Source string Read only

(itstool) path: sect2/programlisting
19/190
Context English State
<prompt>#</prompt> <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
<prompt>#</prompt> <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput>
In this example, both clients see <systemitem class="ipaddress">192.168.0.1</systemitem> as their default gateway. Since the bridge cache is sticky, one host cannot spoof the <acronym>MAC</acronym> address of the other customer in order to intercept their traffic.
Any communication between the <acronym>VLAN</acronym>s can be blocked using a firewall or, as seen in this example, private interfaces:
<prompt>#</prompt> <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput>
The customers are completely isolated from each other and the full <systemitem class="netmask">/24</systemitem> address range can be allocated without subnetting.
The number of unique source <acronym>MAC</acronym> addresses behind an interface can be limited. Once the limit is reached, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed.
The following example sets the maximum number of Ethernet devices for <systemitem class="fqdomainname">CustomerA</systemitem> on <literal>vlan100</literal> to 10:
<prompt>#</prompt> <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput>
Bridge interfaces also support monitor mode, where the packets are discarded after <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> stream. This is useful for reconstructing the traffic for network taps that transmit the RX/TX signals out through two separate interfaces. For example, to read the input from four network interfaces as one stream:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
<prompt>#</prompt> <userinput>tcpdump -i bridge0</userinput>
<acronym>SNMP</acronym> Monitoring
The bridge interface and <acronym>STP</acronym> parameters can be monitored via <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> which is included in the FreeBSD base system. The exported bridge <acronym>MIB</acronym>s conform to <acronym>IETF</acronym> standards so any <acronym>SNMP</acronym> client or monitoring package can be used to retrieve the data.
To enable monitoring on the bridge, uncomment this line in <filename>/etc/snmpd.config</filename> by removing the beginning <literal>#</literal> symbol:
begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
Other configuration settings, such as community names and access lists, may need to be modified in this file. See <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>snmp_bridge</refentrytitle><manvolnum>3</manvolnum></citerefentry> for more information. Once these edits are saved, add this line to <filename>/etc/rc.conf</filename>:
bsnmpd_enable="YES"
Then, start <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
<prompt>#</prompt> <userinput>service bsnmpd start</userinput>
The following examples use the <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a bridge from a client system. The <package>net-mgmt/bsnmptools</package> port can also be used. From the <acronym>SNMP</acronym> client which is running <application>Net-SNMP</application>, add the following lines to <filename>$HOME/.snmp/snmp.conf</filename> in order to import the bridge <acronym>MIB</acronym> definitions:
mibdirs +/usr/share/snmp/mibs
mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB
To monitor a single bridge using the IETF BRIDGE-MIB (RFC4188):
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports
BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds
BRIDGE-MIB::dot1dStpTopChanges.0 = Counter32: 2
BRIDGE-MIB::dot1dStpDesignatedRoot.0 = Hex-STRING: 80 00 00 01 02 4B D4 50
...
BRIDGE-MIB::dot1dStpPortState.3 = INTEGER: forwarding(5)
BRIDGE-MIB::dot1dStpPortEnable.3 = INTEGER: enabled(1)
BRIDGE-MIB::dot1dStpPortPathCost.3 = INTEGER: 200000
BRIDGE-MIB::dot1dStpPortDesignatedRoot.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedCost.3 = INTEGER: 0
BRIDGE-MIB::dot1dStpPortDesignatedBridge.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedPort.3 = Hex-STRING: 03 80
BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)
The <literal>dot1dStpTopChanges.0</literal> value is two, indicating that the <acronym>STP</acronym> bridge topology has changed twice. A topology change means that one or more links in the network have changed or failed and a new tree has been calculated. The <literal>dot1dStpTimeSinceTopologyChange.0</literal> value will show when this happened.
To monitor multiple bridge interfaces, the private BEGEMOT-BRIDGE-MIB can be used:
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public bridge1.example.com</userinput>
enterprises.fokus.begemot.begemotBridge
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge0" = STRING: bridge0
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge2" = STRING: bridge2
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge0" = STRING: e:ce:3b:5a:9e:13
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge2" = STRING: 12:5e:4d:74:d:fc
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge0" = INTEGER: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge2" = INTEGER: 1
...
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge0" = Timeticks: (116927) 0:19:29.27 centi-seconds
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge2" = Timeticks: (82773) 0:13:47.73 centi-seconds
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge0" = Counter32: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge2" = Counter32: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge0" = Hex-STRING: 80 00 00 40 95 30 5E 31
BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9
To change the bridge interface being monitored via the <literal>mib-2.dot1dBridge</literal> subtree:
<prompt>%</prompt> <userinput>snmpset -v 2c -c private bridge1.example.com</userinput>
BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2
Link Aggregation and Failover
<primary>lagg</primary>
<primary>failover</primary>
<primary><acronym>FEC</acronym></primary>

Loading…

No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

The translations in several languages have failing checks

Reset

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect2/programlisting
Flags
no-wrap, read-only
Source string location
book.translate.xml:65535
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 11024