On Thursday 06 December 2007 13:31:38 Silver Salonen wrote: > On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: > > On Thursday 06 December 2007 12:20:18 Atrox wrote: > > > Well, as I understand, in my case, STP should be enabled mainly on > > > TAP-interfaces as it would eliminate the scenario where, for an > > > example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach > > > 192.168.2.1. Have I understood it correctly? > > > > It sounds like you want to isolate the ethernets, not bridge them. > > Bridging is not what you need, if I have understood correctly. > > > > You want to keep ARP and broadcasts to the relevant boxes, right? > > You have to use VLANs on your switch to achieve this, not bridging. > > Actually the final target is to connect all the 3 LANs over VPN, so that > they can browse eachother networks etc. When I did it, I could see > duplicate packets looping through all bridges, so I thought I'd bring in > STP. That's what it's for, right?
Not really, STP must be used/needed in a dynamic environment to eliminate loops. Your environment doesn't seem dynamic to me. You can create a loop-free topology like this: http://users.teledomenet.gr/nvass/topology.png 1) 10.0.0.0/24 is the shared network. 2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge. 3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge. 4) root-bridge bridges eth0, tap0 and tap1. If you want STP, which you shouldn't normally using this topology, increase root-bridge's priority manually, in order to win the elections and be the root bridge. Note that the external interfaces are not participating in the bridge. HTH, Nikos _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
