Hi I have config like this on an internal interface since 5 year back in time that together with my VLAN enabled Cisco and Zyxel switches route traffic around in my network. I run OpenBSD 6.0 AMD64 at the moment.
cat /etc/hostname.em0 —snip-- up ### VLAN !ifconfig vlan2 inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 vlan 2 vlandev $if description "IP on FW to the LAN" !ifconfig vlan3 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 vlan 3 vlandev $if description "IP on FW to the DMZ1" !ifconfig vlan4 inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 vlan 4 vlandev $if description "IP on FW to the DMZ2" !ifconfig vlan1003 inet 192.168.42.1 netmask 255.255.255.0 broadcast 192.168.42.255 vlan 1003 vlandev $if description "IP on FW to the GUEST" ### ROUTES etc #!route add 192.168.200.0/22 193.12.234.141 !route add 172.31.128.0/23 192.168.1.25 ### IPv6 !ifconfig vlan2 inet6 alias 2001:470:dc5d:1::1 prefixlen 64 !ifconfig vlan3 inet6 alias 2001:470:dc5d:2::1 prefixlen 64 !ifconfig vlan4 inet6 alias 2001:470:dc5d:3::1 prefixlen 64 —snip-- On the internet interface (em3) I have only an static IP. Today there is no VLAN here. Just a plain internet connection and no VLAN tags from the ISP. Now… The provider allows me to skip the media hub they supplied in favour for me taking care of the TV input myself. I have a mentally problem to take internet directly into my switch and separate the VLAN there which I know how to easily do. But one mistake in the conf and, well… So, in the near future the ISP will add a VLAN tag for TV in parallell to the untagged internet traffic coming in to em3. QUESTION: How would I continue with the config I have and expand it to take the tagged TV VLAN 845 they soon will add incoming to my em3 and bridge that VLAN tagged TV traffic out on let say em2. The docs aren't that clear to me. The TV traffic VLAN has no IP I can set. I just want to filter the TV VLAN out incoming on em3 and send it to em2. How would I add a VLAN interface to a parent em* interface and se no IP on it? After that I assume I can just create a bridge between that VLAN interface and em2. Or is this a bad idea? Thanks in advance. Peo -- GPG keyID: 9429C093 GPG fingerprint: 5F37 4298 A07F C614 647B 458C A756 5C4E 9429 C093
