On 2010.07.05 14:36, Nathan Vidican wrote: > On Mon, Jul 5, 2010 at 1:30 PM, Modulok <modu...@gmail.com> wrote: > >> It was a simplified diagram of what I thought I needed. ( Which may or >> may not be what I actually need! ) >> >> Basically, I want a port on the switch that I can plug un-trusted >> devices into. Systems wich are known to be just crawling with >> malicious software. I need to provide them with an Internet >> connection, but otherwise want them separated from everybody else. >> Think DMZ isolation, but they're not providing any 'external' >> services. I was wondering if this could be done with tagging and >> address aliases, instead of buying a third network card for the BSD >> machine. >> >> If that makes any sense.
> They key is that the switch must connect to the FreeBSD machine using TRUNK > not access mode. I am not that familiar with the HP procurve series but I'd > imagine it's not that dissimilar from others I've worked with: Unlike Cisco where you apply the tagging within interface config, HP requires you to apply tagging to an interface within the vlan config instead: vlan 10 untagged 29-44 tagged 47 ip address 208.70.104.2 255.255.255.248 exit vlan 11 untagged 1-6 tagged 47 ip address 208.70.107.2 255.255.255.248 exit 'tagged 47' is equivalent to Cisco's `trunk'. It `trunks' vlan 10 and 11 out via gi 47. The FBSD related config snips previously posted are what is needed on that end of things. Steve _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
