On Sat, Jun 09, 2007 at 12:27:30AM -0400, Douglas Wade Needham wrote:
> At least one of the VLANs (vlan 4 in my example) will have to exist on
> multiple physical subnets/segments, given where I need to put the
> nodes for that one VLAN.  And given some of the traffic I push around
> here, putting everything for my firewall on a single interface is not
> really a good idea.  But it may be that my switch could have one port
> configured in a way that packets coming in on that port on that one
> vlan will get where they should go without passing through
> alpha.... but the docs are a bit crappy in that area.

Unless your switch has some kind of partitioning which would make
it behaves as 2 physically independant switches, a vlan with the same
vlan ID will be the same ethernet broadcast domain on all ports.
If your switch is really partitionned what you need is then a bridge
to make these 2 ethernet broadcast domain a single one:

ifconfig vlan4 vlan 4 vlanif fxp0
ifconfig vlan14 vlan 4 vlanif fxp1
brconfig add vlan4 add vlan14 up

you configure the IP address for vlan 4 on either vlan4 or vlan14 (but
not both !).

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--