Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic

Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic

Oron Peled oron at actcom.co.il
Mon Jan 24 23:26:55 IST 2011 

On Monday, 24 בJanuary 2011 21:47:20 shimi wrote:
> I'm trying to run a Linux Bridge in order to manipulate traffic
> running between trunk ports on two switches.
> 
> The ports on both ends pass all their traffic with VLAN tagging to
> both ends (i.e. both switches has the port set to 802.1q/trunk, and
> the traffic flow between the switches encapsulates many subnets on
> different VLANs)

Short googling turned out the following related links:
 - [LARTC] linux bridging vlans?
       http://mailman.ds9a.nl/pipermail/lartc/2006q1/018537.html
 - 802.1Q VLAN Tagging and Untagging on Linux?
       http://www.linuxsa.org.au/pipermail/linuxsa/2006-July/084589.html

The point mentioned is that you should vconfig the *physical* interfaces
and then bridge the result. The reason given for this is that it is more
flexible (although more complex) -- e.g: you can bridge a physical
non-vlan capable interface to a specific vlan.

I didn't test any of this personally...

Enjoy,

-- 
Oron Peled                                 Voice: +972-4-8228492
oron at actcom.co.il                  http://users.actcom.co.il/~oron
"We spend the first twelve months of our children's lives teaching them
to walk and talk and the next twelve years telling them to sit down and
shut up."  -- Phyllis Diller

> I have set up the bridge the following way:
> 
> 0. Create bridge br0
> 1. Add both NICs to the same bridge;
> 2. Put the bridge interface up.
> 3. Put the physical NICs and the bridge interface in promisc mode. (as
> I've seen mentions for this, but I think this is a redundant stage
> given that it's a bridge?)
> 
> If I pass regular traffic through this setup, it works correctly -
> i.e. the Linux box acts as if it was a switch.
> 
> If I pass VLAN-tagged traffic the very same way, it doesn't pass to
> the other side...
> 
> Upon scanning the net a bit, I've also decided to put 0 on the
> following kernel options:
> 
> net.bridge.bridge-nf-call-arptables = 0
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-filter-vlan-tagged = 0
> 
> ... which didn't seem to have any effect.
> 
> I also tried intercepting VLAN traffic by creating VLANs on the
> physical interfaces with vconfig, then adding them to the br0 and also
> tried setting them up in promisc mode. This also didn't seem to have
> any effect.
> 
> Setting an IPv4 address on br0 also did not seem to have any effect.
> 
> It is to be noted the traffic do pass correctly if I take both
> Ethernet cables from the machine and connect them to each other using
> a plastic Coupler :)
> 
> Any ideas? What did I miss? Is what I am trying even possible with the
> kernel Bridging code? :)
> 
> Thanks in advance,
> 
> -- Shimi

More information about the Linux-il mailing list