Hi warper 2,
Quote Originally Posted by warper2 View Post
jmozdzen wrote:Hi Jens

Actually this is for my firewall I am running virtual so I will explain what
I am doing and this is a fully virtualized vm.

eth0 br1
eth3 br2

I need to add a vlan on eth4 to become br4 to only listen for traffic on
(sorry for the delayed response, times are busy right now...)

I assume those device/bridge names are from the host system and your hypervisor is Xen on SLES11(SPx), since you indicated "fully virtualized vm".

Still the picture is unclear - we'd need to know how your switch is passing the traffic to your host machine: If you have these three NICs each configured in the switch to be a member of the according VLAN, neither your host nor your guest needs to know anything about VLANs.

If your host NICs are using IEEE802.1q ("tagged VLANs") to communicate multiple VLANs to your host (I don't think so, but who knows ), you have a choice:

- create a bridge per VLAN inside the host, each connecting to the corresponding VLAN interface of the host
- connect the vNICs (those from the guest) to each bridge, so that the guest needs to know nothing about VLANs (traditional setup, especially for firewalls, where each "network" (i.e. VLAN) has its own, isolated physical interface)

or you can pass through the tagged traffic:

- create a bridge to the physical NIC on the host (thus giving you access to the tagged traffic)
- bridge a single vNIC (guest interface) to that bridge and use your firewall's mechanisms to access each VLAN

If you get each VLAN's traffic without any tagging from your switch (via those three NICs), your Dom0 sees nothing of VLANs - those are simply "networks"... create a new bridge like the two other ones (selecting the right physical NIC to bridge to, of course) and add a vNIC to your DomU, connecting that to the new bridge.

Please be (far) more specific in your description to receive a more detailed explanation of what to configure at what layer...

- what hypervisor are you running (probably Xen on SLES, since the distinction HVM/PVM usually applies to that scenario) and what version of the host OS?
- what OS is your firewall running - some dedicated system (since you're running an HVM) rather than a SLES-based setup?
- how's the connectivity between switch and host/Dom0 set up?
- which are the interfaces at Dom0 level, and are those 802.1q? (eth0, eth3, eth4)
- which are the interfaces at DomU level, do you need/want 802.1q there or prefer dedicated interfaces per VLAN?

And if the "simple scenario" applies, be a bit more verbose about the difficulties you are facing / the questions you have, because that looks like "simply do it as with the other two interfaces" to me and I'd need to know what steps you're fighting with.

Best regards,