Three minute guide to set up VLAN on OpenBSD
If you live under the rock, go check out OpenBSD. It’s pretty nice. I have been running OpenBSD on my servers for about five years and I absolutely love it. Simplicity, robust, secure and minimal - you name it; It’s all there. If you got an old intel 386 or an RaspberryPI, it will be sufficient to run the humble OpenBSD.
Now onto how I VLAN my OpenBSD guest.
vio0 NIC is based on a QEMU’ed guest on the usual VIO(4) driver.
Get these files up:
$> cat /etc/hostname.vio0 up $> cat /etc/hostname.vlan8 inet 10.2.1.61 255.255.255.0 NONE vlan 8 vlandev vio0 up
Then restart the network (or simply reboot)
$> sh /etc/netstart
Then after the
ifconfig should look like this:
$> ifconfig # removed listing of other interfaces for brevity vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr ab:cd:ef:ab:cd:ef index 1 priority 0 llprio 3 media: Ethernet autoselect status: active vlan8: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr ab:cd:ef:ab:cd:ef index 4 priority 0 llprio 3 encap: vnetid 8 parent vio0 txprio packet rxprio outer groups: vlan egress media: Ethernet autoselect status: active inet 10.2.1.61 netmask 0xffffff00 broadcast 10.2.1.255
Watch out for
broadcast in the above listing.
NB: Please note that the interfaces that sit between the packet path should all have equal MTUs (e.g. in the above listing, the MTU is 1500). Any switches that sit in between should also support
802.1q protocol so the VLAN’ed packets can be tagged accordingly. Thanks to martian67 for this.
PSA (Public Service Announcement)
If you run a network with IoT (Internet Of shit Things), consider putting them in a filtered VLAN that can only communicate within the LAN and not to the internet. This is because a lot of these IoT (Internet Of shit Things) call home and could potentially ex-filtrate private informations