Does Linux virtual bridge support VLAN's?












3















Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.










share|improve this question



























    3















    Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.










    share|improve this question

























      3












      3








      3


      1






      Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.










      share|improve this question














      Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.







      linux-kernel bridge






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 24 '15 at 12:22









      MartinMartin

      3742571137




      3742571137






















          3 Answers
          3






          active

          oldest

          votes


















          5














          Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:



          # brctl show
          bridge name bridge id STP enabled interfaces
          br-vlan2 7fff.a0f3c15eb708 no eth0.2
          wlan0
          wlan1
          br-vlan3 7fff.a0f3c15eb708 no eth0.3
          wlan0-1
          wlan1-1


          Some extra explanation:



          The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.



          So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.



          An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)



          I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.






          share|improve this answer


























          • I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

            – Martin
            Mar 24 '15 at 13:59











          • I've elaborated my answer to cover your comment. But basically: yes.

            – wurtel
            Mar 24 '15 at 15:31



















          1














          A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge



          brctl addbr br0
          brctl addif br0 eth0
          vconfig add br0 100
          ifconfig br0.100 127.16.0.128 netmask 255.255.255.0


          the above ifconfig should work on eth0 also since br0 and eth0 are bridged.






          share|improve this answer

































            -3














            hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....






            share|improve this answer








            New contributor




            Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.




















              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "106"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f192177%2fdoes-linux-virtual-bridge-support-vlans%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              3 Answers
              3






              active

              oldest

              votes








              3 Answers
              3






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              5














              Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:



              # brctl show
              bridge name bridge id STP enabled interfaces
              br-vlan2 7fff.a0f3c15eb708 no eth0.2
              wlan0
              wlan1
              br-vlan3 7fff.a0f3c15eb708 no eth0.3
              wlan0-1
              wlan1-1


              Some extra explanation:



              The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.



              So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.



              An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)



              I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.






              share|improve this answer


























              • I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

                – Martin
                Mar 24 '15 at 13:59











              • I've elaborated my answer to cover your comment. But basically: yes.

                – wurtel
                Mar 24 '15 at 15:31
















              5














              Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:



              # brctl show
              bridge name bridge id STP enabled interfaces
              br-vlan2 7fff.a0f3c15eb708 no eth0.2
              wlan0
              wlan1
              br-vlan3 7fff.a0f3c15eb708 no eth0.3
              wlan0-1
              wlan1-1


              Some extra explanation:



              The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.



              So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.



              An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)



              I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.






              share|improve this answer


























              • I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

                – Martin
                Mar 24 '15 at 13:59











              • I've elaborated my answer to cover your comment. But basically: yes.

                – wurtel
                Mar 24 '15 at 15:31














              5












              5








              5







              Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:



              # brctl show
              bridge name bridge id STP enabled interfaces
              br-vlan2 7fff.a0f3c15eb708 no eth0.2
              wlan0
              wlan1
              br-vlan3 7fff.a0f3c15eb708 no eth0.3
              wlan0-1
              wlan1-1


              Some extra explanation:



              The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.



              So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.



              An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)



              I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.






              share|improve this answer















              Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:



              # brctl show
              bridge name bridge id STP enabled interfaces
              br-vlan2 7fff.a0f3c15eb708 no eth0.2
              wlan0
              wlan1
              br-vlan3 7fff.a0f3c15eb708 no eth0.3
              wlan0-1
              wlan1-1


              Some extra explanation:



              The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.



              So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.



              An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)



              I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Mar 24 '15 at 15:30

























              answered Mar 24 '15 at 12:28









              wurtelwurtel

              11k11628




              11k11628













              • I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

                – Martin
                Mar 24 '15 at 13:59











              • I've elaborated my answer to cover your comment. But basically: yes.

                – wurtel
                Mar 24 '15 at 15:31



















              • I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

                – Martin
                Mar 24 '15 at 13:59











              • I've elaborated my answer to cover your comment. But basically: yes.

                – wurtel
                Mar 24 '15 at 15:31

















              I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

              – Martin
              Mar 24 '15 at 13:59





              I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?

              – Martin
              Mar 24 '15 at 13:59













              I've elaborated my answer to cover your comment. But basically: yes.

              – wurtel
              Mar 24 '15 at 15:31





              I've elaborated my answer to cover your comment. But basically: yes.

              – wurtel
              Mar 24 '15 at 15:31













              1














              A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge



              brctl addbr br0
              brctl addif br0 eth0
              vconfig add br0 100
              ifconfig br0.100 127.16.0.128 netmask 255.255.255.0


              the above ifconfig should work on eth0 also since br0 and eth0 are bridged.






              share|improve this answer






























                1














                A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge



                brctl addbr br0
                brctl addif br0 eth0
                vconfig add br0 100
                ifconfig br0.100 127.16.0.128 netmask 255.255.255.0


                the above ifconfig should work on eth0 also since br0 and eth0 are bridged.






                share|improve this answer




























                  1












                  1








                  1







                  A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge



                  brctl addbr br0
                  brctl addif br0 eth0
                  vconfig add br0 100
                  ifconfig br0.100 127.16.0.128 netmask 255.255.255.0


                  the above ifconfig should work on eth0 also since br0 and eth0 are bridged.






                  share|improve this answer















                  A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge



                  brctl addbr br0
                  brctl addif br0 eth0
                  vconfig add br0 100
                  ifconfig br0.100 127.16.0.128 netmask 255.255.255.0


                  the above ifconfig should work on eth0 also since br0 and eth0 are bridged.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Apr 13 '17 at 12:13









                  Community

                  1




                  1










                  answered Jan 20 '17 at 0:34









                  user211438user211438

                  111




                  111























                      -3














                      hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....






                      share|improve this answer








                      New contributor




                      Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                      Check out our Code of Conduct.

























                        -3














                        hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....






                        share|improve this answer








                        New contributor




                        Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.























                          -3












                          -3








                          -3







                          hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....






                          share|improve this answer








                          New contributor




                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.










                          hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....







                          share|improve this answer








                          New contributor




                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          share|improve this answer



                          share|improve this answer






                          New contributor




                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          answered 26 mins ago









                          PranavPranav

                          1




                          1




                          New contributor




                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.





                          New contributor





                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






                          Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Unix & Linux Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f192177%2fdoes-linux-virtual-bridge-support-vlans%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              CARDNET

                              Boot-repair Failure: Unable to locate package grub-common:i386

                              Aws NAT - Aws IGW- Aws router