On Tue, 7 Jun 2005, James Harper wrote: > The host domain has the following network interfaces: > eth0 (connected to 'internal' network, for san and host communications) > eth1 (connected to 'internal' network, but no ip address, only to give > guests network access to 'internal' network) > eth1.2 (connected to 'external' network) > eth1.4 (connected to 'client1' network) > > And the following bridges > br0 (eth1 + any guest virtual interfaces requiring access to the > 'internal' network) > br1 (eth1.2 + any guest virtual interfaces requiring access to the > 'external' network) > > It only works if eth1 isn't added to any bridge interface. As soon as > eth1 is added to br0, no traffic is seen on eth1.2, almost like the > bridge is 'taking' all the traffic from eth1, including tagged traffic > before the vlan driver sees it. Do you really want br0 to see all the eth1 traffic (including the tagged frames intended for other vlans)? Why not just set it up: eth0 [ not relevant here ] eth1 (connected to trunk port using dot1q for vlan 1) eth1.1 (vlan 1 traffic) eth1.2 (vlan 2 traffic) eth1.4 (vlan 4 traffic) ... br0 (eth1.1 + any guest virtual interfaces requiring access to the 'internal' network) br1 (eth1.2 + any guest virtual interfaces requiring access to the 'external' network) If you are worried about boxes which don't tag vlan 1 by default, you can usually force it. e.g. in ios you just need to set the "native" vlan to be other than vlan 1, on on Cisco we use: interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk native vlan 500 switchport trunk allowed vlan 1,500-516,1002-1005 switchport mode trunk spanning-tree portfast ! where vlan 500 is one we in fact don't use -- so all traffic will be tagged. -- Jon
