Brian,
I'm going to set vnetid 100 to tag VLAN and connect physical em0 to L3
switch "uplink" port (port 10 in my case) with "Tagged" mark.
# /etc/hostname.vlan100
description 'Untrusted'
inet 192.168.155.1 255.255.255.240 192.168.155.15 lladdr
32:f6:02:c4:1A:88 vlandev em0 vnetid 100
Ports 1-3
Thank you for all the replies.
Christian right, I didn't familiar with VLANs before my conceptual
question about IoT isolation, so I have no knowledge how do VLANs work
before his answer.
Thanks to documentation, articles, and vlan(4), in OpenBSD for any of
physical Ethernet device can be
The OP’s hostname.vlan* files never specify a vnetid. I get an error trying
to configure and bring up the second vlan interface the same way without vnetid
specified. Regardless of my error, the ifconfig(8) man page says without
vnetid specified, vlan tag 0 will be used. You need to specify
On 2020-02-05, Janne Johansson wrote:
>> # /etc/hostname.vlan101
>> description 'WLAN attached untrusted hosts'
>> inet 192.168.156.0/24 255.255.255.0 vlandev run0
>
> VLANs and wifi sounds like a non-starter.
Yep, if you're building your access point with OpenBSD.
More generally, though, any
Den ons 5 feb. 2020 kl 13:07 skrev Denis :
> I've made two VLANs to automatically assign random IPs from a pool by
> dhcpd:
>
[...]
> # /etc/hostname.vlan101
> description 'WLAN attached untrusted hosts'
> inet 192.168.156.0/24 255.255.255.0 vlandev run0
>
VLANs and wifi sounds like a
Denis, I suspect the fundamental problem is that you don't understand
what VLANs are. There should be a lot of articles about this topic
on the net; maybe somebody here can recommend a good one.
--
Christian "naddy" Weisgerber na...@mips.inka.de
Hi Christian,
I've made two VLANs to automatically assign random IPs from a pool by dhcpd:
# /etc/hostname.vlan100
description 'LAN attached untrusted hosts'
inet 192.168.155.0/24 255.255.255.0 vlandev em0
# /etc/hostname.vlan101
description 'WLAN attached untrusted hosts'
inet 192.168.156.0/24
On 2020-02-03, Denis wrote:
> Some hosts should be limited in internet access and/or local access or
> simply be restricted in some way because they are untrusted.
>
> I'm looking for a possibility to isolate untrusted inside LAN using any
> approach applicable. How do people isolate undesirable
Some hosts should be limited in internet access and/or local access or
simply be restricted in some way because they are untrusted.
I'm looking for a possibility to isolate untrusted inside LAN using any
approach applicable. How do people isolate undesirable hosts in their
networks?
Cheers!
9 matches
Mail list logo