Does Linux virtual bridge support VLAN's?
Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.
linux-kernel bridge
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
add a comment |
Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.
linux-kernel bridge
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
add a comment |
Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.
linux-kernel bridge
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
Does Linux virtual bridge(configured with for example ip or brctl) support VLAN's? For example configure access ports in different VLAN's and trunk ports with only certain VLAN's enabled. Only option in my kernel(3.2.0-4-686-pae) configuration file regarding VLAN's and bridge is CONFIG_BRIDGE_EBT_VLAN, but as I understand, this enables filtering of 802.1q VLAN fields for ebtables.
linux-kernel bridge
linux-kernel bridge
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
asked Mar 24 '15 at 12:22
MartinMartin
3742571137
3742571137
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:
# brctl show
bridge name bridge id STP enabled interfaces
br-vlan2 7fff.a0f3c15eb708 no eth0.2
wlan0
wlan1
br-vlan3 7fff.a0f3c15eb708 no eth0.3
wlan0-1
wlan1-1
Some extra explanation:
The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.
So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.
An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)
I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
add a comment |
A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge
brctl addbr br0
brctl addif br0 eth0
vconfig add br0 100
ifconfig br0.100 127.16.0.128 netmask 255.255.255.0
the above ifconfig should work on eth0 also since br0 and eth0 are bridged.
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 20 '17 at 0:34
user211438user211438
111
add a comment |
hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f192177%2fdoes-linux-virtual-bridge-support-vlans%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:
# brctl show
bridge name bridge id STP enabled interfaces
br-vlan2 7fff.a0f3c15eb708 no eth0.2
wlan0
wlan1
br-vlan3 7fff.a0f3c15eb708 no eth0.3
wlan0-1
wlan1-1
Some extra explanation:
The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.
So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.
An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)
I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
add a comment |
Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:
# brctl show
bridge name bridge id STP enabled interfaces
br-vlan2 7fff.a0f3c15eb708 no eth0.2
wlan0
wlan1
br-vlan3 7fff.a0f3c15eb708 no eth0.3
wlan0-1
wlan1-1
Some extra explanation:
The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.
So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.
An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)
I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
add a comment |
Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:
# brctl show
bridge name bridge id STP enabled interfaces
br-vlan2 7fff.a0f3c15eb708 no eth0.2
wlan0
wlan1
br-vlan3 7fff.a0f3c15eb708 no eth0.3
wlan0-1
wlan1-1
Some extra explanation:
The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.
So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.
An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)
I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
Not a problem, it's the way most openWRT systems connect the wlan and switch ports into the same LAN. Here's an example of the config on my openWRT system which has two wifi networks, one for private use and one for guests:
# brctl show
bridge name bridge id STP enabled interfaces
br-vlan2 7fff.a0f3c15eb708 no eth0.2
wlan0
wlan1
br-vlan3 7fff.a0f3c15eb708 no eth0.3
wlan0-1
wlan1-1
Some extra explanation:
The typical openwrt hardware (above is on a TP-Link WDR4300) has a switch that handles all the physical ports; sometimes the physical WAN port is a separate eth interface on the SoC CPU. The switch is connected to the CPU with a trunk (packets on this connection are tagged with a VLAN tag). So eth0.2 is VLAN2 that is simply connected to 4 of the physical switch ports, stripped of the VLAN tag.
So you should see br-vlan2 simply as the "LAN network", the VLANs are used due to necessity as there is just one connection from CPU to the switch.
An ethernet bridge in Linux can have VLANs and physical interfaces as members. That's according to my expectations as a VLAN interface behaves just like a physical interface in Linux, having its own routing, firewalling etc. just like any physical interface. I expect you could also add different VLANs to the bridge, if you don't mind the insanity that follows :)
I haven't tried bridging a physical interface such as eth0 that is also carrying VLAN-tagged traffic though... I don't know whether those tagged packets will also be bridged.
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
edited Mar 24 '15 at 15:30
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
answered Mar 24 '15 at 12:28
wurtelwurtel
11k11628
11k11628
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
add a comment |
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I see. So one should think that bridge(for example br-vlan2, br-vlan3) is the VLAN and you associate either tagged or non-tagged interfaces with this VLAN? Tagged(for example eth0.123) ports will behave like trunk ports in Cisco terminology and non-tagged(for example eth0) ports will behave like access ports?
– Martin
Mar 24 '15 at 13:59
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
I've elaborated my answer to cover your comment. But basically: yes.
– wurtel
Mar 24 '15 at 15:31
add a comment |
A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge
brctl addbr br0
brctl addif br0 eth0
vconfig add br0 100
ifconfig br0.100 127.16.0.128 netmask 255.255.255.0
the above ifconfig should work on eth0 also since br0 and eth0 are bridged.
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 20 '17 at 0:34
user211438user211438
111
add a comment |
A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge
brctl addbr br0
brctl addif br0 eth0
vconfig add br0 100
ifconfig br0.100 127.16.0.128 netmask 255.255.255.0
the above ifconfig should work on eth0 also since br0 and eth0 are bridged.
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 20 '17 at 0:34
user211438user211438
111
add a comment |
A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge
brctl addbr br0
brctl addif br0 eth0
vconfig add br0 100
ifconfig br0.100 127.16.0.128 netmask 255.255.255.0
the above ifconfig should work on eth0 also since br0 and eth0 are bridged.
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 20 '17 at 0:34
user211438user211438
111
A trick is to explicitly tell the bridge it's ok to pass vlan traffic with the vconfig command. the below will do it on the command line and will go away with a reboot. To make it happen on reboot see https://serverfault.com/questions/414115/linux-vlans-over-bridge
brctl addbr br0
brctl addif br0 eth0
vconfig add br0 100
ifconfig br0.100 127.16.0.128 netmask 255.255.255.0
the above ifconfig should work on eth0 also since br0 and eth0 are bridged.
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 20 '17 at 0:34
user211438user211438
111
edited Apr 13 '17 at 12:13
Community♦
1
edited Apr 13 '17 at 12:13
Community♦
1
edited Apr 13 '17 at 12:13
Community♦
1
1
answered Jan 20 '17 at 0:34
user211438user211438
111
answered Jan 20 '17 at 0:34
user211438user211438
111
answered Jan 20 '17 at 0:34
user211438user211438
111
111
add a comment |
add a comment |
hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
hgfjhfjhyfhjfjhg,jhgkt.kjhg.............................................................................................................l....
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 26 mins ago
PranavPranav
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 26 mins ago
PranavPranav
1
answered 26 mins ago
PranavPranav
1
1
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Pranav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f192177%2fdoes-linux-virtual-bridge-support-vlans%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
