Re: IP unnumbered VLANs
From: Sten Daniel Sørsdal (lists_at_wm-access.no)
Date: 04/22/05
- Previous message: Urbán Csaba: "IP unnumbered VLANs"
- In reply to: Urbán Csaba: "IP unnumbered VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 22 Apr 2005 18:15:04 +0200 To: Urbán Csaba <ucsaba@freemail.hu>
>
> Did anybody try something like this - with success, of course :)
>
Yes, had success with FreeBSD 4.x, OpenBSD and RouterOS (Linux).
What you need to emphasize is a good bridge as routing gateway that has
very good Layer2 filtering capabilities to filter traffic between vlans
but still bridge them all together into one bridge (so they cant access
each other and not be able to spoof etc).
One of your imidiate weaknesses will be if two users have the same mac
address, therefore i suggest a 802.1D compliant bridge (so no single
customer can deny another customers service by using same mac address
but instead this results in duplication of packets).
Also one customer can steal another customers address by sending
creative arp packets to the gateway, you might want to strengthen that
with some custom code, unless it's already done.
Also if they want to communicate with eachother i suggest you write a
proxy arp app instead of letting them talk to eachother on L2.
-- Sten Daniel Sørsdal _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Urbán Csaba: "IP unnumbered VLANs"
- In reply to: Urbán Csaba: "IP unnumbered VLANs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
