From: Eran Mann <emann@mrv.com>
To: emann@opticalaccess.com
Cc: netdev@oss.sgi.com
Subject: Re: [PATCH/RFC] disallow vlan devices on top of a logical bridge device
Date: Wed, 03 Sep 2003 01:05:58 +0200 [thread overview]
Message-ID: <3F552256.7000008@mrv.com> (raw)
In-Reply-To: <200309021932.37224.bdschuym@pandora.be>
Bart De Schuymer wrote:
>
> OK. But isn't br0.15 supposed to work like this: all vlan tagged traffic with
> tag different from 15 is discarded, all non-tagged traffic is given to br0.
> This is how it works with a vlan on top of physical devices like eth0 if I
> read the code correctly, but it doesn't currently work like that for vlan on
> top of a logical bridge device. The vlan code only sees tagged packets if the
> packets are destined for the bridge box itself, so bridged traffic is
> unaffected.
> This is why I think a vlan device on top of br0 in Linux is currently useless.
>
> cheers,
> Bart
>
Actually this behavior (bridge all VLANs for non-local traffic, allow
incoming traffic only from configured VLANs) is exactly what you
typicaly want in a bridged VLAN-aware LAN. Assume for instance that an
enterprise has N departments and a VLAN (or a few) for each dept. You
want only guys from the MIS or IT department to be able to manage the
bridges, not all the departments. being able to configure br0.x in such
a setup would save you a lot of configuration. Otherwise you'd have to
- configure all the N VLANs on all the physical ports.
- define ebtable rules on each non MIS VLAN, on each physical port, to
block access to the bridge management.
- define bridging between all the devices.
Also if you want to run spanning-tree than you have a slight problem,
since the STP code is not VLAN aware, and would send BPDUs on the VLAN
devices as if they were normal ports, so you need to setup a br
Regards,
Eran.
prev parent reply other threads:[~2003-09-02 23:05 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-30 13:04 [PATCH/RFC] disallow vlan devices on top of a logical bridge device Bart De Schuymer
2003-08-30 13:21 ` Bart De Schuymer
2003-08-30 19:46 ` Ben Greear
2003-09-05 11:42 ` [VLAN] " Peter Stuge
2003-08-30 21:16 ` Krzysztof Halasa
2003-08-31 3:30 ` David S. Miller
2003-09-02 15:28 ` Stephen Hemminger
2003-09-02 17:32 ` Bart De Schuymer
2003-09-02 18:24 ` Krzysztof Halasa
2003-09-02 20:02 ` Bart De Schuymer
2003-09-02 21:43 ` Krzysztof Halasa
2003-09-02 23:05 ` Eran Mann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F552256.7000008@mrv.com \
--to=emann@mrv.com \
--cc=emann@opticalaccess.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).