Solved Help with VLAN

[abishai]

Hello,

I'm experimenting with my first vlan configuration and it's not working. I want to remove 4-headed Intel network card to free slot and use just 1 port as uplink for 2 vlans. The another end is Cisco ASA 5505 and port5 is a victim for experiments.

Cisco:

interface Ethernet0/5
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.222 255.255.255.0

If I understand correctly, this means hardware port 5 is a trunk for packets tagged with vlan=1. If packet is not tagged at all, assign it to vlan=1
To test the latter, I set em0 directly: ifconfig em0 host 10.0.0.88/24 Everything works, I can ping cisco and cisco can ping me.
Now, settings for vlan: ifconfig em0.1 create vlan 1 vlandev em0 inet 10.0.0.89/24 And I have absolutely nothing. I found no clues, everything should work.

If I set em0 and em0.1 in the same time I can ping from cisco both IPs (not sure why)

 

[`Orum]

switchport trunk native vlan 1

This sets a native VLAN on the interface, i.e. one VLAN where outgoing traffic should be sent without tags. It's best practice to not use this VLAN to avoid security issues, accidental or intentional, with VLAN hopping.

Also I recommend doing most of your configuration on FreeBSD's side within /etc/rc.conf, which will save your configuration across reboots. If you make changes to it and want to set the current configuration to what's in that file without rebooting, you can always use service netif restart.

 

[abishai]

I've missed the obvious =/// ifconfig em0 up Handbook should mention it with h1 tag for newbies.

 

[connchri]

I've missed the obvious =/// ifconfig em0 up Handbook should mention it with h1 tag for newbies.

I had this very same headache about a weekago. They really should put it in the manual.