Transparent Bridge VLAN

[jrt03]

Although I've had a bit of experience playing with FreeBSD transparent bridge implementations, I have not yet used them in a VLAN tagged environment. I'm trying to implement a simple transparent bridged firewall (two interfaces, both bridge0 members, IP assigned to bridge0) in a VLAN environment. So far, I've got all of my network analysis tools accommodate for the VLAN tags and working appropriately.

How can I tell the bridge interface that it resides on a specific vlan so that I can enable remote access to it. Note that it's not doing any routing, but simply forwarding ethernet frames. I only need to assign the bridge interface to a vlan for ssh access. Is this possible with the way I have the bridge interface functioning?

 

[SirDice]

Do you want to bridge the VLAN interfaces, not the 'physical' interfaces?

Or does the bridge interface address need to be in a specific VLAN?

 

[jrt03]

This where my VLAN inexperience shows. The bridge interface, which is being used as the management interface, should be able to reside in a specific VLAN without affecting the various VLAN tagged traffic running through it for networks downstream.

 

[SirDice]

I've never tried this but in theory it should be something like this:

# ifconfig vlan0 create
# ifconfig vlan0 vlan 100 vlandev bridge0 192.168.1.23/24

Or everything in /etc/rc.conf:

cloned_interfaces="bridge0 vlan0"
ifconfig_bridge0="addm re0 addm re1 up"
ifconfig_vlan0="vlan 100 vlandev bridge0 192.168.1.23/24"
ifconfig_re0="up"
ifconfig_re1="up"

Note that the IP address isn't on bridge0 anymore but on vlan0 (the vlan interface).