On Sun, Feb 21, 2010 at 08:26:44PM +1000, David Gwynne wrote: > i hate to bring this up, but if you have cisco gear with dhcp snooping enabled > you can enforce this on the switch. That's probably also the only reasonable place to do it. Thankfully it's not only cisco that does that nowadays.
Still, for low intra-subnet traffic situations it'd be nice to be able to do the same with openbsd, one port per vlan, while bridging and filtering to achieve the same result. With the current MAC tagging capability it might work, but I haven't tested how ARP works in this case.
