I'm not completely sure I understand what you are trying to do (ascii art diagrams go a long way :) so forgive me if I'm just telling you stuff that you already know... By default, the tagged packets are 'brouted' into the bridge code before the vlan code gets to see them. To stop this behaviour, you need an ebtables rule like: ebtables -t broute -A BROUTING -p 802_1Q -i eth0 -j DROP which tells the bridge code not to touch any 802.1q packets which in turn lets the vlan code see them. The alternative is to create your vlans on the bridge interfaces (eg br0.2, br0.3). There is a disadvantage to this, but I can't remember what it is (other than when I do it in xen it leaks memory and crashes in a few days) James > -----Original Message----- > From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx] > On Behalf Of Mike Ireton > Sent: Friday, 14 April 2006 02:22 > To: Linux 802.1Q VLAN > Subject: [VLAN] Bridging and 802.1q - no fly? > > Hello, > > So it seems to me that using 802.1q as an end station or router > connected to 802.1q trunk ports is totally fine and I've used it for > years and years now that way. Recently however I have begun to > experament with bridging 802.1q ports together and I've had a lot less > sucess than I thought I would. > > The specfic issues were when trying to run linux bridge code across > linux 802.1q interfaces. In the first scenario, if I bridged two eth > ports together and then added them to a bridge group, the STP > announcements appeared to be misaligned in the frame by 4 bytes (the mac > addresses of captured packets had unrecognisable garbage in the first > four, then the begining of the correct address in the remainder). In the > second scenario, if I create a vlan device (say vlan10) on two linux > boxes and then add these interfaces to a bridge group, again, stp seems > to malfunction - because it's not apparently getting tagged by 1q. > > Yes I have some patches in place like ebtables and bridge-nf and I'm > aware there can be unfortunate interactions here. What I'd like to know > however, is bridging the 1q interfaces considered legit and has another > ever done this sucessfully? If so, what was your configuration? > > Mike- > > > _______________________________________________ > Vlan mailing list > Vlan@xxxxxxxxxxxxxxx > http://www.lanforge.com/mailman/listinfo/vlan
