Here is a working configuration for one of our switches running OpenBSD 3.2 with 4 vlans on Cisco devices:
! config-register 0xF version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ***_*** ! enable secret 5 ************************** ! ip subnet-zero ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! interface FastEthernet0/1 switchport access vlan 3 switchport protected spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 4 switchport protected spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 5 switchport protected spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 11 switchport protected spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 12 switchport protected spanning-tree portfast ! interface FastEthernet0/6 switchport protected spanning-tree portfast ! interface FastEthernet0/7 switchport protected spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/9 switchport protected spanning-tree portfast ! interface FastEthernet0/10 switchport protected spanning-tree portfast ! interface FastEthernet0/11 switchport protected spanning-tree portfast ! interface FastEthernet0/12 switchport protected spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/14 switchport protected spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 150 spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 150 switchport protected spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 150 spanning-tree portfast ! interface FastEthernet0/19 switchport mode trunk switchport protected spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 150 ! interface FastEthernet0/21 switchport access vlan 150 ! interface FastEthernet0/22 switchport access vlan 150 ! interface FastEthernet0/23 switchport access vlan 150 speed 100 duplex full spanning-tree portfast ! interface FastEthernet0/24 switchport mode trunk speed 100 duplex full spanning-tree portfast ! interface Vlan1 ip address 10.***.***.*** 255.255.255.192 no ip route-cache ! ip default-gateway 10.***.***.*** ip http server snmp-server community ******* RW ! line con 0 line vty 0 4 password ***** login line vty 5 15 password ***** login Regards, Mike Lockhart =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mike Lockhart [Systems Engineering & Operations] StayOnline, Inc http://www.stayonline.net/ mailto: [EMAIL PROTECTED] GPG: 8714 6F73 3FC8 E0A4 0663 3AFF 9F5C 888D 0767 1550 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of michel bidard Sent: Friday, December 08, 2006 9:26 AM To: misc@openbsd.org Subject: OpenBSD - Vlans - CISCO Hi, I have connected my OpenBSD box to a CISCO switch model 2924. I decided to setup vlans and I did the configuration on the CISCO. There is one port where all the trafic goes on the CISCO switch. This is what I did on the firewall: # ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0 # ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0 # ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0 # ... All the configs on the CISCO device have been done. All the hosts on the vlan 2 are able to ping each other and to surf. However, the remaining vlans aren't working. I have tried to ping the ip's of the vlans but that doesn't work. I've created an alias on the interface for a specific vlan but that doesn't work either. I have the same rules in /etc/pf.conf for all the vlans. Is there something I'm missing? The vlans have been done using 802.1q. Thanks, Mik
