Hi list,
I have a question regarding the use of bridges with vlans.
Suppose I have a lanbr which bridges together eth0 and various virtual
interfaces. Putting aside bridge vlan filtering, any interface connected
to the bridge will see both untagged and tagged traffic.
To only see the tagged traffic portion of specific vlan I can simple
create a bridge vlan interface (eg: lanbr.10) and use that virtual
interface as a member of another bridge. In other words:
eth0 -> lanbr -> lanbr.10 -> vlan10br
Now, I wonder if it is possible to extract *only* the untagged traffic
from the lanbr bridge. Something similar to that:
eth0 -> lanbr -> lanbr.untagged -> untbr
Full disclosure: a virtual machine bridged on lanbr will see both tagged
and untagged traffic. This is fine for, say, a virtual firewall with a
trunk interface. However, I do not want any other VM residing on the
untagged bridge to see tagged traffic. So I need to confine these
machines to see only untagged packet.
One possible approach would be to use ebtables to drop 802.1q tagged
packets on lanbr unless they are for a specific virtual machine
interface (and it seems to work well), but I wonder if the same can be
obtained without calling ebtables into the mix.
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
