Dear subscribers of the list,
the scenario requires packets for one of the tagged VLANs to be copied
in span mode, still tagged, to epair(4) interface for feeding IDS
inside, but at least one additional vlan(4) inside the jail is required
to provide network connectivity for the jail.
With a
Hello.
I want bridging VLANs on igb1. When i add vlan667 to bridge0 network down.
tcpdump -pni vlan200/tcpdump -pni vlan667 show only STP. What's wrong?
_ ___FreeBSD___
| | |200---
|
| Switch
On Sat, 21 May 2011, Doug Barton wrote:
On 05/21/2011 01:58, Matthew Bowman wrote:
I have an uplink to my ISP on a 2 IP /30 network (1.1.1.0/30 in the
diagram)
No help for your actual problem, sorry. I just wanted to point out that 1/8
has been assigned by IANA to APNIC, so it
I'm drafting a plan for a N+1 redundant network and I have hit a dead end. I
have two Soekris NET5501 boards that I wish to deploy FreeBSD (NanoBSD) on and
I'm trying to make sure I can setup everything before I move ahead.
Here's my network design:
On 05/21/2011 01:58, Matthew Bowman wrote:
I have an uplink to my ISP on a 2 IP /30 network (1.1.1.0/30 in the diagram)
No help for your actual problem, sorry. I just wanted to point out that
1/8 has been assigned by IANA to APNIC, so it should not be used as a
substitute for RFC 1918 space.
There is a also the caveat: The switch will probably _not_ forward the STP
BPDU's from one port to another.
You were correct -- my initial testing confirmed this. Would the same issue
arise if I employed a gateway IP on the /bridge/ instead, and used CARP as a
failover mechanism? The firewall
On Feb 22, 2011, at 1:20 PM, kevin wrote:
There is a also the caveat: The switch will probably _not_ forward the STP
BPDU's from one port to another.
You were correct -- my initial testing confirmed this. Would the same issue
arise if I employed a gateway IP on the /bridge/ instead, and
On 2/19/2011 7:32 PM, Tom Judge wrote:
In this setup it does not matter where the root bridge is, each of the
firewalls will always have on port in disguarding state as both ports
lead back to the same peer bridge. With states such as:
fw 1 - 1: forwarding
fw 2 - 1: forwarding
fw 1 - 2:
On 2/18/2011 7:49 PM, kevin wrote:
My current testing has shown little promise -- both firewalls will go up,
traffic will only go to the first firewall. If I reboot that first firewall,
no traffic will flow to the second bridging firewall. Note that all IPs on
my network (inside and out) are
On 2/19/2011 4:13 PM, kevin wrote:
Could you send your ifconfig bridge output from both firewalls?
If STP is turned off on the four switch ports that the firewalls are
patched, one of the two firewalls must be root of the spanning tree.
I believe if you don't specify 'stp' in the rc.conf
On 2/19/2011 4:52 PM, Nikos Vassiliadis wrote:
I believe if you don't specify 'stp' in the rc.conf ifconfig statement,
freebsd by default sets the bridge as 'rstp' :
Yes, that's correct.
note to self
It helps sometimes when you read the actual message before trying to
answer:)
/note to
No, you have to specify stp there. The default STP mode is RSTP.
If you don't specify stp, you'll get a dumb ethernet bridge.
Thanks very much for clarification. This helps me immensely. My room for
testing is limited so this will help me take the right steps necessary.
One quick last question :
One other thing :
id 00:17:d6:a9:31:e7 priority 16384 hellotime 2 fwddelay 15
And :
root id 00:12:cf:69:e9:ea priority 16384 ifcost 0 port 0
I was under the impression the priority for the root bridge should be a
lower number ? Would you be able to post your rc.conf bridge entries for
each
On 2/19/2011 6:11 PM, kevin wrote:
One other thing :
id 00:17:d6:a9:31:e7 priority 16384 hellotime 2 fwddelay 15
And :
root id 00:12:cf:69:e9:ea priority 16384 ifcost 0 port 0
I was under the impression the priority for the root bridge should be a
lower number ?
The priority is
On 2/19/2011 6:07 PM, kevin wrote:
One quick last question : would you recommend pfsync in this scenario,
between bridges? I've been hearing a lot of issues with pfsync but I'm not
sure what behavior to expect in a bridging scenario such as this one.
Can't really comment about pfsync as i have
On 19/02/2011 11:07, kevin wrote:
No, you have to specify stp there. The default STP mode is RSTP.
If you don't specify stp, you'll get a dumb ethernet bridge.
Thanks very much for clarification. This helps me immensely. My room for
testing is limited so this will help me take the right steps
There is a also the caveat: The switch will probably _not_ forward the STP
BPDU's from one port to another. This is because if the switch is a properly
compliant bridge it will not forwards the frames as they are marked as link
local ethernet multicast frame which is not allowed to forwarded by a
Hello,
I have a fairly straightforward network in a collocated facility. I have a
FreeBSD PF Bridging firewall (2 interfaces bridged, 1 interface for access).
The FreeBSD 8.0-RELEASE firewall provides inbound filtering through a Dell
PowerConnect 5448 switch, divided into two vlans.
My network
Would you bother reading cisco tech documentation regarding 802.1x?
http://cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008022995b.html
It states you can configure guest vlan for non-authentified users; you
can also temporarily disable infected users'
On Wednesday 29 September 2004 04:50, dima wrote:
Would you bother reading cisco tech documentation regarding 802.1x?
I have. Would you bother dropping invalid assumptions?
http://cisco.com/en/US/products/hw/switches/ps628/products_configuration_gu
ide_chapter09186a008022995b.html It states
Hi all,
I'm interested in placing an FBSD box (prefer 4.x since it's production,
though I've also used 5.2) inline on a link with 802.1Q-tagged vlans with
firewalling and selective HTTP redirects. Bridging a couple of ethernets
isn't a problem, and it appears I can enable ipf or ipfw (but not
On Sun, Jun 16, 2002 at 07:14:14PM +1000, [EMAIL PROTECTED] wrote:
Hello,
I have been working with Netgrpah in bridging vlans using the vtun
package. I recently tried to extend this to bridging vlans but found that
native (not netgraph) bridging in 4.6 works with vlans too
On Sun, Jun 16, 2002 at 04:53:12PM +0300, Mihail Balikov wrote:
for freebsd 4.4 I have wrote small patch to allow promisc mode on vlan
interfaces and bridgiing of vlan interfaces. If you are interested I will
renew it for 4.6.
If you want to see it included in the system, please create a
23 matches
Mail list logo
