First lets clarify that the kernel has been recompiled to support Pf, Carp and ALTQ, by adding the following options in the config file for the kernel compile: device pf device pflog device pfsync device carp options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC I do not believe that those option have an impact on the problem, but just to be clear, I wanted to mention it. The following can be replicated on FreeBSD 8.2 and 7.2 Here is the problem. I have 2 cisco switches, both of them carrying 2 vlans: 10 and 50. Those 2 switches are connected to my FreeBSD firewall with a dot1q trunk port that carries those 2 vlans. One switch is connected to the bge0: interface and the other switch is connected to the xl0: interface. I want to filter the traffic using FreeBSD as a bridge firewall without mixing vlan 10 and 50, and be able to control the spanning tree priority. The configuration I used in /etc/rc.conf is as follow: cloned_interfaces="vlan100 vlan101 vlan500 vlan501 bridge0 bridge1" ifconfig_bridge0="fwddelay 12 \ maxage 16 \ priority 4096 \ addm vlan100 \ addm vlan101 \ stp vlan100 \ stp vlan101 \ -learn vlan100 \ -learn vlan101 \ up" ifconfig_bridge1="fwddelay 12 \ maxage 16 \ priority 45056 \ addm vlan500 \ addm vlan501 \ stp vlan500 \ stp vlan501 \ -learn vlan500 \ -learn vlan501 \ up" ifconfig_vlan100="vlan 10 vlandev bge0 up" ifconfig_vlan101="vlan 10 vlandev xl0 up" ifconfig_vlan500="vlan 50 vlandev bge0 up" ifconfig_vlan501="vlan 50 vlandev xl0 up" ifconfig_bge0="up" ifconfig_xl0="up" I tried to separate the traffic from vlan 10 and 50 on bridge 0 and 1 respectively by using intermediate vlans that are mapped to the trunk port. For vlan 10, I used vlan100 from interface bge0: and used vlan101 from xl0:. For vlan 50, I used vlan500 from interface bge0: and used vlan501 from xl0:. The traffic is separated properly between vlan 10 and 50, and using tcpdump on the bridges I could confirm that. The problem is that the bridge priority is not respected, even if using the command "ifconfig bridge0", shows that the right value is set for the priority. Using tcpdump on the bridge0 or bridge1, you can see stp traffic passing through through the bridge. Also, both bridges do not acquired a bridge id, it is left to 00:00:00:00:00:00. I also tried to create the bridge manually using shell commands, here is the result: ifconfig bridge0 create ifconfig bridge0 priority 4096 ifconfig bridge0 addm vlan100 ifconfig bridge0 addm vlam101 ==> bridge0: error setting interface capability on vlan100 ifconfig bridge0 stp vlan100 ==> ifconfig: unable to set bridge flags: invalid argunment ifconfig bridge0 -learn vlan100 ifconfig bridge0 -learn vlan101 ifconfig bridge0 fwddelay 12 ifconfig bridge0 maxage 16 As you can see, there were some errors .... Am I using the right technique to accomplish what I want? Thanks. Jean Aumont Fix: Do not know How-To-Repeat: Just used the configuration from the description
Responsible Changed From-To: freebsd-i386->freebsd-net reclassify.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped