On Tue, Dec 19, 2023 at 02:25:01PM +0100, Lars Bonnesen wrote: > That is exactly what I want. > > Ah, veb... although I cannot make it work. I see a lot of arp'ing not > getting any replies. So devices that working before tries to arp for the > gateway and not getting any replies.even though they are on the same layer2 > net: > > 12:28:54.101968 arp who-has 172.18.14.1 tell 172.18.14.201 > 12:28:54.573677 arp who-has 172.18.14.1 tell 172.18.14.101 > 12:28:55.101913 arp who-has 172.18.14.1 tell 172.18.14.201 > 12:28:55.597716 arp who-has 172.18.14.1 tell 172.18.14.101 > 12:28:56.101910 arp who-has 172.18.14.1 tell 172.18.14.201
Apologies, there was a missing detail on my suggestion: it is meant to completely bypass the router, which plays no part in that vlan's traffic (more details below, if needed). If you want the router/gateway to be connected to that VLAN, you need to create a vport interface and add it to the veb, as noted on veb's man page. Unecessary details: I get thee VLANs from my ISP on the same wire: internet, VoIP and IPIV. I need to manage the internet connection, but not the rest, so I used the veb to simply forward all traffic (DHCP, etc) on the VoIP VLAN directly to the VoIP phone. This means that the firewall/gateway plays no part in it, other than blindly forwarding at L2. I could to this simply putting the managed switch before the firewall, but the idea of having a managed switch directly connected to the internet, makes me itchy. > > > On Tue, Dec 19, 2023 at 10:09 AM Zé Loff <zel...@zeloff.org> wrote: > > > On Tue, Dec 19, 2023 at 09:33:18AM +0100, Lars Bonnesen wrote: > > > I have a physical switch with a number of VLANs and a NIC connected to a > > > wireless setup. I want to have those two separated except for one > > > particular VLAN that I want on the physical switch as well as on the APs. > > > > > > So I have vmx1 connected to the APs and vmx3 to the switch. > > > > > > Then some vlans that each has one of these as parents. > > > > > > But then for VLAN 860, I want both vmx1 and vmx3 as parent... Can't they > > > have joint custody? > > > > > > I could of course bridge vmx1 and vmx3 - but I only want vmx1 and vmx3 > > > bridged for vlan 860. Does it make sense? > > > > > > How to achieve this? Something similar to: > > > > > > > > > > > > > > > > > > > > > > > > > > > *vlan860: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu > > > 1500 lladdr 00:0c:29:e0:88:9c description: IoT index > > > 27 priority 0 llprio 3 encap: vnetid 860 parent vmx3 AND VMX1 > > txprio > > > packet rxprio outer groups: vlan media: Ethernet autoselect > > > (10GbaseT) status: active* > > > > > > ... which of coarse does not work. > > > > > > Regards, Lars. > > > > I'm not entirely sure if this is what you are asking, but I achieved > > something like this by > > > > - Creating one vlan interface on each physical interface *with the same > > vnetid, but with different names (obviously): > > - veb-ing the two vlan interfaces: > > > > I.e.: > > > > $ cat /etc/hostname.vlan1010 > > description "VoIP WAN" > > vnetid 101 parent re1 > > -inet6 > > up > > > > $ cat /etc/hostname.vlan1011 > > description "VoIP DMZ" > > vnetid 101 parent re2 > > -inet6 > > up > > > > $ cat /etc/hostname.veb1 > > add vlan1010 > > add vlan1011 > > up > > > > Hope this helps > > > > -- > > > > --
