On 07/07/17 15:35, Per-Olov Sjöholm wrote: > Hi > > I have config like this on an internal interface since 5 year back in time > that together with my VLAN enabled Cisco and Zyxel switches route traffic > around in my network. I run OpenBSD 6.0 AMD64 at the moment. > > cat /etc/hostname.em0 > —snip-- > up > ### VLAN > !ifconfig vlan2 inet 192.168.0.1 netmask 255.255.255.0 broadcast > 192.168.0.255 vlan 2 vlandev $if description "IP on FW to the LAN" > !ifconfig vlan3 inet 192.168.1.1 netmask 255.255.255.0 broadcast > 192.168.1.255 vlan 3 vlandev $if description "IP on FW to the DMZ1" > !ifconfig vlan4 inet 192.168.2.1 netmask 255.255.255.0 broadcast > 192.168.2.255 vlan 4 vlandev $if description "IP on FW to the DMZ2" > !ifconfig vlan1003 inet 192.168.42.1 netmask 255.255.255.0 broadcast > 192.168.42.255 vlan 1003 vlandev $if description "IP on FW to the GUEST" > ### ROUTES etc > #!route add 192.168.200.0/22 193.12.234.141 > !route add 172.31.128.0/23 192.168.1.25 > ### IPv6 > !ifconfig vlan2 inet6 alias 2001:470:dc5d:1::1 prefixlen 64 > !ifconfig vlan3 inet6 alias 2001:470:dc5d:2::1 prefixlen 64 > !ifconfig vlan4 inet6 alias 2001:470:dc5d:3::1 prefixlen 64 > —snip-- > > On the internet interface (em3) I have only an static IP. Today there is no > VLAN here. Just a plain internet connection and no VLAN tags from the ISP. > > > Now… > The provider allows me to skip the media hub they supplied in favour for me > taking care of the TV input myself. I have a mentally problem to take > internet directly into my switch and separate the VLAN there which I know > how to easily do. But one mistake in the conf and, well… > > So, in the near future the ISP will add a VLAN tag for TV in parallell to the > untagged internet traffic coming in to em3. > > > QUESTION: > How would I continue with the config I have and expand it to take the tagged > TV VLAN 845 they soon will add incoming to my em3 and bridge that VLAN tagged > TV traffic out on let say em2. The docs aren't that clear to me. The TV > traffic VLAN has no IP I can set. I just want to filter the TV VLAN out > incoming on em3 and send it to em2. How would I add a VLAN interface to a > parent em* interface and se no IP on it? After that I assume I can just > create a bridge between that VLAN interface and em2. Or is this a bad idea? > > > Thanks in advance.
First of all, fix your setup to create vlan interfaces the proper way, ie /etc/hostname.vlanX much more clean setup. Do you have a switch right now connected to em3 which can do 802.1Q tagging? If yes, then use that for switching. There is not point passing the TV traffic through the OBSD. If not then use your OBSD box. more details depend on the configuration from your provider. I mean if the TV should get an IP address and if it expects tagged/untagged traffic. G
