Hi, I have a router running 7.8 with an interface (igc1) with several tagged VLANs: # cat /etc/hostname.igc1 up # cat /etc/hostname.vlan101 vnetid 101 parent igc1 inet 192.168.1.1 255.255.255.0 # cat /etc/hostname.vlan102 vnetid 102 parent igc1 inet 192.168.2.1 255.255.255.0
igc1 is connected to a switch with the rest of my internal network. This works as expected, filering in pf on vlan101, etc. Now I would like to connect a second switch to this router, expanding the network with the same VLANs to another room. Connecting to the first switch is not preferred due to the routing of the physical cabling. If I understand correctly, this can be done by hooking up the cable to igc2 and changing my configuration as follows: # cat /etc/hostname.igc1 up # cat /etc/hostname.igc2 up # cat /etc/hostname.vport0 up # cat /etc/hostname.veb0 add igc1 add igc2 add vport0 link0 up # cat /etc/hostname.vlan101 vnetid 101 parent vport0 inet 192.168.1.1 255.255.255.0 # cat /etc/hostname.vlan102 vnetid 102 parent vport0 inet 192.168.2.1 255.255.255.0 Or do I need multiple vport interfaces, one for each VLAN? In pf nothing changes, filtering on the VLAN interfaces. Correct? And after upgrading to 7.9 (with the new, VLAN aware veb), I understand that this can (or must?) be changed into this: # cat /etc/hostname.igc1 up # cat /etc/hostname.igc2 up # cat /etc/hostname.veb0 add igc1 -untagged igc1 +tagged igc1 101 +tagged igc1 102 add igc2 -untagged igc2 +tagged igc2 101 +tagged igc2 102 add vport0 untagged vport0 101 add vport1 untagged vport1 102 up # cat /etc/hostname.vport0 inet 192.168.1.1 255.255.255.0 # cat /etc/hostname.vport1 inet 192.168.2.1 255.255.255.0 and of course modifying pf.conf to use vport0 instead of vlan101 and vport1 instead of vlan102 Is this correct? Thanks in advance, Maurice
