Hi all, > Am 30.07.2025 um 22:42 schrieb Lexi Winter <i...@freebsd.org>: > > essentially, i would like to be in a situation where if you're doing > switching you use bridge, and if you're doing routing you use vlan(4), > and there's never a need for both on the same interface. (if you're > doing both switching and routing, you use vlan on top of the bridge, > as in this example.)
I do not quite understand - imagine you connect two access points with, say, two different SSIDs mapped to two VLANs to your FreeBSD based firewall, maybe "*sense". In that case a valid configuration would be: VLAN 1 on igb0: igb0.1 VLAN 2 on igb0: igb0.2 VLAN 1 on igb1: igb1.1 VLAN 2 on igb1: igb1.2 bridge1: igb0.1 igb1.1 bridge2: igb0.2 igb2.2 All layer 3 configuration, all packet filtering, etc. on the bridge interfaces. No native frames on either igb0 or igb1. That's how it was supposed to work and did perfectly well. One bridge interface per VLAN - what's wrong with that? Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein
