[VLAN] Simple Vlan configuration: Untagged Port Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 11, 2006 at 02:32:50PM +0530, megh ranade wrote:
> I have a SIMPLE configuration:
> 	= Vlan5
> 		- ports eth0 (Untagged), eth1 (tagged), eth2(untagged)
> 	= Vlan6
> 		- ports eth1 (tagged), eth2 (tagged)
> 	Goal
> 	------------
> 	On port eth2, I want to send/receive tagged traffic for both Vlan5 & vlan6.
> 	                If a untagged frame is received on this port, I EXPECT that
> 			the frame is classified as a Vlan5 frame.
> 
> 	I TRY to ACHIEVE this by the following cmds:
> 	------------------------------------------------------
> 
> 	vconfig add eth0 5

The above line may actually be harmful. I would remove it, along
with..


> 	vconfig add eth1 5
> 	vconfig add eth2 5

..this one, and..


> 	vconfig add eth1 6
> 	vconfig add eth2 6
> 
> 	// Bridge for Vlan5
> 	brctl addbr br5
> 	brctl addif br5 eth0.5

..the above line..


> 	brctl addif br5 eth0       // eth0 is a UNTAGGED port of Vlan5
> 					//  hence add Whole interface eth0 to br5
> 	brctl addif br5 eth1.5
> 	brctl addif br5 eth2.5

..and the above line.


> 	brctl addif br5 eth2        // eth2 is a UnTAGGED port of Vlan5 & 
> 					 //     tagged port of Vlan6 (below)
> 
> 	//Bridge for Vlan6
> 	brctl addbr br6
> 	brctl addif eth1.6
> 	brct addif eth2.6        //

The general idea is that one VLAN should be represented only once per
physical interface. Either tagged, or untagged, but not both.

I believe most if not all switches would consider your configuration
a network loop otherwise, and disable traffic for that VLAN on that
port, or even worse all traffic on that port.


> 	ISSUES:
> 	----------------------------------
> 
> 	For the tagged port (eth1), there is no problem in sending/receiving traffic
> 	For the Untagged port(eth0), which is associated with ONLY one Vlan,
> 			again there is No Problem

This goes against what I just wrote, but I would still start by
"cleaning out" the unneeded VLAN interfaces.


> 	For the port (eth2), associated with Vlan5 (Untagged) & Vlan6 (tagged), 
> 	I have a problem in receiving traffic. For example, I am unable to 
> 	send any traffic that is tagged.

Maybe you have STP disabled on your switches, but not for the Linux
bridge? Then the kernel stp (spanning tree protocol, used to detect
network loops) would notice the loop (two interfaces both connected
to the same bridge, feeding each other with traffic. think a TV
showing the picture from a camera pointed at same TV)


> 		Am I doing the CORRECT thing as far as configuration of the
> 	bridges is concerned? Do I need to add any OTHER configuration
> 	(e.g. iptables)?

No iptables rules are needed to accomplish your goal.


//Peter

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux