I have an ethernet port attached to a bridge:
$ brctl show bridge name bridge id STP enabled interfaces eth0_bridge 8000.6a612bcc4723 yes eth0
The bridge is VLAN-aware (ie /sys/class/net/eth0_bridge/bridge/vlan_filtering is 1). I want to be able to add other interfaces to that bridge and assign VLANs to them, like this:
ip link set eth1 master eth0_bridge bridge vlan add dev eth1 vid 10 pvid untagged
This should connect untagged traffic on eth1 to VLAN 10 on eth0. But no traffic gets through until I:
bridge vlan add dev eth0 vid 10
Once I’ve done this, then everything works as needed. But is there no way to tell it that eth0 is a trunk port on bridge eth0_bridge that should carry all VLANs and then do the VLAN filtering on egress from the bridge?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
When using the bridge vlan command, you can add (or delete) a range of VLAN IDs in a single shot. For example:
# bridge vlan add vid 2-4094 dev eth0
will add all available VLANs to the trunk interface eth0 (0 and 4095 are reserved in the protocol and must not (nor can) be used, 1 is by default set as PVID untagged VLAN ID, so should be avoided or perhaps better, removed).
# bridge vlan show dev eth0
eth0 1 PVID Egress Untagged
2
3
[...]
4093
4094
# bridge -c vlan show dev eth0
port vlan ids
eth0 1 PVID Egress Untagged
2-4094
Here -c stands for -c[ompressvlans] rather than -c[olor]: the bridge man page (at least up to iproute2-ss191125) completely lacks information about this option.
Deleting a range works as one could expect:
# bridge vlan del vid 100-200 dev eth0
# bridge -c vlan show
port vlan ids
bridge0 1 PVID Egress Untagged
eth1 1 Egress Untagged
10 PVID Egress Untagged
eth0 1 PVID Egress Untagged
2-99
201-4094
Internally all are handled using a (hashed) list of individual VLANs.
Note 1
Cumulus Networks (known to mostly use Linux’ native network stack on their network equipments) has some old (and newer) examples about this:
Consider the following example bridge:
auto bridge iface bridge bridge-vlan-aware yes bridge-ports swp1 swp9 bridge-vids 2-100 bridge-pvid 101 bridge-stp onHere is the VLAN membership for that configuration:
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="91f2e4fce4fde4e2d1e2e6f8e5f2f9">[email protected]</a>$ bridge -c vlan show portvlan ids swp1 101 PVID Egress Untagged 2-100 swp9 101 PVID Egress Untagged 2-100 bridge 101
The configuration file used is the interfaces file from ifupdown2 (and its addons), actually developed by Cumulus Networks to replace ifupdown, with a mostly compatible syntax, but much improved bridge and VLAN support.
Note 2
I didn’t find any evidence of some special flag automatically flooding all VLANs to a bridge port. This kernel commit tells VID 4095 is documented in IEEE 802.1Q to have restrictions but allowed to be used for management operations as a wildcard match for the VID, but Linux doesn’t seem to use such method.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0