail.com <mailto:fjwc...@gmail.com>






_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
























					Reply via email to