VLAN na FreeBSD

Tomas Podermanski tpoder at kn.vutbr.cz
Fri Aug 2 22:19:43 CEST 2002 

Dobry den,
    pro vytvoreni VLAN je nejdrive treba zkompilovat jadro s touto 
podporou. Je to volba v konfiguraku kernelu

pseudo-device vlan <pocet>

Po nabootovovani s novym kernelem uz bude ifconfig vypisovat nazvy 
zarizeni vlan0 az vlanx (dle poctu vlan pri kompilaci jadra).

Takto vytvoreny interfejs se treba sprahnout s fyzickym rozhranim. 
Slouzi k tomu prikaz

ifconfig vlan0 vlan <xx> vlandev <nazev rozhrani>

takze napriklad
ifconfig vlan0 vlan 1 vlandev xl1
ifconfig vlan1 vlan 8 vlandev xl1

pricemz xx je nutno nahradit cislem tagu dle 802.1Q

s rozhranim vlanx lze pak zachazet jako s beznym sitovym rozhranim. Ve 
Vasem pripade na nej tedy povesite IP adresy a vesele muzete nastavovat 
firevall.

POZOR: Vlan nefungujou se vsemi drivery a sitovymi kartami. Viz. 
poznamka v man vlan

   The NICs that support oversized frames are as follows:

           de(4)   requires defining BIG_PACKET in the
                   /usr/src/sys/pci/if_de.c source file and rebuilding the
                   kernel.  The hack works only for the 21041, 21140, and
                   21140A chips.

           fxp(4)  supports long frames for the vlan natively.

           sis(4)  supports long frames for the vlan natively.

           tl(4)   does support long frames.

           tx(4)   does support long frames.

           wx(4)   does support long frames.

           xl(4)   supports long frames only if the card is built on a newer
                   chip (Cyclone and above).


TP

P Sedo wrote:

>Dobry den.
>
>V predchadzajucom maile som trosku zmatkoval.
>Chcem sa opytat na toto:
>
>mam na 3com switchi nastavene 3 VLAN (dostal som tak 3 oddelene siete)
> kedze mam len 2 sietove karty a pripojenie do okolnych sieti je cez
>jednu z tych kariet, musel som nastavit tzv. VLAN 802.1Q tagging na to,
>aby som mohol zdielat jeden port v switchi pre vokajsiu a jednu vnutornu
>siet.
>
>   /-------\
>   |  xl0->|-> vn. siet c.1 (192.168.10.1)
>   |       |
>   |  xl1->|-> vn. siet c.2 (192.168.20.1)+ vonkajsia siet 
>   \-------/
>
>xl0 - porty 1-13
>xl1 - porty 13-24 + 25(ten na vonka)
>xl1 - port 26(vonka)
>
>ipf mam len tak aby to zatial chodilo:
>
>loopback vsetko
>xl0:
>pass in quick on xl0 from 192.168.10.0/24 to any
>block in on xl0 all
>pass out on xl0 all
>xl1:
>pass in quick on xl1 from any to <VONKAJSIA ADRESA XL1> 
>pass in quick on xl1 from 192.168.20.0/24 to 192.168.20.1/32
>block in on xl1 all
>pass out quick on xl1 from <VONKAJSIA ADRESA XL1> to <vonkajsia siet>
>pass out quick on xl1 from 192.168.20.1/32 to 192.168.20.0/24
>block out on xl1 all
>
>bezi mi tam squid pocuvajuci na tych dvoch vnutornych rozhraniach a 
>ipnat je:
>
>map xl1 192.168.20.0/24 -> 0/32
>map xl1 192.168.10.0/24 -> 0/32
>
>alias mam  na tej xl1 na vonkajsiu net adresu s 255.255.255.255
>
>Problem, je len v tom, ze na tu zdielanu VLAN 802.1Q siet si ani netuknem.
>
>Viete teraz prosim pomoct?
>
>Ako robi to LSD s VLAN? man vlan(4) ma bohvieako mudrym neurobilo.
>
>
>PeSe
>
>
>***************************
>PeSe
>***************************
>  
>

More information about the Users-l mailing list