On Jul 2, 2017 4:40 AM, "Hartmann, O." <ohartm...@walstatt.org> wrote:

Fiddling around with a self-brewn router/firewall based on 12-CURRENT
and ipfw, I run into problems when setting up a trunk port with
different VLANs and static routes.

The "router" has three NICs, igb0, igb1, igb2 (it is de facto an APU
2C4 from PCengines). igb0 is attached to an external VDSL2+ Modem and
not connected at the moment. igb2 is also not connected yet.

igb1 bears several VLANs: 2, 10, 100 (igb1.2, igb1.10 ...) and the
"native", untagged LAN (on igb1).


While it will sometimes work, I find that mixing tagged and untagged vlans
on a single interface leads to all kinds of silent failures and issues.

Just make vlan 1 tagged on that interface and the switch port. Then ignore
igb1 completely, and only use the igb1.X interfaces for everything.

To not use a routing daemon due to the small size of my network, I
desided to use static routes, in rc.conf I placed the following
variables:

static_routes="igb1.2 igb1.10"
route_igb1_2="-net 192.168.2.0/24 -interface igb1.2"
route_igb1_10="-net 192.168.10.0/24 -interface igb1.10"


You shouldn't need to add static routes as there routes will be added
automatically when you assign an IP/netmask to the interface.

Simplify things. Make everything tagged vlans, reduce your rc.conf to just
IP assignments to the sub interfaces, and see how things work. Build it up
from there.

Cheers,
Freddie
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to