Joakim Tjernlund/Transmode wrote on 08/06/2009 18:52:25: > > Ross Vandegrift <ross@xxxxxxxxxxx> wrote on 08/06/2009 17:50:32: > > > > On Mon, Jun 08, 2009 at 05:35:55PM +0200, Joakim Tjernlund wrote: > > > > > > I am looking into impl Private VLAN(or part thereof) as specified by > > > http://www.rfc-editor.org/internet-drafts/draft-sanjib-private-vlan-10.txt > > > > > > Would that be a welcome addition to the linux bride or is there > > > a better method for doing "Private VLAN"? > > > > It should be pretty simple to cook up a private VLAN setup using > > ebtables. At the simplest level, you could simply write policy to > > only permit frames between specified interfaces. In this way, each > > group of interfaces would represent a private VLAN. > > hmm, I have never used ebtables, will have to look into that. Could > you give men an example on how to configure(using ebtables) the following: > br0 with one I/F(eth_master) in Promisc(as defined in the Private VLAN spec above) mode > and two I/F's( eth_client1 and eth_client2) in Isolated mode? hmm, playing with ebtables now but I got big problems. 1) I can't find the right configure options to the kerenl. The simplest ebtable command will fail: # > ebtable -A INPUT --in-if eth0 The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension. 2) I can't figure out how the ebtable command should look like for the above example. Jocke > > > > > But ebtables is pretty flexible - with the right ruleset, you should > > be able to cook up all kinds of crazy, fun stuff! > > Does this mean that you think "Private VLAN" support is unneeded in > the Linux bridge? From you comments it seems like one should be able to do most > things with ebtables, but is this also the preferred way? > > Jocke _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
