Vlans using a trunk device

Sun, 08 Oct 2006 12:35:08 -0700 

While working with the trunk and vlan features of OpenBSD, I ran into
one thing that I do not understand.  In order to use a trunk device for
multiple vlan's, the trunk device must have an ip address assigned.

Let me illustrate my configuration (vlan ids do not match, but it's not
relavent, see ifconfig for exact info):

+--------+ +-----+  +-------+
| router | |modem|  |servers|
+--------+ +-----+  +-------+
 |||||      |        |||||
+-------+-----+-----+-----+
|       |vlan2|vlan3|vlan4|
| trunk |inet |lan  |dmz  |
+-------+-----+-----+-----+
 switch        |||||
          +------------+
          |workstations|
          +------------+

ifconfig reads like this:

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
gem0:
flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkdev trunk0
        media: Ethernet 100baseTX full-duplex
        status: active
        inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1
hme0:
flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkdev trunk0
        media: Ethernet 100baseTX full-duplex
        status: active
        inet6 fe80::a00:20ff:feca:7dc4%hme0 prefixlen 64 scopeid 0x2
hme1:
flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkdev trunk0
        media: Ethernet 100baseTX full-duplex
        status: active
        inet6 fe80::a00:20ff:feca:7dc5%hme1 prefixlen 64 scopeid 0x3
hme2:
flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkdev trunk0
        media: Ethernet 100baseTX full-duplex
        status: active
        inet6 fe80::a00:20ff:feca:7dc6%hme2 prefixlen 64 scopeid 0x4
hme3:
flags=8b63<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkdev trunk0
        media: Ethernet 100baseTX full-duplex
        status: active
        inet6 fe80::a00:20ff:feca:7dc7%hme3 prefixlen 64 scopeid 0x5
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536
trunk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:ba:04:b2:1d
        trunk: trunkproto roundrobin
                trunkport hme0 active
                trunkport hme1 active
                trunkport hme3 active
                trunkport hme2 active
                trunkport gem0 master,active
        groups: trunk
        media: Ethernet autoselect
        status: active
        inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
        inet6 fe80::203:baff:fe04:b21d%trunk0 prefixlen 64 scopeid 0xa
vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:ba:04:b2:1d
        vlan: 10 priority: 0 parent interface: trunk0
        groups: vlan
        inet6 fe80::203:baff:fe04:b21d%vlan10 prefixlen 64 scopeid 0xb
        inet 10.180.16.1 netmask 0xffffff00 broadcast 10.180.16.255
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:ba:04:b2:1d
        vlan: 2 priority: 0 parent interface: trunk0
        groups: vlan
        inet6 fe80::203:baff:fe04:b21d%vlan2 prefixlen 64 scopeid 0xc
        inet 10.107.208.1 netmask 0xffffff00 broadcast 10.107.208.255
vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:ba:04:b2:1d
        vlan: 3 priority: 0 parent interface: trunk0
        groups: vlan egress
        inet6 stripped%vlan3 prefixlen 64 scopeid 0xd
        inet x.x.x.x netmask 0xyyyyyyyy broadcast z.z.z.z
vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:ba:04:b2:1d
        vlan: 30 priority: 0 parent interface: trunk0
        groups: vlan
        inet6 fe80::203:baff:fe04:b21d%vlan30 prefixlen 64 scopeid 0xe
        inet 10.180.17.1 netmask 0xffffff00 broadcast 10.180.17.255

The switch is configured such that the ports for the nodes are untagged
and every vlan sends tagged packets to the trunk.

When the trunk interface does not have an ip address assigned, no
traffic moves through the vlans.  This is what I am not understanding.

I assigned 10.1.1.1 to the trunk interface since I am not using that
subnet.  How should I handle this subnet in my pf rules?  The route
tables show 10.1.1/24 as a routable subnet because it is assigned to the
trunk interface:

# route -n show
Routing tables
<scrubbed to not wrap and removed nodes>
Destination   Gateway   Flags Refs    Use   Mtu Interface
default       x.x.x.x   UGS      0 725698     - vlan3
10.1.1/24     link#10   UC       0      0     - trunk0
10.107.208/24 link#12   UC       0      0     - vlan2
10.180.16/24  link#11   UC       0      0     - vlan10
10.180.17/24  link#14   UC       0      0     - vlan30
x.x.x.x/y     link#13   UC       0      0     - vlan3
127/8         127.0.0.1 UGRS     0      0 33192 lo0
127.0.0.1     127.0.0.1 UH       0      0 33192 lo0
224/4         127.0.0.1 URS      0      0 33192 lo0


Also, anything that looks off in the config provided, please chime in.
Read some postings about changing mtu on vlan devices, but don't know
enough to know what to do.  I do know that vlan ids are 12-bit numbers,
so not sure if an mtu of 1503 is appropriate or not.

Thanks for any insight,
Axton Grams

Reply via email to