I got useful information regarding this probelm from James Harper in one of the earlier threads. http://ns2.lanforge.com/pipermail/vlan/2006-July/000769.html including the following ebtable rule solves it. *ebtables -t broute -A BROUTING -p 802_1Q -i eth0 -j DROP* This causes the tagged frames entering eth0 to get dropped in one bridge(between eth0 and eth1), reaches eth0.2 after untagging and then bridged across another bridge(between eth0.2 and eth2.2). This seems like a workaround for overcoming the precedence of bridging over vlan. but, it works fine. please let me know if there are other solutions. I think the concept of assigning PVID(permanent virtual identifier) per physical interface is also possible by bridging the real interface to the bridge that has other vitrual interfaces with the same VLAN ID. On 7/25/06, Kumara Sundaram <sundarwaiting@xxxxxxxxx> wrote: > > Stephen, > > I got my inputs from the following references. > http://www.informit.com/articles/article.asp?p=102157&seqNum=2&rl=1 > http://www.commsdesign.com/showArticle.jhtml?articleID=26806942 > > The following is my setup > eth1.1 bridged with eth0.1 and > eth2.2 bridged with eth0.2 > This configuration implements a VLAN switch with two access ports(port > eth1 for VLAN 1 and port eth2 for VLAN 2) and a trunk port eth0 capable of > carrying frames with VLAN ID either 1 or 2 in its 802.1q tag. Now, > consider another switch with exactly the same configuration. Then, the trunk > ports of the switches are connected. Now device connected to port eth1 of > switch 1 and that connected to port eth1 of switch 2 can interchange frames > with VLAN ID 1. The same is the case with eth2 on both the switches. The > following will the diagramatic representation of the setup.(trying my hand > in acsii diagram for the first time...) > > eth1 eth1 > | | > -------------- trunk --------------- > | eth0 |------------------------| eth0 | > -------------- --------------- > | | > eth2 eth2 > > Two VLANs span across 2 switches. There is no bridging/routing 'between' > these two VLANs. So, this works like a perfect VLAN swicth. > > Now I wish to connect VLAN unaware PCs to eth1 of both the switches. can I > go for the following config? > eth1 bridged to eth0 and > eth2.2 bridged to eth0.2 > This did not work when I tried. What i exected of the above configuration > was - > 1) all the untagged frames from eth1 passes thru the bridge and goes out > of eth0 as untagged frame. similary in the opposite direction. > 2) all the frames with VALN ID 2 entering eth2 gets untagged at eth2.2, > gets bridged to eth0.2, gets tagged with VLAN ID 2 at eth0 and goes out of > the trunk as tagged frame. similar steps can be followed in the opposite > direction from eth0 to eth2. > > what is actaully happening is - > 1) all the untagged frames from eth1 passes thru the bridge and goes out > of eth0 as untagged frame. something similar happens in the opposite > direction. (goes fine as expected) > 2) all the frames with VALN ID 2 entering eth2 gets untagged at eth2.2, > gets bridged to eth0.2, gets tagged with VLAN ID 2 at eth0 and goes out of > the trunk as tagged frame. But, in the opposite direction, frames with VLAN > ID 2 entering eth0 gets bridged to reach eth1, instead of untagging at > eth0.2 and getting bridged to eth2. bridging seems to take a higher > precedence compared to virtual interfaces. > > The above inferences are made based on findings using ethereal. > > One more requirement, PVID is based on its definition and functionality as > described in the second reference link given above. > > Thanks a lot for the help! > > > > On 7/25/06, Stephen Hemminger <shemminger@xxxxxxxx> wrote: > > > > On Tue, 25 Jul 2006 07:00:14 -0400 > > "Kumara Sundaram" <sundarwaiting@xxxxxxxxx> wrote: > > > > > I have a Linux box with 3 ethernet interfaces, eth0, eth1 and eth2. > > > Am planning to convert the box into a VLAN switch. Let eth1 and eth2 > > are > > > configured for VLAN 1 and 2 respectively. Let eth0 be a trunk carrying > > both > > > VLAN frames. Am going for the following configuration. > > > > > > $vconfig add eth1 1 > > > $vconfig add eth2 2 > > > $ > > > $vconfig add eth0 1 > > > $vconfig add eth0 2 > > > $ > > > $brctl addbr br1 > > > $brctl addif br1 eth0.1 > > > $brctl addif br1 eth1.1 > > > $ > > > $brctl addbr br2 > > > $brctl addif br2 eth0.2 > > > $brctl addif br2 eth1.2 > > > > > > The basic idea of the above configuration is based on the fact that > > each > > > VLAN can be simulated with individual bridges per VLAN. The above > > > configuration works fine as expected. > > > eth0 acts as trunk carrying frames with both VLAN IDs(1 and 2). This > > trunk > > > can be connected to a similar switch on the other end to span the VLAN > > > segmentation across switches. > > > > > > Now, I wish to make VLAN 1 a native VLAN for VLAN unaware systems > > connecting > > > to the switch. So, the trunk will carry both tagged frames as well as > > > untagged frames. how should I configure such a setup? Also, please > > give me > > > an idea of how to implement PVIDs? > > > > > > Thanks! > > > > What is full topology? That should work if there are no other > > connections > > between the vlan's. If you are using a switch that knows about vlan's it > > won't > > work because the switch will see a loop. Also, a switch may see their > > spanning tree packets loop around and drop the links! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://ns2.lanforge.com/pipermail/vlan/attachments/20060726/86ab5faf/attachment-0001.html
