The OP’s hostname.vlan* files never specify a vnetid. I get an error trying to configure and bring up the second vlan interface the same way without vnetid specified. Regardless of my error, the ifconfig(8) man page says without vnetid specified, vlan tag 0 will be used. You need to specify two different vlan tags.
All of that aside: VLANs don’t give you any more security. If the client host is on the same physical network as your two VLANs, the only thing stopping them from jumping between VLANs would be physical devices (switches, etc.) configured to prevent that. From what I gathered, you don’t have this level of control. Therefore, you gain nothing by segmenting the networks with VLANs. -Brian > On Feb 5, 2020, at 11:58 AM, Christian Weisgerber <na...@mips.inka.de> wrote: > > On 2020-02-05, Janne Johansson <icepic...@gmail.com> wrote: > >>> # /etc/hostname.vlan101 >>> description 'WLAN attached untrusted hosts' >>> inet 192.168.156.0/24 255.255.255.0 vlandev run0 >> VLANs and wifi sounds like a non-starter. > > Yep, if you're building your access point with OpenBSD. > > More generally, though, any AP in the business segment has support > for multiple SSIDs that can be assigned to different VLANs on the > Ethernet side. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
