|
||||||||
To copy my answer to the list and to have it archived with usefull links: Some talk about why L2 pakets can't be filtered with L3 filters (like ipfw): http://groups.google.com/group/mailing.freebsd.questions/browse_frm/thread/79d023785ddc58ed http://www.freebsd.org/cgi/getmsg.cgi?fetch=45862+48717+/usr/local/www/db/text/2001/freebsd-stable/20010211.freebsd-stable http://www.monkey.org/freebsd/archive/freebsd-pf/200508/msg00064.html http://lists.freebsd.org/pipermail/freebsd-hackers/2005-August/013177.html Regards, Bostjan ----- Original Message ----- From: "Bostjan Hojkar" <bostjan dot hojkar at fov dot uni dash mb dot si> To: "Kyle Schultz" <Kyle dot Schultz at ColoState dot EDU> Sent: Friday, January 27, 2006 7:23 AM Subject: Re: [m0n0wall] Trouble with VLANs and Bridging > >> I am attempting to create a filtering bridge that sits >> between two switches that are connected with a tagged VLAN. However, the >> bridge stops working just by creating the VLAN on either interface, >> without even assigning the VLAN to any interface. >> >> Can anyone confirm for me that bridging does work over/with a VLAN? >> > You probably want layer 3 filtering (IP) - that's what m0n0wall can do - > but switch traffic via same VLAN is layer 2 (MAC). I don't think you'll be > getting anywhere with your kind of setup. > > You could do routing between VLANs with m0n0, but it was explained before > on this list as a bad design, since switches can do this faster. > > Regards, Bostjan > > |