Benny Amorsen <benny+usenet@xxxxxxxxxx> wrote on 11/06/2009 23:04:48: > Joakim Tjernlund <joakim.tjernlund@xxxxxxxxxxxx> writes: > > > --------------------------------------------------------------- > > | | isolat-| promis-| commu-| commu-| interswitch | > > | | ted | cuous | nity1 | nity2 | link port | > > --------------------------------------------------------------- > > | isolated | deny | permit | deny | deny | permit | > > --------------------------------------------------------------- > > | promiscuous | permit | permit | permit| permit| permit | > > --------------------------------------------------------------- > > | community1 | deny | permit | permit| deny | permit | > > --------------------------------------------------------------- > > | community2 | deny | permit | deny | permit| permit | > > --------------------------------------------------------------- > > | interswitch | | | | | | > > | link port | deny(*)| permit | permit| permit| permit | > > --------------------------------------------------------------- > > Ok, I thought this would be really easy, but I must admit I don't get > how an interswitch link port works. Apparently the different VLAN's are > allowed to go to the same ports, but you can't send a packet back out > the physical interface it came in on. Yes that took a while to figure out: #.4042 = Promisc/Primary VLAN (P) #.4043 = Isolated VLAN (I) #.4044 = Community VLAN (C) #These VLANs represent the interswitch port: # Promisc ports only TX to P, but RX from P, C & I # Community ports only TX to C VLAN, but RX from C & P # Isolated ports only TX to I VLAN, but RX only P > > I ignored the community rules, exercise for the reader... See the latest mail from Ross, I thin he is on to something .. Also, do we need to do anything if STP is running on the bridge? _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
