jmozdzen wrote:

>
> Hi warper 2,
> warper2;23468 Wrote:
>> jmozdzen wrote:Hi Jens
>>
>> Actually this is for my firewall I am running virtual so I will explain
>> what
>> I am doing and this is a fully virtualized vm.
>>
>> eth0 br1
>> eth3 br2
>>
>> I need to add a vlan on eth4 to become br4 to only listen for traffic on
>> vlan11.

>
> (sorry for the delayed response, times are busy right now...)
>
> I assume those device/bridge names are from the host system and your
> hypervisor is Xen on SLES11(SPx), since you indicated "fully virtualized
> vm".
>
> Still the picture is unclear - we'd need to know how your switch is
> passing the traffic to your host machine: If you have these three NICs
> each configured in the switch to be a member of the according VLAN,
> neither your host nor your guest needs to know anything about VLANs.
>
> If your host NICs are using IEEE802.1q ("tagged VLANs") to communicate
> multiple VLANs to your host (I don't think so, but who knows ), you
> have a choice:
>
> - create a bridge per VLAN inside the host, each connecting to the
> corresponding VLAN interface of the host
> - connect the vNICs (those from the guest) to each bridge, so that the
> guest needs to know nothing about VLANs (traditional setup, especially
> for firewalls, where each "network" (i.e. VLAN) has its own, isolated
> physical interface)
>
> or you can pass through the tagged traffic:
>
> - create a bridge to the physical NIC on the host (thus giving you
> access to the tagged traffic)
> - bridge a single vNIC (guest interface) to that bridge and use your
> firewall's mechanisms to access each VLAN
>
> If you get each VLAN's traffic without any tagging from your switch (via
> those three NICs), your Dom0 sees nothing of VLANs - those are simply
> "networks"... create a new bridge like the two other ones (selecting the
> right physical NIC to bridge to, of course) and add a vNIC to your DomU,
> connecting that to the new bridge.
>
> Please be (far) more specific in your description to receive a more
> detailed explanation of what to configure at what layer...
>
> - what hypervisor are you running (probably Xen on SLES, since the
> distinction HVM/PVM usually applies to that scenario) and what version
> of the host OS?
> - what OS is your firewall running - some dedicated system (since you're
> running an HVM) rather than a SLES-based setup?
> - how's the connectivity between switch and host/Dom0 set up?
> - which are the interfaces at Dom0 level, and are those 802.1q? (eth0,
> eth3, eth4)
> - which are the interfaces at DomU level, do you need/want 802.1q there
> or prefer dedicated interfaces per VLAN?
>
> And if the "simple scenario" applies, be a bit more verbose about the
> difficulties you are facing / the questions you have, because that looks
> like "simply do it as with the other two interfaces" to me and I'd need
> to know what steps you're fighting with.
>
> Best regards,
> Jens
>
>


Thanks Jens, I already got it working. It worked best with the host nic just
connected as a nic and no vlan. Than set the vlan on the vm and all was
good.