-- GPG keyID: 9429C093 GPG fingerprint: 5F37 4298 A07F C614 647B 458C A756 5C4E 9429 C093
> On 7 Jul 2017, at 16:07, Kapetanakis Giannis <[email protected]> > wrote: > > On 07/07/17 15:35, Per-Olov Sjöholm wrote: >> Hi >> >> I have config like this on an internal interface since 5 year back in time >> that together with my VLAN enabled Cisco and Zyxel switches route traffic >> around in my network. I run OpenBSD 6.0 AMD64 at the moment. >> >> cat /etc/hostname.em0 >> —snip-- >> up >> ### VLAN >> !ifconfig vlan2 inet 192.168.0.1 netmask 255.255.255.0 broadcast >> 192.168.0.255 vlan 2 vlandev $if description "IP on FW to the LAN" >> !ifconfig vlan3 inet 192.168.1.1 netmask 255.255.255.0 broadcast >> 192.168.1.255 vlan 3 vlandev $if description "IP on FW to the DMZ1" >> !ifconfig vlan4 inet 192.168.2.1 netmask 255.255.255.0 broadcast >> 192.168.2.255 vlan 4 vlandev $if description "IP on FW to the DMZ2" >> !ifconfig vlan1003 inet 192.168.42.1 netmask 255.255.255.0 broadcast >> 192.168.42.255 vlan 1003 vlandev $if description "IP on FW to the GUEST" >> ### ROUTES etc >> #!route add 192.168.200.0/22 193.12.234.141 >> !route add 172.31.128.0/23 192.168.1.25 >> ### IPv6 >> !ifconfig vlan2 inet6 alias 2001:470:dc5d:1::1 prefixlen 64 >> !ifconfig vlan3 inet6 alias 2001:470:dc5d:2::1 prefixlen 64 >> !ifconfig vlan4 inet6 alias 2001:470:dc5d:3::1 prefixlen 64 >> —snip-- >> >> On the internet interface (em3) I have only an static IP. Today there is no >> VLAN here. Just a plain internet connection and no VLAN tags from the ISP. >> >> >> Now… >> The provider allows me to skip the media hub they supplied in favour for me >> taking care of the TV input myself. I have a mentally problem to take >> internet directly into my switch and separate the VLAN there which I know >> how to easily do. But one mistake in the conf and, well… >> >> So, in the near future the ISP will add a VLAN tag for TV in parallell to >> the untagged internet traffic coming in to em3. >> >> >> QUESTION: >> How would I continue with the config I have and expand it to take the tagged >> TV VLAN 845 they soon will add incoming to my em3 and bridge that VLAN >> tagged TV traffic out on let say em2. The docs aren't that clear to me. The >> TV traffic VLAN has no IP I can set. I just want to filter the TV VLAN out >> incoming on em3 and send it to em2. How would I add a VLAN interface to a >> parent em* interface and se no IP on it? After that I assume I can just >> create a bridge between that VLAN interface and em2. Or is this a bad idea? >> >> >> Thanks in advance. > > First of all, fix your setup to create vlan interfaces the proper way, ie > /etc/hostname.vlanX > much more clean setup. > > Do you have a switch right now connected to em3 which can do 802.1Q tagging? > If yes, then use that for switching. There is not point passing the TV > traffic through the OBSD. > > If not then use your OBSD box. > > more details depend on the configuration from your provider. > I mean if the TV should get an IP address and if it expects tagged/untagged > traffic. > > G > I like my setup with the interfaces better and think it’s clearer as all data depending on the parent interface is in correct parent hostname.if file. I had it like you say before and did not like it due to the fact I had 17 hostname.if files. 17 hostname.if:s files is not clean. Now I have 4 and edit and overview is much better. And in the same file you can use “$if” as a variable. But I guess different people have different preferences... But that was not the question here. I have no switch connected to internet interface em3 and don’t want to unless there is a very good reason for it (I have a 24 port I can allocate ports in and several smaller ones not used on the shelf). All my switches are VLAN capable. The TV traffic cannot be routable by me (no IP on OpenBSD interface). The TV traffic must go directly to the TV box. I.e trough a switch or maybe through a vlan interface in OpenBSD that is bridged or so. Coul something like this work (have not done any config yet except writing here)? ## OLD internet interface - hostname.em3 inet 112.112.112.2 255.255.255.128 112.112.112.127 description "INTERNET UPLINK" ## NEW Modified internet interface with TV VLAN - hostname.em3 inet 112.112.112.2 255.255.255.128 112.112.112.127 description "INTERNET UPLINK" !ifconfig vlan845 vlan 845 vlandev $if description "TV from provider" ## NEW bridge - hostname.bridge0 add vland845 add em2 Will it work at all if I just want the tagged traffic coming in on em3 to go to em2? Any side effects? Will a bridge eat more CPU as the fw is a Celeron(R) CPU N2930 @ 1.83GHz and I have 1/1 Gbit internet ? Thanks in advance Peo
