Re: Bridging / VLANs / ebtables

[Tim Nelson <tnelson@rockbochs.com>]

----- Original Message -----
> Greetings-
> 
> I have an interesting situation that requires bridging some VLAN
> enabled interfaces together on a Debian 7.x x86 system. On the host,
> there is a single physical interface passing traffic natively
> (eth0), and two tagged VLANs also passing traffic (eth0.2 and
> eth0.3).
> 
> The use case is that I need to bridge eth0 with eth0.2, allowing
> layer two traffic to pass seamlessly between interfaces, and still
> leave eth0.3 in a usable state. The switch this system is connected
> to is outside of my control, which is the reason for the odd network
> setup.
> 
> What I'm finding by simply creating a new bridge br0 with members
> eth0 and eth0.2 is no connectivity on eth0.2, and slow/quirky
> connectivity on eth0 (native connectivity to Debian 7.x host). In
> doing research, I've found suggestions of adding the VLAN interfaces
> to the bridge direct, resulting in a br0, br0.2, and br0.3, but the
> results were the same.
> 
> It has been suggested to use ebtables to filter the VLANs from the
> eth0 interface on the bridge, yet allow operation to the system
> interface eth0.2/eth0.3. I found a very specific reference on the
> ebtables site for this scenario [1], usage suggested (modified to
> fit my environment):
> 
> ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 3 -j DROP
> ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 2 -j DROP
> 
> If my understanding of the ebtables usage as a brouter, and the
> kernel's interaction between all components involved, this should
> work. However, as noted, no change in operation is observed.
> 
> I'm hoping someone can shed light on what needs to be done for a
> successful bridge of eth0/eth0.2, with an intact eth0.3 (point to
> point link between Debian 7.x host and another device). I posted
> this to the debian-users list but given the wide audience, was not
> successful in getting relevant content.
> 
> All tips/tricks/suggestions welcome.
> 
> Thank you,
> 
> --Tim
> 
> [1] http://ebtables.netfilter.org/misc/brnf-faq.html#quiz2

**bump** Any thoughts? Thanks!

--Tim