Source string Read only

(itstool) path: listitem/para
162/1620
Context English State
The line <literal>root id 00:01:02:4b:d4:50 priority 32768 ifcost 400000 port 4</literal> shows that the root bridge is <literal>00:01:02:4b:d4:50</literal> and has a path cost of <literal>400000</literal> from this bridge. The path to the root bridge is via <literal>port 4</literal> which is <filename>fxp0</filename>.
Bridge Interface Parameters
Several <command>ifconfig</command> parameters are unique to bridge interfaces. This section summarizes some common uses for these parameters. The complete list of available parameters is described in <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
private
A private interface does not forward any traffic to any other port that is also designated as a private interface. The traffic is blocked unconditionally so no Ethernet frames will be forwarded, including <acronym>ARP</acronym> packets. If traffic needs to be selectively blocked, a firewall should be used instead.
span
A span port transmits a copy of every Ethernet frame received by the bridge. The number of span ports configured on a bridge is unlimited, but if an interface is designated as a span port, it cannot also be used as a regular bridge port. This is most useful for snooping a bridged network passively on another host connected to one of the span ports of the bridge. For example, to send a copy of all frames out the interface named <filename>fxp4</filename>:
<prompt>#</prompt> <userinput>ifconfig bridge0 span fxp4</userinput>
sticky
If a bridge member interface is marked as sticky, dynamically learned address entries are treated as static entries in the forwarding cache. Sticky entries are never aged out of the cache or replaced, even if the address is seen on a different interface. This gives the benefit of static address entries without the need to pre-populate the forwarding table. Clients learned on a particular segment of the bridge cannot roam to another segment.
An example of using sticky addresses is to combine the bridge with <acronym>VLAN</acronym>s in order to isolate customer networks without wasting <acronym>IP</acronym> address space. Consider that <systemitem class="fqdomainname">CustomerA</systemitem> is on <literal>vlan100</literal>, <systemitem class="fqdomainname">CustomerB</systemitem> is on <literal>vlan101</literal>, and the bridge has the address <systemitem class="ipaddress">192.168.0.1</systemitem>:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput>
In this example, both clients see <systemitem class="ipaddress">192.168.0.1</systemitem> as their default gateway. Since the bridge cache is sticky, one host cannot spoof the <acronym>MAC</acronym> address of the other customer in order to intercept their traffic.
Any communication between the <acronym>VLAN</acronym>s can be blocked using a firewall or, as seen in this example, private interfaces:
<prompt>#</prompt> <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput>
The customers are completely isolated from each other and the full <systemitem class="netmask">/24</systemitem> address range can be allocated without subnetting.
The number of unique source <acronym>MAC</acronym> addresses behind an interface can be limited. Once the limit is reached, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed.
The following example sets the maximum number of Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10:
<prompt>#</prompt> <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput>
Bridge interfaces also support monitor mode, where the packets are discarded after <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> stream. This is useful for reconstructing the traffic for network taps that transmit the RX/TX signals out through two separate interfaces. For example, to read the input from four network interfaces as one stream:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
<prompt>#</prompt> <userinput>tcpdump -i bridge0</userinput>
<acronym>SNMP</acronym> Monitoring
The bridge interface and <acronym>STP</acronym> parameters can be monitored via <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> which is included in the FreeBSD base system. The exported bridge <acronym>MIB</acronym>s conform to <acronym>IETF</acronym> standards so any <acronym>SNMP</acronym> client or monitoring package can be used to retrieve the data.
To enable monitoring on the bridge, uncomment this line in <filename>/etc/snmpd.config</filename> by removing the beginning <literal>#</literal> symbol:
begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
Other configuration settings, such as community names and access lists, may need to be modified in this file. See <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>snmp_bridge</refentrytitle><manvolnum>3</manvolnum></citerefentry> for more information. Once these edits are saved, add this line to <filename>/etc/rc.conf</filename>:
bsnmpd_enable="YES"
Then, start <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
<prompt>#</prompt> <userinput>service bsnmpd start</userinput>
The following examples use the <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a bridge from a client system. The <package>net-mgmt/bsnmptools</package> port can also be used. From the <acronym>SNMP</acronym> client which is running <application>Net-SNMP</application>, add the following lines to <filename>$HOME/.snmp/snmp.conf</filename> in order to import the bridge <acronym>MIB</acronym> definitions:
mibdirs +/usr/share/snmp/mibs
mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: listitem/para
Flags
read-only
Source string location
book.translate.xml:65412
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10698