Chad Boeckmann, CISSP, GSEC
OpenBSD is an excellent open source Unix-like operating system. It comes with a variety of preinstalled interfaces and one of the interfaces is the vlan interface. I have a firewall using pf rules, dhcp server for a LAN and a webserver all running on one machine. I ran into one snag when I purchased a wireless router, how do I get the thing to be seperated from my hard wired network? The answer was clear, a vLAN would solve that problem. So the next step was to install a third NIC card into my production Hienz 57 box (www, firewall, dhcp box). I had to sacrifice my test box until I got my hands on yet another nic card. However, prior to setting up a vlan, I attempted to plug my wifi router, an SMC 2804WBR, directly into my switch. This worked ok but for some reason my WIN2K machne would not receive an IP address but my OBSD test box had no problem obtaining an IP. So after configuring my wifi router I broke down and redesigned my home network. Below are the steps I took to implement my vlan on OpenBSD 3.2 with a cheapo Netgear NIC card. The card can be purchased for around 10 bucks at at your favorite computer store.
Step 1:
> ifconfig
vlan0 192.168.2.1 vlan 2 vlandev sis0
where sis0 is the alias for your network interface card in OpenBSD
Lets look at the above command
ifconfig - can be simply defined as "an interface configuration command". See the man pages for more detail if you need it.
vlan0 - is the vlan number associated with the virtual local area network that you are creating. This number can be vlan1 or vlan10 if you wish, the number afterwards is arbitrary.
IP - Next we have the ip address for your newly configured virtual lan. This cannot be a subnet that is pre-existing on your network.
vlan 2 - The command "vlan" must exist, however, the number following the word 'vlan" can be a number between 1 and 1000 if you so wish. This is merely referred to as the parent identifier. The number is for the admin to identify which subnet this vlan represents. In my scenario above I chose the number 2 because it was on my second subnet.
vlandev - with this command you specify the interface name assigned to supporting the virtual network. In my example above the interface name that OpenBSD uses for my brand of NIC is sis0.
Now type in the following command at your command line:
root# ifconfig vlan0
You should get:
--------------------begin
snip--------------------------------
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:09:5b:06:0f:8f
vlan: 2 parent interface: sis0
inet6 fe80::209:5bff:fe06:f8f%vlan0 prefixlen 64 scopeid 0x10
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
---------------------end snip--------------------------------
Step 2:
Add vlan0 or whichever vlan number you chose to /etc/dhcpd.interfaces
Step 3:
Edit the file: /etc/dhcpd.conf to include a definition for the newly established vlan.
For my example, I would make the following additions:
--------------------begin snip--------------------------------
shared-network
VLAN0 {
option domain-name "vlan0.28place.net";
option domain-name-servers 192.168.2.1;
subnet
192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
range 192.168.2.100 192.168.2.110;
}
}
----------------------end snip---------------------------------
In the above example I am designating the 192.168.2.255 subnet to my vlan.
I am also only allowing up to 10 addressable ip addresses in the ".2"
subnet.
HINT: Be careful to add all of the appropriate } { symbols to the dhcpd.conf file. I had to edit the file a couple of times before I got the proper format correct. If this is an addition to a another dhcp network you will need to edit your local network exactly as my example above, quotations and punctuation included. Just think of it as adding an additional record.
Step 4:
Next, issue 'dhcpd' at the command line and look at the services that your dhcpd is offering. Mine looks like this:
--------------begin
screenshot-------------------------------------------
root# dhcpd
Listening
on BPF/vlan0/00:09:5b:06:0f:8f/VLAN0
Sending on BPF/vlan0/00:09:5b:06:0f:8f/VLAN0
Listening on BPF/rl0/00:50:bf:e4:9e:03/LOCAL-NET
Sending on BPF/rl0/00:50:bf:e4:9e:03/LOCAL-NET
Listening on BPF/fxp0/00:a0:c9:71:48:5d/24.118.167.92
Sending on BPF/fxp0/00:a0:c9:71:48:5d/24.118.167.92
Sending on Socket/fallback/fallback-net
# There's already a DHCP server running.
Sep 11 21:38:31 28place dhcpd: There's already a DHCP server running.
exiting.
Sep 11 21:38:31 28place dhcpd: There's already a DHCP server running.
Sep 11 21:38:31 28place dhcpd: exiting.
Sep 11 21:38:31 28place dhcpd: exiting.
--------------end screenshot-------------------------------------------
That's it! Hope this helped you establish your very own vLAN. If you have
any questions or problems with this you may send your comments to the following email: support