On Fri, Jun 07, 2024 at 03:04:54AM +0000, Martin wrote:
> Are you supposed to "bridge" the vlan with the physical interface?
No
> I have:
>
> $ cat /etc/hostname.em0
> up
>
> $ cat /etc/hostname.vlan101
> vnetid 101 parent em0
> inet autoconf
> up
OK
> In /etc/pf.conf I have replaced em0 with vlan101 for ext_if.
OK
> I get "No route to host" if I try to ping something, etc.
>
> But if add:
>
> $ cat /etc/hostname.bridge0
> add vlan101
> add em0
> up
>
> Then it works.
When not bridged, what does ifconfig em0 and ifconfig vlan101 say?
And when the bridge is up, what does ifconfig bridge0 say?
What type of upstream device is em0 connected to? Is it a simple modem,
(e.g. an ONT) or a router of some sort?
> Was the bridge part missed in the previous emails about how to use
> VLAN-tagging or am I missing something?
No, there is no need to bridge them. I gave you an example with veb
(layer 2) bridge, which is what I use to make a "passthrough" for a
specific VLAN, across two physical interfaces.
Going a bit deeper, to explain my questions above:
802.1Q VLANs are basically a tag that gets attached to a packet's
header. And it is perfectly possible for both types of packets to
coexist in the same "wire". Some of them might be tagged, some of them
might not.
When you create a VLAN interface with a physical interface as its parent
(like your vlan101 on em0) you are telling the kernel "pick up all
packets that arrive on this interface and that have this specific tag,
and bring them to me", for incoming traffic, and "take any packet I am
sending out of this interface and attach this VLAN tag to it".
Sidenote: this can be replicated many times, so you can have multiple
VLANs being handled by different interfaces, with different IPs on
different subnets, etc, all sharing the same wire, while being
segregated (hence the name "virtual LANs").
As I said above, tagged and untagged traffic can coexist, and all
untagged packets will still be routed through the physical interface
(em0).
Routers and some switches can add/remove tags from packets (e.g. you can
tell a switch to do something like "Get all vlan101 traffic from port 1,
strip the tag, and send it out on port 8, untagged. Also, get all
incoming untagged traffic from port 8, and tag it with vlan101", etc).
Try bringing both interfaces down, remove their IP addresses (ifconfig
em0 -inet), run:
tcpdump -ti em0 port \(66 or 67\)
on a terminal and then bring both interfaces up on a different terminal
and see what comes up.
As I said above, tagged and untagged traffic coexist on the physical
interface, so VLAN tagged traffic (i.e. packets that you will get on the
vlan101 interface) will show up in lines starting with
802.1Q vid 101 pri 1 ...
and untagged traffic (i.e. packets that will show up on em0) won't have
that.
*If* you are getting an IP on em0, then my guess is that one of two
things might be happening:
- there is a DHCP server upstream that is OK with getting untagged
traffic, and so your em0 is getting configured through it
- your upstream device is getting tagged traffic from your ISP,
stripping its tags and sending it to em0 untagged (and the other way
round, for your outgoing traffic).
--
